Package org.apache.unomi.scripting
Class SecureFilteringClassLoader
- java.lang.Object
-
- java.lang.ClassLoader
-
- org.apache.unomi.scripting.SecureFilteringClassLoader
-
public class SecureFilteringClassLoader extends ClassLoader
A class loader that uses a allow list and a deny list of classes that it will allow to resolve. This is useful for providing proper sandboxing to scripting engine such as MVEL, OGNL or Groovy.
-
-
Constructor Summary
Constructors Constructor Description SecureFilteringClassLoader(ClassLoader delegate)Sets up the securing filtering class loader, using the default allowed and forbidden classes.SecureFilteringClassLoader(Set<String> allowedClasses, Set<String> forbiddenClasses, ClassLoader delegate)Sets up the secure filtering class loader
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected Class<?>findClass(String name)Class<?>loadClass(String name)protected Class<?>loadClass(String name, boolean resolve)-
Methods inherited from class java.lang.ClassLoader
clearAssertionStatus, defineClass, defineClass, defineClass, defineClass, definePackage, findClass, findLibrary, findLoadedClass, findResource, findResource, findResources, findSystemClass, getClassLoadingLock, getDefinedPackage, getDefinedPackages, getName, getPackage, getPackages, getParent, getPlatformClassLoader, getResource, getResourceAsStream, getResources, getSystemClassLoader, getSystemResource, getSystemResourceAsStream, getSystemResources, getUnnamedModule, isRegisteredAsParallelCapable, registerAsParallelCapable, resolveClass, resources, setClassAssertionStatus, setDefaultAssertionStatus, setPackageAssertionStatus, setSigners
-
-
-
-
Constructor Detail
-
SecureFilteringClassLoader
public SecureFilteringClassLoader(ClassLoader delegate)
Sets up the securing filtering class loader, using the default allowed and forbidden classes. By default the- Parameters:
delegate- the class loader we delegate to if the filtering was not applied.
-
SecureFilteringClassLoader
public SecureFilteringClassLoader(Set<String> allowedClasses, Set<String> forbiddenClasses, ClassLoader delegate)
Sets up the secure filtering class loader- Parameters:
allowedClasses- the list of allowed FQN class names, or if this filtering is to be deactivated, pass null. if you want to allow no class, pass an empty hashsetforbiddenClasses- the list of forbidden FQN class names, or if this filtering is to be deactivated, pass null or an empty setdelegate- the class loader we delegate to if the filtering was not applied.
-
-
Method Detail
-
loadClass
public Class<?> loadClass(String name) throws ClassNotFoundException
- Overrides:
loadClassin classClassLoader- Throws:
ClassNotFoundException
-
loadClass
protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException
- Overrides:
loadClassin classClassLoader- Throws:
ClassNotFoundException
-
findClass
protected Class<?> findClass(String name) throws ClassNotFoundException
- Overrides:
findClassin classClassLoader- Throws:
ClassNotFoundException
-
-