[
https://issues.apache.org/jira/browse/JEXL-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17491610#comment-17491610
]
Dmitri Blinov commented on JEXL-357:
------------------------------------
The current implementation does not honor classes with no Package information.
According to spec the method Class.getPackage() returns null if no package
information is available from the archive or codebase. Null checks against
class package are required in Persmissions.java
> Configure accessible packages/classes/methods/fields
> -----------------------------------------------------
>
> Key: JEXL-357
> URL: https://issues.apache.org/jira/browse/JEXL-357
> Project: Commons JEXL
> Issue Type: Improvement
> Affects Versions: 3.2.1
> Reporter: Henri Biestro
> Assignee: Henri Biestro
> Priority: Major
> Fix For: 3.3
>
>
> The @NoJexl annotation allows 'hiding' functional elements from scripts; this
> features will allow Jexl introspection to completely ignore existing
> packages/classes/methods/fields ensuring they can not be called.
> Acting (more or less) as a security manager, this will allow fine
> configuration of what scripts are allowed to access on a platform. Used in
> conjunction with Sandboxing, how much is exposed can be limited to explicit
> permission.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
