org.apache.velocity.util.introspection
Class SecureUberspector

java.lang.Object
  extended by org.apache.velocity.util.introspection.UberspectImpl
      extended by org.apache.velocity.util.introspection.SecureUberspector
All Implemented Interfaces:
Uberspect, UberspectLoggable, RuntimeServicesAware

public class SecureUberspector
extends UberspectImpl
implements RuntimeServicesAware

Use a custom introspector that prevents classloader related method calls. Use this introspector for situations in which template writers are numerous or untrusted. Specifically, this introspector prevents creation of arbitrary objects or reflection on objects.

To use this introspector, set the following property:

 runtime.introspector.uberspect = org.apache.velocity.util.introspection.SecureUberspector
 

Since:
1.5
Version:
$Id: SecureUberspector.java 774412 2009-05-13 15:54:07Z nbubna $
Author:
Will Glass-Husain

Nested Class Summary
 
Nested classes/interfaces inherited from class org.apache.velocity.util.introspection.UberspectImpl
UberspectImpl.VelGetterImpl, UberspectImpl.VelMethodImpl, UberspectImpl.VelSetterImpl
 
Field Summary
 
Fields inherited from class org.apache.velocity.util.introspection.UberspectImpl
introspector, log
 
Constructor Summary
SecureUberspector()
           
 
Method Summary
 Iterator getIterator(Object obj, Info i)
          Get an iterator from the given object.
 void init()
          init - generates the Introspector.
 void setRuntimeServices(RuntimeServices rs)
          Store the RuntimeServices before the object is initialized..
 
Methods inherited from class org.apache.velocity.util.introspection.UberspectImpl
getMethod, getPropertyGet, getPropertySet, setLog, setRuntimeLogger
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecureUberspector

public SecureUberspector()
Method Detail

init

public void init()
init - generates the Introspector. As the setup code makes sure that the log gets set before this is called, we can initialize the Introspector using the log object.

Specified by:
init in interface Uberspect
Overrides:
init in class UberspectImpl

getIterator

public Iterator getIterator(Object obj,
                            Info i)
                     throws Exception
Get an iterator from the given object. Since the superclass method this secure version checks for execute permission.

Specified by:
getIterator in interface Uberspect
Overrides:
getIterator in class UberspectImpl
Parameters:
obj - object to iterate over
i - line, column, template info
Returns:
Iterator for object
Throws:
Exception

setRuntimeServices

public void setRuntimeServices(RuntimeServices rs)
Store the RuntimeServices before the object is initialized..

Specified by:
setRuntimeServices in interface RuntimeServicesAware
Parameters:
rs - RuntimeServices object for initialization


Copyright © 2000-2010 The Apache Software Foundation. All Rights Reserved.