[unomi] branch unomi-fix-scripting-classloaders updated: Add some documentation for the configuration parameters

Tue, 12 May 2020 00:08:01 -0700 

This is an automated email from the ASF dual-hosted git repository.

shuber pushed a commit to branch unomi-fix-scripting-classloaders
in repository https://gitbox.apache.org/repos/asf/unomi.git


The following commit(s) were added to 
refs/heads/unomi-fix-scripting-classloaders by this push:
     new 409c763  Add some documentation for the configuration parameters
409c763 is described below

commit 409c76340e3110b4bc8f6b1462f94fe9bcabee8f
Author: Serge Huber <[email protected]>
AuthorDate: Tue May 12 09:07:48 2020 +0200

    Add some documentation for the configuration parameters
---
 manual/src/main/asciidoc/configuration.adoc | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/manual/src/main/asciidoc/configuration.adoc 
b/manual/src/main/asciidoc/configuration.adoc
index e191fa8..688d8ad 100644
--- a/manual/src/main/asciidoc/configuration.adoc
+++ b/manual/src/main/asciidoc/configuration.adoc
@@ -193,6 +193,24 @@ You should now have SSL setup on Karaf with your 
certificate, and you can test i
 Changing the default Karaf password can be done by modifying the 
`org.apache.unomi.security.root.password` in the
 `$MY_KARAF_HOME/etc/unomi.custom.system.properties` file
 
+==== Scripting security
+
+By default, scripting (using in conditions, segments and rules) is controlled 
by a custom classloader that is quite
+restrictive and using a white-list/black list system. It is controlled through 
the following property in the
+`unomi.custom.system.properties` file:
+
+[source]
+----
+org.apache.unomi.scripting.allow=${env:UNOMI_ALLOW_SCRIPTING_CLASSES:-org.apache.unomi.api.Event,org.apache.unomi.api.Profile,org.apache.unomi.api.Session,org.apache.unomi.api.Item,org.apache.unomi.api.CustomItem,ognl.*,java.lang.Object,java.util.Map,java.lang.Integer,org.mvel2.*}
+org.apache.unomi.scripting.forbid=${env:UNOMI_FORBID_SCRIPTING_CLASSES:-}
+----
+
+If you encounter any errors while trying to access a class in a condition or 
an action it might be due to this
+restrictive configuration.
+
+If you need, for example when adding a custom item type, to adjust these, 
please be careful as scripts may be called
+directly from the context.json personalization conditions and therefore should 
be kept minimal.
+
 ==== Automatic profile merging
 
 Apache Unomi is capable of merging profiles based on a common property value. 
In order to use this, you must

Reply via email to