org.apache.velocity.tools.generic
Class SafeConfig

java.lang.Object
  extended by org.apache.velocity.tools.generic.SafeConfig
Direct Known Subclasses:
AbstractLockConfig, AlternatorTool, ClassTool, ContextTool, EscapeTool, FieldTool, LinkTool, LocaleConfig, RenderTool, XmlTool

public class SafeConfig
extends java.lang.Object

Implements common logic and constants for tools which automatically locks down the public void configure(Map params) method after it is called once. This keeps application or session scoped tools thread-safe in templates, which generally have access to the tool after configuration has happened.

It also provides for a separate "safe mode" setting which tells tools to block any functions that may pose a security threat. This, of course, is set to true by default.

Once "locked down", the configure(Map) may still be called, however it will do nothing (unless some subclass is foolish enough to override it and not check if isConfigLocked() before changing configurations. The proper method for subclasses to override is configure(ValueParser) which will only be called by configure(Map) when the isConfigLocked() is false (i.e. the first time only).

Since:
VelocityTools 2.0
Author:
Nathan Bubna

Field Summary
private  boolean configLocked
           
static java.lang.String LOCK_CONFIG_KEY
          The key used for specifying whether or not to prevent templates from reconfiguring this tool.
static java.lang.String OLD_LOCK_CONFIG_KEY
          Deprecated. 
static java.lang.String SAFE_MODE_KEY
          Many tools interested in locking configure() also have other things they wish to secure.
private  boolean safeMode
           
 
Constructor Summary
SafeConfig()
           
 
Method Summary
 void configure(java.util.Map params)
          If isConfigLocked() returns true, then this method does nothing; otherwise, if false, this will create a new ValueParser from the specified Map of params and call configure(ValueParser) with it.
protected  void configure(ValueParser values)
          Does the actual configuration.
 boolean isConfigLocked()
          Returns true if the configure(Map) method has been locked.
 boolean isSafeMode()
          Returns true if this tool is in "safe mode".
protected  void setLockConfig(boolean lock)
          Only allow subclass access to this.
protected  void setSafeMode(boolean safe)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LOCK_CONFIG_KEY

public static final java.lang.String LOCK_CONFIG_KEY
The key used for specifying whether or not to prevent templates from reconfiguring this tool. The default is true.

See Also:
Constant Field Values

OLD_LOCK_CONFIG_KEY

@Deprecated
public static final java.lang.String OLD_LOCK_CONFIG_KEY
Deprecated. 
See Also:
Constant Field Values

SAFE_MODE_KEY

public static final java.lang.String SAFE_MODE_KEY
Many tools interested in locking configure() also have other things they wish to secure. This key controls that property. The default value is true, of course.

See Also:
Constant Field Values

configLocked

private boolean configLocked

safeMode

private boolean safeMode
Constructor Detail

SafeConfig

public SafeConfig()
Method Detail

setLockConfig

protected void setLockConfig(boolean lock)
Only allow subclass access to this.


setSafeMode

protected void setSafeMode(boolean safe)

isConfigLocked

public boolean isConfigLocked()
Returns true if the configure(Map) method has been locked.


isSafeMode

public boolean isSafeMode()
Returns true if this tool is in "safe mode".


configure

public void configure(java.util.Map params)
If isConfigLocked() returns true, then this method does nothing; otherwise, if false, this will create a new ValueParser from the specified Map of params and call configure(ValueParser) with it. Then this will check the parameters itself to find out whether or not the configuration for this tool should be put into safe mode or have its config locked. The safe mode value should be a boolean under the key SAFE_MODE_KEY and the lock value should be a boolean under the key LOCK_CONFIG_KEY.


configure

protected void configure(ValueParser values)
Does the actual configuration. This is protected, so subclasses may share the same ValueParser and call configure at any time, while preventing templates from doing so when configure(Map) is locked.



Copyright (c) 2003-2007 Apache Software Foundation