Package org.apache.velocity.util.introspection

Class SecureUberspector

java.lang.Object
org.apache.velocity.util.introspection.UberspectImpl
org.apache.velocity.util.introspection.SecureUberspector
All Implemented Interfaces:
Uberspect, RuntimeServicesAware
public class SecureUberspector extends UberspectImpl
Use a custom introspector that prevents classloader related method calls. Use this introspector for situations in which template writers are numerous or untrusted. Specifically, this introspector prevents creation of arbitrary objects or reflection on objects.

To use this introspector, set the following property: 

 introspector.uberspect.class = org.apache.velocity.util.introspection.SecureUberspector
Since:
1.5
Version:
$Id$
Author:
Will Glass-Husain

  • Constructor Details

    • SecureUberspector

      public SecureUberspector()

  • Method Details

    • init

      public void init()
      init - generates the Introspector. As the setup code makes sure that the log gets set before this is called, we can initialize the Introspector using the log object.
      Specified by:
      init in interface Uberspect
      Overrides:
      init in class UberspectImpl

    • getIterator

      public Iterator getIterator(Object obj, Info i)
      Get an iterator from the given object. Since the superclass method this secure version checks for execute permission.
      Specified by:
      getIterator in interface Uberspect
      Overrides:
      getIterator in class UberspectImpl
      Parameters:
      obj - object to iterate over
      i - line, column, template info
      Returns:
      Iterator for object