Class SecureIntrospector

  • All Implemented Interfaces:
    org.apache.velocity.util.introspection.SecureIntrospectorControl

    public class SecureIntrospector
    extends org.apache.velocity.util.introspection.SecureIntrospectorImpl
    SecureIntrospectorImpl is way too restrictive with allowed Class methods.
    Since:
    5.4RC1
    Version:
    $Id: 4be697e8a6a6ac25f57014335f712e315db0f7b7 $
    • Constructor Detail

      • SecureIntrospector

        public SecureIntrospector​(String[] badClasses,
                                  String[] badPackages,
                                  org.slf4j.Logger log)
        Parameters:
        badClasses - forbidden classes
        badPackages - forbidden packages
        log - the log
    • Method Detail

      • getWhitelistedMethods

        protected Map<Class,​Set<String>> getWhitelistedMethods()
        Returns:
        a copy of the whitelisted methods used in this introspector.
      • checkObjectExecutePermission

        public boolean checkObjectExecutePermission​(Class clazz,
                                                    String methodName)
        Specified by:
        checkObjectExecutePermission in interface org.apache.velocity.util.introspection.SecureIntrospectorControl
        Overrides:
        checkObjectExecutePermission in class org.apache.velocity.util.introspection.SecureIntrospectorImpl