[
https://issues.apache.org/jira/browse/JEXL-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16838629#comment-16838629
]
Henri Biestro commented on JEXL-253:
------------------------------------
It's not fixed yet, still working on it; thank you for the cheer up though :-)
> Permissions by super type in JexlSandbox
> ----------------------------------------
>
> Key: JEXL-253
> URL: https://issues.apache.org/jira/browse/JEXL-253
> Project: Commons JEXL
> Issue Type: New Feature
> Affects Versions: 3.1
> Reporter: Woonsan Ko
> Assignee: Henri Biestro
> Priority: Major
> Fix For: 3.2
>
>
> At the moment, the permissions in {{JexlSandbox}} takes the object's class
> name only into the consideration. So, if someone adds {{java.util.Set}} into
> the white list, but if the real object is an empty set
> ({{Collections.emptySet()}}), then it cannot allow invocations on
> {{#contains(Object)}} operation, for instance.
> I think it would be very convenient if it optionally allows to set whites or
> blacks based on super type (interfaces or base classes).
> To minimize the effort, I'd suggest adding
> {{JexlSandbox#permissionsByType(Class<?> type, ...)}}, where the {{type}}
> means the object type or any super types.
> So, if {{JexlSandbox#permissionsByType(java.util.Set.class, ...)}}, then any
> invocations on any concrete {{java.util.Set}} objects will be affected by
> that.
> Related e-mail thread: "[JEXL] white list classes, not by interfaces?"
> (10/19/17).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
