BlacklistMemberAccessPolicy (FreeMarker 2.3.32 API)

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- freemarker.ext.beans.MemberSelectorListMemberAccessPolicy
- - freemarker.ext.beans.BlacklistMemberAccessPolicy

All Implemented Interfaces:

MemberAccessPolicy
```
public class BlacklistMemberAccessPolicy
extends MemberSelectorListMemberAccessPolicy
```
Blacklist-based member access policy, that is, members that are matched by the listing will not be accessible, all others will be. Note that BeansWrapper and its subclasses doesn't discover all members on the first place, and the MemberAccessPolicy just removes from that set of members, never adds to it.
This class is rarely useful in itself, and mostly meant to be used when composing a MemberAccessPolicy from other MemberAccessPolicy-es. If you are serious about security, never use this alone; consider using WhitelistMemberAccessPolicy as part of your solution.
See more about the rules at MemberSelectorListMemberAccessPolicy. Unlike WhitelistMemberAccessPolicy, BlacklistMemberAccessPolicy doesn't have annotations that can be used to add members to the member selector list.

Since:

2.3.30

Nested Class Summary
- Nested classes/interfaces inherited from class freemarker.ext.beans.MemberSelectorListMemberAccessPolicy
  MemberSelectorListMemberAccessPolicy.MemberSelector

Constructor Summary

Constructors
Constructor and Description

BlacklistMemberAccessPolicy(java.util.Collection<? extends MemberSelectorListMemberAccessPolicy.MemberSelector> memberSelectors)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`isToStringAlwaysExposed()` If this returns `true`, we won't invoke the probably more expensive lookup to figure out if `Object.toString()` (including its overridden variants) is exposed for a given object.

Methods inherited from class freemarker.ext.beans.MemberSelectorListMemberAccessPolicy
forClass

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - BlacklistMemberAccessPolicy
```
public BlacklistMemberAccessPolicy(java.util.Collection<? extends MemberSelectorListMemberAccessPolicy.MemberSelector> memberSelectors)
```
    Parameters:
    
    memberSelectors - List of member selectors; see MemberSelectorListMemberAccessPolicy class-level documentation for more.
- Method Detail
  - isToStringAlwaysExposed
```
public boolean isToStringAlwaysExposed()
```
    Description copied from interface: MemberAccessPolicy
    
    If this returns true, we won't invoke the probably more expensive lookup to figure out if Object.toString() (including its overridden variants) is exposed for a given object. If this returns false, then no such optimization is made. This method was introduced as Object.toString() is called frequently, as it's used whenever an object is converted to string, like printed to the output, and it's not even a reflection-based call (we just call Object.toString() in Java). So we try to avoid the overhead of a more generic method call.

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method