public class WhitelistMemberAccessPolicy extends MemberSelectorListMemberAccessPolicy
BeansWrapper
and its subclasses doesn't discover all members on the first place, and the
MemberAccessPolicy
just removes from that set of members, never adds to it.
The whitelist content is usually application specific, and can be significant work to put together, but it's the only way you can achieve any practical safety when you don't fully trust the users who can edit templates.
See more about the rules at MemberSelectorListMemberAccessPolicy
.
TemplateAccessible
annotation may be used to add members to the whitelist.
Of course, this only can deal with the ObjectWrapper
aspect of safety; please check the Manual to see what
else is needed. Also, since this is related to security, read the documentation of MemberAccessPolicy
, to
know about the pitfalls and edge cases related to MemberAccessPolicy
-es in general.
MemberSelectorListMemberAccessPolicy.MemberSelector
Constructor and Description |
---|
WhitelistMemberAccessPolicy(java.util.Collection<? extends MemberSelectorListMemberAccessPolicy.MemberSelector> memberSelectors) |
Modifier and Type | Method and Description |
---|---|
boolean |
isToStringAlwaysExposed()
If this returns
true , we won't invoke the probably more expensive lookup to figure out if
Object.toString() (including its overridden variants) is exposed for a given object. |
forClass
public WhitelistMemberAccessPolicy(java.util.Collection<? extends MemberSelectorListMemberAccessPolicy.MemberSelector> memberSelectors)
memberSelectors
- List of member selectors; see MemberSelectorListMemberAccessPolicy
class-level documentation for
more.public boolean isToStringAlwaysExposed()
MemberAccessPolicy
true
, we won't invoke the probably more expensive lookup to figure out if
Object.toString()
(including its overridden variants) is exposed for a given object. If this returns
false
, then no such optimization is made. This method was introduced as Object.toString()
is
called frequently, as it's used whenever an object is converted to string, like printed to the output, and it's
not even a reflection-based call (we just call Object.toString()
in Java). So we try to avoid the
overhead of a more generic method call.