You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Henri Biestro (Jira)" <ji...@apache.org> on 2021/06/07 13:15:06 UTC

[jira] [Closed] (JEXL-253) Permissions by super type in JexlSandbox

     [ https://issues.apache.org/jira/browse/JEXL-253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Henri Biestro closed JEXL-253.
------------------------------

> Permissions by super type in JexlSandbox
> ----------------------------------------
>
>                 Key: JEXL-253
>                 URL: https://issues.apache.org/jira/browse/JEXL-253
>             Project: Commons JEXL
>          Issue Type: New Feature
>    Affects Versions: 3.1
>            Reporter: Woonsan Ko
>            Assignee: Henri Biestro
>            Priority: Major
>             Fix For: 3.2
>
>
> At the moment, the permissions in {{JexlSandbox}} takes the object's class name only into the consideration. So, if someone adds {{java.util.Set}} into the white list, but if the real object is an empty set ({{Collections.emptySet()}}), then it cannot allow invocations on {{#contains(Object)}} operation, for instance.
> I think it would be very convenient if it optionally allows to set whites or blacks based on super type (interfaces or base classes).
> To minimize the effort, I'd suggest adding {{JexlSandbox#permissionsByType(Class<?> type, ...)}}, where the {{type}} means the object type or any super types.
> So, if {{JexlSandbox#permissionsByType(java.util.Set.class, ...)}}, then any invocations on any concrete {{java.util.Set}} objects will be affected by that.
> Related e-mail thread: "[JEXL] white list classes, not by interfaces?" (10/19/17).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)