Class BlacklistMemberAccessPolicy

All Implemented Interfaces:

public class BlacklistMemberAccessPolicy extends MemberSelectorListMemberAccessPolicy
Blacklist-based member access policy, that is, members that are matched by the listing will not be accessible, all others will be. Note that BeansWrapper and its subclasses doesn't discover all members on the first place, and the MemberAccessPolicy just removes from that set of members, never adds to it.

This class is rarely useful in itself, and mostly meant to be used when composing a MemberAccessPolicy from other MemberAccessPolicy-es. If you are serious about security, never use this alone; consider using WhitelistMemberAccessPolicy as part of your solution.

See more about the rules at MemberSelectorListMemberAccessPolicy. Unlike WhitelistMemberAccessPolicy, BlacklistMemberAccessPolicy doesn't have annotations that can be used to add members to the member selector list.

  • Constructor Details

  • Method Details

    • isToStringAlwaysExposed

      public boolean isToStringAlwaysExposed()
      Description copied from interface: MemberAccessPolicy
      If this returns true, we won't invoke the probably more expensive lookup to figure out if Object.toString() (including its overridden variants) is exposed for a given object. If this returns false, then no such optimization is made. This method was introduced as Object.toString() is called frequently, as it's used whenever an object is converted to string, like printed to the output, and it's not even a reflection-based call (we just call Object.toString() in Java). So we try to avoid the overhead of a more generic method call.