| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <!-- Generated by javadoc (1.8.0_191) on Fri Mar 15 15:10:10 CET 2019 --> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <title>SecureIntrospectorImpl (Apache Velocity 2.1 API)</title> |
| <meta name="date" content="2019-03-15"> |
| <link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style"> |
| <script type="text/javascript" src="../../../../../script.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="SecureIntrospectorImpl (Apache Velocity 2.1 API)"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| var methods = {"i0":10,"i1":10}; |
| var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; |
| var altColor = "altColor"; |
| var rowColor = "rowColor"; |
| var tableTab = "tableTab"; |
| var activeTableTab = "activeTableTab"; |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/SecureIntrospectorImpl.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorControl.html" title="interface in org.apache.velocity.util.introspection"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../../org/apache/velocity/util/introspection/SecureUberspector.html" title="class in org.apache.velocity.util.introspection"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../index.html?org/apache/velocity/util/introspection/SecureIntrospectorImpl.html" target="_top">Frames</a></li> |
| <li><a href="SecureIntrospectorImpl.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li><a href="#fields.inherited.from.class.org.apache.velocity.util.introspection.IntrospectorBase">Field</a> | </li> |
| <li><a href="#constructor.summary">Constr</a> | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#constructor.detail">Constr</a> | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <div class="subTitle">org.apache.velocity.util.introspection</div> |
| <h2 title="Class SecureIntrospectorImpl" class="title">Class SecureIntrospectorImpl</h2> |
| </div> |
| <div class="contentContainer"> |
| <ul class="inheritance"> |
| <li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li> |
| <li> |
| <ul class="inheritance"> |
| <li><a href="../../../../../org/apache/velocity/util/introspection/IntrospectorBase.html" title="class in org.apache.velocity.util.introspection">org.apache.velocity.util.introspection.IntrospectorBase</a></li> |
| <li> |
| <ul class="inheritance"> |
| <li><a href="../../../../../org/apache/velocity/util/introspection/Introspector.html" title="class in org.apache.velocity.util.introspection">org.apache.velocity.util.introspection.Introspector</a></li> |
| <li> |
| <ul class="inheritance"> |
| <li>org.apache.velocity.util.introspection.SecureIntrospectorImpl</li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <dl> |
| <dt>All Implemented Interfaces:</dt> |
| <dd><a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorControl.html" title="interface in org.apache.velocity.util.introspection">SecureIntrospectorControl</a></dd> |
| </dl> |
| <hr> |
| <br> |
| <pre>public class <span class="typeNameLabel">SecureIntrospectorImpl</span> |
| extends <a href="../../../../../org/apache/velocity/util/introspection/Introspector.html" title="class in org.apache.velocity.util.introspection">Introspector</a> |
| implements <a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorControl.html" title="interface in org.apache.velocity.util.introspection">SecureIntrospectorControl</a></pre> |
| <div class="block"><p>Prevent "dangerous" classloader/reflection related calls. Use this |
| introspector for situations in which template writers are numerous |
| or untrusted. Specifically, this introspector prevents creation of |
| arbitrary objects and prevents reflection on objects. |
| |
| <p>See documentation of checkObjectExecutePermission() for |
| more information on specific classes and methods blocked.</div> |
| <dl> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>1.5</dd> |
| <dt><span class="simpleTagLabel">Version:</span></dt> |
| <dd>$Id: SecureIntrospectorImpl.java 1780734 2017-01-28 19:21:08Z cbrisson $</dd> |
| <dt><span class="simpleTagLabel">Author:</span></dt> |
| <dd><a href="mailto:wglass@forio.com">Will Glass-Husain</a></dd> |
| </dl> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- =========== FIELD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="field.summary"> |
| <!-- --> |
| </a> |
| <h3>Field Summary</h3> |
| <ul class="blockList"> |
| <li class="blockList"><a name="fields.inherited.from.class.org.apache.velocity.util.introspection.IntrospectorBase"> |
| <!-- --> |
| </a> |
| <h3>Fields inherited from class org.apache.velocity.util.introspection.<a href="../../../../../org/apache/velocity/util/introspection/IntrospectorBase.html" title="class in org.apache.velocity.util.introspection">IntrospectorBase</a></h3> |
| <code><a href="../../../../../org/apache/velocity/util/introspection/IntrospectorBase.html#log">log</a></code></li> |
| </ul> |
| </li> |
| </ul> |
| <!-- ======== CONSTRUCTOR SUMMARY ======== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="constructor.summary"> |
| <!-- --> |
| </a> |
| <h3>Constructor Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation"> |
| <caption><span>Constructors</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colOne" scope="col">Constructor and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colOne"><code><span class="memberNameLink"><a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorImpl.html#SecureIntrospectorImpl-java.lang.String:A-java.lang.String:A-org.slf4j.Logger-">SecureIntrospectorImpl</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>[] badClasses, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>[] badPackages, |
| org.slf4j.Logger log)</code> </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation"> |
| <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd"> </span></span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Method and Description</th> |
| </tr> |
| <tr id="i0" class="altColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorImpl.html#checkObjectExecutePermission-java.lang.Class-java.lang.String-">checkObjectExecutePermission</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a> clazz, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> methodName)</code> |
| <div class="block">Determine which methods and classes to prevent from executing.</div> |
| </td> |
| </tr> |
| <tr id="i1" class="rowColor"> |
| <td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect">Method</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorImpl.html#getMethod-java.lang.Class-java.lang.String-java.lang.Object:A-">getMethod</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a> clazz, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> methodName, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a>[] params)</code> |
| <div class="block">Get the Method object corresponding to the given class, name and parameters.</div> |
| </td> |
| </tr> |
| </table> |
| <ul class="blockList"> |
| <li class="blockList"><a name="methods.inherited.from.class.org.apache.velocity.util.introspection.IntrospectorBase"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class org.apache.velocity.util.introspection.<a href="../../../../../org/apache/velocity/util/introspection/IntrospectorBase.html" title="class in org.apache.velocity.util.introspection">IntrospectorBase</a></h3> |
| <code><a href="../../../../../org/apache/velocity/util/introspection/IntrospectorBase.html#getField-java.lang.Class-java.lang.String-">getField</a>, <a href="../../../../../org/apache/velocity/util/introspection/IntrospectorBase.html#getIntrospectorCache--">getIntrospectorCache</a></code></li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="methods.inherited.from.class.java.lang.Object"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3> |
| <code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--" title="class or interface in java.lang">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-" title="class or interface in java.lang">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--" title="class or interface in java.lang">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--" title="class or interface in java.lang">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode--" title="class or interface in java.lang">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify--" title="class or interface in java.lang">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll--" title="class or interface in java.lang">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString--" title="class or interface in java.lang">toString</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait--" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-int-" title="class or interface in java.lang">wait</a></code></li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ========= CONSTRUCTOR DETAIL ======== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="constructor.detail"> |
| <!-- --> |
| </a> |
| <h3>Constructor Detail</h3> |
| <a name="SecureIntrospectorImpl-java.lang.String:A-java.lang.String:A-org.slf4j.Logger-"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>SecureIntrospectorImpl</h4> |
| <pre>public SecureIntrospectorImpl(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>[] badClasses, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>[] badPackages, |
| org.slf4j.Logger log)</pre> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <!-- ============ METHOD DETAIL ========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a name="getMethod-java.lang.Class-java.lang.String-java.lang.Object:A-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getMethod</h4> |
| <pre>public <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect">Method</a> getMethod(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a> clazz, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> methodName, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a>[] params) |
| throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang">IllegalArgumentException</a></pre> |
| <div class="block">Get the Method object corresponding to the given class, name and parameters. |
| Will check for appropriate execute permissions and return null if the method |
| is not allowed to be executed.</div> |
| <dl> |
| <dt><span class="overrideSpecifyLabel">Overrides:</span></dt> |
| <dd><code><a href="../../../../../org/apache/velocity/util/introspection/Introspector.html#getMethod-java.lang.Class-java.lang.String-java.lang.Object:A-">getMethod</a></code> in class <code><a href="../../../../../org/apache/velocity/util/introspection/Introspector.html" title="class in org.apache.velocity.util.introspection">Introspector</a></code></dd> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>clazz</code> - Class on which method will be called</dd> |
| <dd><code>methodName</code> - Name of method to be called</dd> |
| <dd><code>params</code> - array of parameters to method</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Method object retrieved by Introspector</dd> |
| <dt><span class="throwsLabel">Throws:</span></dt> |
| <dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang">IllegalArgumentException</a></code> - The parameter passed in were incorrect.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="checkObjectExecutePermission-java.lang.Class-java.lang.String-"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>checkObjectExecutePermission</h4> |
| <pre>public boolean checkObjectExecutePermission(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Class.html?is-external=true" title="class or interface in java.lang">Class</a> clazz, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> methodName)</pre> |
| <div class="block">Determine which methods and classes to prevent from executing. Always blocks |
| methods wait() and notify(). Always allows methods on Number, Boolean, and String. |
| Prohibits method calls on classes related to reflection and system operations. |
| For the complete list, see the properties <code>introspector.restrict.classes</code> |
| and <code>introspector.restrict.packages</code>.</div> |
| <dl> |
| <dt><span class="overrideSpecifyLabel">Specified by:</span></dt> |
| <dd><code><a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorControl.html#checkObjectExecutePermission-java.lang.Class-java.lang.String-">checkObjectExecutePermission</a></code> in interface <code><a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorControl.html" title="interface in org.apache.velocity.util.introspection">SecureIntrospectorControl</a></code></dd> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>clazz</code> - Class on which method will be called</dd> |
| <dd><code>methodName</code> - Name of method to be called</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>true if method may be called on object</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorControl.html#checkObjectExecutePermission-java.lang.Class-java.lang.String-"><code>SecureIntrospectorControl.checkObjectExecutePermission(java.lang.Class, java.lang.String)</code></a></dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/SecureIntrospectorImpl.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../org/apache/velocity/util/introspection/SecureIntrospectorControl.html" title="interface in org.apache.velocity.util.introspection"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../../org/apache/velocity/util/introspection/SecureUberspector.html" title="class in org.apache.velocity.util.introspection"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../index.html?org/apache/velocity/util/introspection/SecureIntrospectorImpl.html" target="_top">Frames</a></li> |
| <li><a href="SecureIntrospectorImpl.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li><a href="#fields.inherited.from.class.org.apache.velocity.util.introspection.IntrospectorBase">Field</a> | </li> |
| <li><a href="#constructor.summary">Constr</a> | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#constructor.detail">Constr</a> | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| <p class="legalCopy"><small>Copyright © 2000–2019 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p> |
| </body> |
| </html> |
