[unomi] branch UNOMI-401-fix-securefilteringclassloader-config created (now f153a2e)

[sh...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

shuber pushed a change to branch UNOMI-401-fix-securefilteringclassloader-config
in repository https://gitbox.apache.org/repos/asf/unomi.git.


      at f153a2e  UNOMI-401 Fix missing base class in SecureFilteringClassLoader

This branch includes the following new commits:

     new f153a2e  UNOMI-401 Fix missing base class in SecureFilteringClassLoader

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[unomi] 01/01: UNOMI-401 Fix missing base class in SecureFilteringClassLoader

[sh...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

shuber pushed a commit to branch UNOMI-401-fix-securefilteringclassloader-config
in repository https://gitbox.apache.org/repos/asf/unomi.git

commit f153a2ea18ee5ca7792114ede0939ce913e68e05
Author: Serge Huber <sh...@jahia.com>
AuthorDate: Tue Nov 17 23:22:20 2020 +0100

    UNOMI-401 Fix missing base class in SecureFilteringClassLoader
---
 package/src/main/resources/etc/custom.system.properties                 | 2 +-
 .../java/org/apache/unomi/scripting/SecureFilteringClassLoader.java     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/src/main/resources/etc/custom.system.properties b/package/src/main/resources/etc/custom.system.properties
index acca87b..4618ac0 100644
--- a/package/src/main/resources/etc/custom.system.properties
+++ b/package/src/main/resources/etc/custom.system.properties
@@ -33,7 +33,7 @@ org.apache.unomi.hazelcast.network.port=${env:UNOMI_HAZELCAST_NETWORK_PORT:-5701
 org.apache.unomi.security.root.password=${env:UNOMI_ROOT_PASSWORD:-karaf}
 
 # These parameters control the list of classes that are allowed or forbidden when executing expressions.
-org.apache.unomi.scripting.allow=${env:UNOMI_ALLOW_SCRIPTING_CLASSES:-org.apache.unomi.api.Event,org.apache.unomi.api.Profile,org.apache.unomi.api.Session,org.apache.unomi.api.Item,org.apache.unomi.api.CustomItem,ognl.*,java.lang.Object,java.util.Map,java.util.HashMap,java.lang.Integer,org.mvel2.*}
+org.apache.unomi.scripting.allow=${env:UNOMI_ALLOW_SCRIPTING_CLASSES:-org.apache.unomi.api.Event,org.apache.unomi.api.Profile,org.apache.unomi.api.Session,org.apache.unomi.api.Item,org.apache.unomi.api.CustomItem,ognl.*,java.lang.Object,java.util.Map,java.util.HashMap,java.lang.Integer,org.mvel2.*,java.lang.String}
 org.apache.unomi.scripting.forbid=${env:UNOMI_FORBID_SCRIPTING_CLASSES:-}
 
 # This parameter controls the whole expression filtering system. It is not recommended to turn it off. The main reason
diff --git a/scripting/src/main/java/org/apache/unomi/scripting/SecureFilteringClassLoader.java b/scripting/src/main/java/org/apache/unomi/scripting/SecureFilteringClassLoader.java
index 028d637..4af57e1 100644
--- a/scripting/src/main/java/org/apache/unomi/scripting/SecureFilteringClassLoader.java
+++ b/scripting/src/main/java/org/apache/unomi/scripting/SecureFilteringClassLoader.java
@@ -34,7 +34,7 @@ public class SecureFilteringClassLoader extends ClassLoader {
 
     static {
         String systemAllowedClasses = System.getProperty("org.apache.unomi.scripting.allow",
-                "org.apache.unomi.api.Event,org.apache.unomi.api.Profile,org.apache.unomi.api.Session,org.apache.unomi.api.Item,org.apache.unomi.api.CustomItem,ognl.*,java.lang.Object,java.util.Map,java.util.HashMap,java.lang.Integer,org.mvel2.*");
+                "org.apache.unomi.api.Event,org.apache.unomi.api.Profile,org.apache.unomi.api.Session,org.apache.unomi.api.Item,org.apache.unomi.api.CustomItem,ognl.*,java.lang.Object,java.util.Map,java.util.HashMap,java.lang.Integer,org.mvel2.*,java.lang.String");
         if (systemAllowedClasses != null) {
             if ("all".equals(systemAllowedClasses.trim())) {
                 defaultAllowedClasses = null;