|Constructor and Description|
Creates a new instance.
|Modifier and Type||Method and Description|
Extract the template name from the template object which will be matched against the trusted template names and pattern.
public OptInTemplateClassResolver(java.util.Set allowedClasses, java.util.List trustedTemplates)
String-s that contains the full-qualified names of the allowed classes. Can be
null(means not class is allowed).
String-s that contains template names (i.e., template root directory relative paths) and prefix patterns (like
"include/*") of templates for which
TemplateClassResolver.SAFER_RESOLVERwill be used (which is not as safe as
OptInTemplateClassResolver). The list items need not start with
"/"(if they are, it will be removed). List items ending with
"*"are treated as prefixes (i.e.
"foowhatever/bar/baaz", etc.). The
"*"has no special meaning anywhere else. The matched template name is the name (template root directory relative path) of the template that directly (lexically) contains the operation (like
?new) that wants to get the class. Thus, if a trusted template includes a non-trusted template, the
allowedClassesrestriction will apply in the included template. This parameter can be
null(means no trusted templates).
public java.lang.Class resolve(java.lang.String className, Environment env, Template template) throws TemplateException
Classbased on the class name.
className- the full-qualified class name
env- the environment in which the template executes
template- the template where the operation that require the class resolution resides in. This is
nullif the call doesn't come from a template.
TemplateException- if the class can't be found or shouldn't be accessed from a template for security reasons.
protected java.lang.String safeGetTemplateName(Template template)