public class BlacklistMemberAccessPolicy extends MemberSelectorListMemberAccessPolicy
BeansWrapperand its subclasses doesn't discover all members on the first place, and the
MemberAccessPolicyjust removes from that set of members, never adds to it.
This class is rarely useful in itself, and mostly meant to be used when composing a
MemberAccessPolicy-es. If you are serious about security, never use this alone; consider using
WhitelistMemberAccessPolicy as part of your solution.
See more about the rules at
BlacklistMemberAccessPolicy doesn't have annotations that can be used
to add members to the member selector list.
|Constructor and Description|
|Modifier and Type||Method and Description|
If this returns
public BlacklistMemberAccessPolicy(java.util.Collection<? extends MemberSelectorListMemberAccessPolicy.MemberSelector> memberSelectors)
memberSelectors- List of member selectors; see
MemberSelectorListMemberAccessPolicyclass-level documentation for more.
public boolean isToStringAlwaysExposed()
true, we won't invoke the probably more expensive lookup to figure out if
Object.toString()(including its overridden variants) is exposed for a given object. If this returns
false, then no such optimization is made. This method was introduced as
Object.toString()is called frequently, as it's used whenever an object is converted to string, like printed to the output, and it's not even a reflection-based call (we just call
Object.toString()in Java). So we try to avoid the overhead of a more generic method call.