[
https://issues.apache.org/jira/browse/JEXL-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16831526#comment-16831526
]
Henri Biestro commented on JEXL-253:
------------------------------------
https://github.com/apache/commons-jexl/commit/b508e517f7134e43722b055b9cc60b5c7c1a3446
> Permissions by super type in JexlSandbox
> ----------------------------------------
>
> Key: JEXL-253
> URL: https://issues.apache.org/jira/browse/JEXL-253
> Project: Commons JEXL
> Issue Type: New Feature
> Reporter: Woonsan Ko
> Assignee: Henri Biestro
> Priority: Major
>
> At the moment, the permissions in {{JexlSandbox}} takes the object's class
> name only into the consideration. So, if someone adds {{java.util.Set}} into
> the white list, but if the real object is an empty set
> ({{Collections.emptySet()}}), then it cannot allow invocations on
> {{#contains(Object)}} operation, for instance.
> I think it would be very convenient if it optionally allows to set whites or
> blacks based on super type (interfaces or base classes).
> To minimize the effort, I'd suggest adding
> {{JexlSandbox#permissionsByType(Class<?> type, ...)}}, where the {{type}}
> means the object type or any super types.
> So, if {{JexlSandbox#permissionsByType(java.util.Set.class, ...)}}, then any
> invocations on any concrete {{java.util.Set}} objects will be affected by
> that.
> Related e-mail thread: "[JEXL] white list classes, not by interfaces?"
> (10/19/17).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
