org.apache.velocity.util.introspection
Class SecureUberspector
java.lang.Object
org.apache.velocity.util.introspection.UberspectImpl
org.apache.velocity.util.introspection.SecureUberspector
- All Implemented Interfaces:
- Uberspect, UberspectLoggable, RuntimeServicesAware
public class SecureUberspector
- extends UberspectImpl
- implements RuntimeServicesAware
Use a custom introspector that prevents classloader related method
calls. Use this introspector for situations in which template
writers are numerous or untrusted. Specifically, this introspector
prevents creation of arbitrary objects or reflection on objects.
To use this introspector, set the following property:
runtime.introspector.uberspect = org.apache.velocity.util.introspection.SecureUberspector
- Since:
- 1.5
- Version:
- $Id: SecureUberspector.java 718443 2008-11-18 00:01:56Z nbubna $
- Author:
- Will Glass-Husain
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SecureUberspector
public SecureUberspector()
init
public void init()
- init - generates the Introspector. As the setup code
makes sure that the log gets set before this is called,
we can initialize the Introspector using the log object.
- Specified by:
init
in interface Uberspect
- Overrides:
init
in class UberspectImpl
getIterator
public Iterator getIterator(Object obj,
Info i)
throws Exception
- Get an iterator from the given object. Since the superclass method
this secure version checks for execute permission.
- Specified by:
getIterator
in interface Uberspect
- Overrides:
getIterator
in class UberspectImpl
- Parameters:
obj
- object to iterate overi
- line, column, template info
- Returns:
- Iterator for object
- Throws:
Exception
setRuntimeServices
public void setRuntimeServices(RuntimeServices rs)
- Store the RuntimeServices before the object is initialized..
- Specified by:
setRuntimeServices
in interface RuntimeServicesAware
- Parameters:
rs
- RuntimeServices object for initialization
Copyright © 2000-2009 The Apache Software Foundation. All Rights Reserved.