SecureFilteringClassLoader (Apache Unomi :: Root Project 2.1.0-SNAPSHOT API)

java.lang.Object
- java.lang.ClassLoader
- - org.apache.unomi.scripting.SecureFilteringClassLoader

```
public class SecureFilteringClassLoader
extends ClassLoader
```
A class loader that uses a allow list and a deny list of classes that it will allow to resolve. This is useful for providing proper sandboxing to scripting engine such as MVEL, OGNL or Groovy.

Constructor Summary

Constructors
Constructor and Description
`SecureFilteringClassLoader(ClassLoader delegate)` Sets up the securing filtering class loader, using the default allowed and forbidden classes.
`SecureFilteringClassLoader(Set<String> allowedClasses, Set<String> forbiddenClasses, ClassLoader delegate)` Sets up the secure filtering class loader

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected Class<?>`	`findClass(String name)`
`Class<?>`	`loadClass(String name)`
`protected Class<?>`	`loadClass(String name, boolean resolve)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SecureFilteringClassLoader
```
public SecureFilteringClassLoader(ClassLoader delegate)
```
    Sets up the securing filtering class loader, using the default allowed and forbidden classes. By default the
    
    Parameters:
    
    delegate - the class loader we delegate to if the filtering was not applied.
  - SecureFilteringClassLoader
```
public SecureFilteringClassLoader(Set<String> allowedClasses,
                                  Set<String> forbiddenClasses,
                                  ClassLoader delegate)
```
    Sets up the secure filtering class loader
    
    Parameters:
    
    allowedClasses - the list of allowed FQN class names, or if this filtering is to be deactivated, pass null. if you want to allow no class, pass an empty hashset
    
    forbiddenClasses - the list of forbidden FQN class names, or if this filtering is to be deactivated, pass null or an empty set
    
    delegate - the class loader we delegate to if the filtering was not applied.
- Method Detail
  - loadClass
```
public Class<?> loadClass(String name)
                   throws ClassNotFoundException
```
    Overrides:
    
    loadClass in class ClassLoader
    
    Throws:
    
    ClassNotFoundException
  - loadClass
```
protected Class<?> loadClass(String name,
                             boolean resolve)
                      throws ClassNotFoundException
```
    Overrides:
    
    loadClass in class ClassLoader
    
    Throws:
    
    ClassNotFoundException
  - findClass
```
protected Class<?> findClass(String name)
                      throws ClassNotFoundException
```
    Overrides:
    
    findClass in class ClassLoader
    
    Throws:
    
    ClassNotFoundException

Class SecureFilteringClassLoader

Constructor Summary

Method Summary

Methods inherited from class java.lang.ClassLoader

Methods inherited from class java.lang.Object

Constructor Detail

SecureFilteringClassLoader

SecureFilteringClassLoader

Method Detail

loadClass

loadClass

findClass