Class SecurityMemberAccess

java.lang.Object
org.apache.struts2.ognl.SecurityMemberAccess
All Implemented Interfaces:
ognl.MemberAccess

public class SecurityMemberAccess extends Object implements ognl.MemberAccess
Allows access decisions to be made on the basis of whether a member is static or not. Also blocks or allows access to properties.
  • Constructor Details

  • Method Details

    • setup

      public Object setup(Map context, Object target, Member member, String propertyName)
      Specified by:
      setup in interface ognl.MemberAccess
    • restore

      public void restore(Map context, Object target, Member member, String propertyName, Object state)
      Specified by:
      restore in interface ognl.MemberAccess
    • isAccessible

      public boolean isAccessible(Map context, Object target, Member member, String propertyName)
      Specified by:
      isAccessible in interface ognl.MemberAccess
    • checkAllowlist

      protected boolean checkAllowlist(Object target, Member member)
      Returns:
      true if member access is allowed
    • isClassAllowlisted

      protected boolean isClassAllowlisted(Class<?> clazz)
    • checkExclusionList

      protected boolean checkExclusionList(Object target, Member member)
      Returns:
      true if member access is allowed
    • checkDefaultPackageAccess

      protected boolean checkDefaultPackageAccess(Object target, Member member)
      Returns:
      true if member access is allowed
    • checkProxyObjectAccess

      protected boolean checkProxyObjectAccess(Object target)
      Returns:
      true if proxy object access is allowed
    • checkProxyMemberAccess

      protected boolean checkProxyMemberAccess(Object target, Member member)
      Returns:
      true if proxy member access is allowed
    • checkStaticMethodAccess

      protected boolean checkStaticMethodAccess(Member member)
      Check access for static method (via modifiers).

      Note: For non-static members, the result is always true.

      Returns:
      true if member access is allowed
    • checkStaticFieldAccess

      protected boolean checkStaticFieldAccess(Member member)
      Check access for static field (via modifiers).

      Note: For non-static members, the result is always true.

      Returns:
      true if member access is allowed
    • checkPublicMemberAccess

      protected boolean checkPublicMemberAccess(Member member)
      Check access for public members (via modifiers)
      Returns:
      true if member access is allowed
    • isPackageExcluded

      protected boolean isPackageExcluded(Class<?> clazz)
    • toPackageName

      public static String toPackageName(Class<?> clazz)
    • isExcludedPackageNamePatterns

      protected boolean isExcludedPackageNamePatterns(Class<?> clazz)
    • isExcludedPackageNames

      protected boolean isExcludedPackageNames(Class<?> clazz)
    • isClassBelongsToPackages

      public static boolean isClassBelongsToPackages(Class<?> clazz, Set<String> matchingPackages)
    • isClassExcluded

      protected boolean isClassExcluded(Class<?> clazz)
    • isAcceptableProperty

      protected boolean isAcceptableProperty(String name)
      Returns:
      true if member access is allowed
    • isAccepted

      protected boolean isAccepted(String paramName)
    • isExcluded

      protected boolean isExcluded(String paramName)
    • useExcludeProperties

      public void useExcludeProperties(Set<Pattern> excludeProperties)
    • useAcceptProperties

      public void useAcceptProperties(Set<Pattern> acceptedProperties)
    • useAllowStaticFieldAccess

      public void useAllowStaticFieldAccess(String allowStaticFieldAccess)
    • useExcludedClasses

      public void useExcludedClasses(String commaDelimitedClasses)
    • useExcludedPackageNamePatterns

      public void useExcludedPackageNamePatterns(String commaDelimitedPackagePatterns)
    • useExcludedPackageNames

      public void useExcludedPackageNames(String commaDelimitedPackageNames)
    • useExcludedPackageExemptClasses

      public void useExcludedPackageExemptClasses(String commaDelimitedClasses)
    • useEnforceAllowlistEnabled

      public void useEnforceAllowlistEnabled(String enforceAllowlistEnabled)
    • useAllowlistClasses

      public void useAllowlistClasses(String commaDelimitedClasses)
    • useAllowlistPackageNames

      public void useAllowlistPackageNames(String commaDelimitedPackageNames)
    • useDisallowProxyObjectAccess

      public void useDisallowProxyObjectAccess(String disallowProxyObjectAccess)
    • useDisallowProxyMemberAccess

      public void useDisallowProxyMemberAccess(String disallowProxyMemberAccess)
    • useDisallowDefaultPackageAccess

      public void useDisallowDefaultPackageAccess(String disallowDefaultPackageAccess)
    • useDevMode

      protected void useDevMode(String devMode)
    • useDevModeExcludedClasses

      public void useDevModeExcludedClasses(String commaDelimitedClasses)
    • useDevModeExcludedPackageNamePatterns

      public void useDevModeExcludedPackageNamePatterns(String commaDelimitedPackagePatterns)
    • useDevModeExcludedPackageNames

      public void useDevModeExcludedPackageNames(String commaDelimitedPackageNames)
    • useDevModeExcludedPackageExemptClasses

      public void useDevModeExcludedPackageExemptClasses(String commaDelimitedClasses)