commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Biestro (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (JEXL-253) Permissions by super type in JexlSandbox
Date Sun, 28 Jan 2018 07:09:01 GMT

     [ https://issues.apache.org/jira/browse/JEXL-253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Henri Biestro updated JEXL-253:
-------------------------------
    Assignee: Henri Biestro

> Permissions by super type in JexlSandbox
> ----------------------------------------
>
>                 Key: JEXL-253
>                 URL: https://issues.apache.org/jira/browse/JEXL-253
>             Project: Commons JEXL
>          Issue Type: New Feature
>            Reporter: Woonsan Ko
>            Assignee: Henri Biestro
>            Priority: Major
>
> At the moment, the permissions in {{JexlSandbox}} takes the object's class name only
into the consideration. So, if someone adds {{java.util.Set}} into the white list, but if
the real object is an empty set ({{Collections.emptySet()}}), then it cannot allow invocations
on {{#contains(Object)}} operation, for instance.
> I think it would be very convenient if it optionally allows to set whites or blacks based
on super type (interfaces or base classes).
> To minimize the effort, I'd suggest adding {{JexlSandbox#permissionsByType(Class<?>
type, ...)}}, where the {{type}} means the object type or any super types.
> So, if {{JexlSandbox#permissionsByType(java.util.Set.class, ...)}}, then any invocations
on any concrete {{java.util.Set}} objects will be affected by that.
> Related e-mail thread: "[JEXL] white list classes, not by interfaces?" (10/19/17).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message