public class SecureIntrospectorImpl extends Introspector implements SecureIntrospectorControl
Prevent "dangerous" classloader/reflection related calls. Use this introspector for situations in which template writers are numerous or untrusted. Specifically, this introspector prevents creation of arbitrary objects and prevents reflection on objects.
See documentation of checkObjectExecutePermission() for more information on specific classes and methods blocked.
log
Constructor and Description |
---|
SecureIntrospectorImpl(String[] badClasses,
String[] badPackages,
org.slf4j.Logger log) |
Modifier and Type | Method and Description |
---|---|
boolean |
checkObjectExecutePermission(Class clazz,
String methodName)
Determine which methods and classes to prevent from executing.
|
Method |
getMethod(Class clazz,
String methodName,
Object[] params)
Get the Method object corresponding to the given class, name and parameters.
|
getField, getIntrospectorCache
public Method getMethod(Class clazz, String methodName, Object[] params) throws IllegalArgumentException
getMethod
in class Introspector
clazz
- Class on which method will be calledmethodName
- Name of method to be calledparams
- array of parameters to methodIllegalArgumentException
- The parameter passed in were incorrect.public boolean checkObjectExecutePermission(Class clazz, String methodName)
introspector.restrict.classes
and introspector.restrict.packages
.checkObjectExecutePermission
in interface SecureIntrospectorControl
clazz
- Class on which method will be calledmethodName
- Name of method to be calledSecureIntrospectorControl.checkObjectExecutePermission(java.lang.Class, java.lang.String)
Copyright © 2000–2019 The Apache Software Foundation. All rights reserved.