@Override public boolean checkObjectExecutePermission(Class clazz, String methodName) { if (Class.class.isAssignableFrom(clazz) && methodName != null && this.secureClassMethods.contains(methodName)) { return true; } else { return super.checkObjectExecutePermission(clazz, methodName); } } }
/** * init - generates the Introspector. As the setup code * makes sure that the log gets set before this is called, * we can initialize the Introspector using the log object. */ public void init() { String [] badPackages = runtimeServices.getConfiguration() .getStringArray(RuntimeConstants.INTROSPECTOR_RESTRICT_PACKAGES); String [] badClasses = runtimeServices.getConfiguration() .getStringArray(RuntimeConstants.INTROSPECTOR_RESTRICT_CLASSES); introspector = new SecureIntrospectorImpl(badClasses, badPackages, log); }
/** * init - generates the Introspector. As the setup code * makes sure that the log gets set before this is called, * we can initialize the Introspector using the log object. */ public void init() { String [] badPackages = rsvc.getConfiguration() .getStringArray(RuntimeConstants.INTROSPECTOR_RESTRICT_PACKAGES); String [] badClasses = rsvc.getConfiguration() .getStringArray(RuntimeConstants.INTROSPECTOR_RESTRICT_CLASSES); introspector = new SecureIntrospectorImpl(badClasses, badPackages, log); }
/** * Get the Method object corresponding to the given class, name and parameters. * Will check for appropriate execute permissions and return null if the method * is not allowed to be executed. * * @param clazz Class on which method will be called * @param methodName Name of method to be called * @param params array of parameters to method * @return Method object retrieved by Introspector * @throws IllegalArgumentException The parameter passed in were incorrect. */ public Method getMethod(Class clazz, String methodName, Object[] params) throws IllegalArgumentException { if (!checkObjectExecutePermission(clazz, methodName)) { log.warn("Cannot retrieve method {} from object of class {} due to security restrictions." , methodName, clazz.getName()); return null; } else { return super.getMethod(clazz, methodName, params); } }
/** * init - generates the Introspector. As the setup code * makes sure that the log gets set before this is called, * we can initialize the Introspector using the log object. */ public void init() { String [] badPackages = runtimeServices.getConfiguration() .getStringArray(RuntimeConstants.INTROSPECTOR_RESTRICT_PACKAGES); String [] badClasses = runtimeServices.getConfiguration() .getStringArray(RuntimeConstants.INTROSPECTOR_RESTRICT_CLASSES); introspector = new SecureIntrospectorImpl(badClasses, badPackages, log); }
/** * Get the Method object corresponding to the given class, name and parameters. * Will check for appropriate execute permissions and return null if the method * is not allowed to be executed. * * @param clazz Class on which method will be called * @param methodName Name of method to be called * @param params array of parameters to method * @return Method object retrieved by Introspector * @throws IllegalArgumentException The parameter passed in were incorrect. */ public Method getMethod(Class clazz, String methodName, Object[] params) throws IllegalArgumentException { if (!checkObjectExecutePermission(clazz, methodName)) { log.warn("Cannot retrieve method " + methodName + " from object of class " + clazz.getName() + " due to security restrictions."); return null; } else { return super.getMethod(clazz, methodName, params); } }
/** * Get the Method object corresponding to the given class, name and parameters. * Will check for appropriate execute permissions and return null if the method * is not allowed to be executed. * * @param clazz Class on which method will be called * @param methodName Name of method to be called * @param params array of parameters to method * @return Method object retrieved by Introspector * @throws IllegalArgumentException The parameter passed in were incorrect. */ public Method getMethod(Class clazz, String methodName, Object[] params) throws IllegalArgumentException { if (!checkObjectExecutePermission(clazz, methodName)) { log.warn("Cannot retrieve method " + methodName + " from object of class " + clazz.getName() + " due to security restrictions."); return null; } else { return super.getMethod(clazz, methodName, params); } }