[ https://issues.apache.org/jira/browse/JEXL-253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Henri Biestro resolved JEXL-253. -------------------------------- Resolution: Fixed Changeset: 757dcb90f2ca2ba92fd9ec43291deb4305eee02c Author: henrib <hen...@apache.org> Date: 2019-06-17 16:36 Message: JEXL-253: Added public API to allow creation of inheritable permissions in sandbox; added tests > Permissions by super type in JexlSandbox > ---------------------------------------- > > Key: JEXL-253 > URL: https://issues.apache.org/jira/browse/JEXL-253 > Project: Commons JEXL > Issue Type: New Feature > Affects Versions: 3.1 > Reporter: Woonsan Ko > Assignee: Henri Biestro > Priority: Major > Fix For: 3.2 > > > At the moment, the permissions in {{JexlSandbox}} takes the object's class > name only into the consideration. So, if someone adds {{java.util.Set}} into > the white list, but if the real object is an empty set > ({{Collections.emptySet()}}), then it cannot allow invocations on > {{#contains(Object)}} operation, for instance. > I think it would be very convenient if it optionally allows to set whites or > blacks based on super type (interfaces or base classes). > To minimize the effort, I'd suggest adding > {{JexlSandbox#permissionsByType(Class<?> type, ...)}}, where the {{type}} > means the object type or any super types. > So, if {{JexlSandbox#permissionsByType(java.util.Set.class, ...)}}, then any > invocations on any concrete {{java.util.Set}} objects will be affected by > that. > Related e-mail thread: "[JEXL] white list classes, not by interfaces?" > (10/19/17). -- This message was sent by Atlassian JIRA (v7.6.3#76005)