commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Woonsan Ko <woon...@apache.org>
Subject [JEXL] white list classes, not by interfaces?
Date Thu, 19 Oct 2017 14:09:00 GMT
Hi,

I'm experimenting it with JexlSandbox (for blackbox mode) of v3.1 like
the following example:

    JexlSandbox sandbox = new JexlSandbox(false);
    sandbox.white(IFoo.class.getName());
    // ...
    JexlEngine engine = new JexlBuilder().sandbox(sandbox).create();

But if I put an instance of FooImpl (implementing IFoo interface) for
instance, the JEXL interpreter doesn't seem to be able to resolve
IFoo's methods. If I add FooImpl.class.getName() to the white list,
then it starts resolving the method call without a problem.
So, I assume the sandbox permission handling might be checking the
implementation class name only. Is it true? If so, wouldn't it be nice
if it can check its interfaces as well?
When providing an interpreting env using JEXL, I think it's very
common to separate the interfaces from various implementations.

Regards,

Woonsan

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org


Mime
View raw message