DefaultExprSecurityPolicy (Oracle Fusion Middleware Java API Reference for Oracle ADF Model)

Overview

Package

Class

Tree

Deprecated

Index

Help

Oracle Fusion Middleware Java API Reference for Oracle ADF Model
11g Release 1 (11.1.1.6.0)
E10653-07

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

oracle.jbo.script
Class DefaultExprSecurityPolicy

java.lang.Object
  oracle.jbo.script.ExprSecurityPolicy
      oracle.jbo.script.DefaultExprSecurityPolicy

public class DefaultExprSecurityPolicy
extends ExprSecurityPolicy
extends ExprSecurityPolicy

The default security policy for untrusted expressions. The check methods in this class will be called at design time, compile time and runtime by the security infrastructure. Extend this class to customize the behavoir of ADFm's security handling of untrusted expressions.

Constructor Summary
`DefaultExprSecurityPolicy()`

Method Summary
`protected boolean`	`checkConstructor(java.lang.Class clazz)` Check if a given class can be constructed.
`protected boolean`	`checkMethod(java.lang.Class clazz, java.lang.String method)` Check if a given class has permission to execute a given method.
`protected boolean`	`checkMethod(java.lang.Object object, java.lang.Object methodObj, java.lang.Object args)` Check if a given object can execute the given method with the given arguments.
`protected boolean`	`checkProperty(java.lang.Object obj, java.lang.String property, java.lang.Boolean readOnly)` Check if a given property can be accessed on the given object.
`protected boolean`	`checkScriptMethod(java.lang.Object object, java.lang.String functionName)` Check if a given function can be invoked in the context of the given object.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

DefaultExprSecurityPolicy

public DefaultExprSecurityPolicy()

Method Detail

checkMethod

protected boolean checkMethod(java.lang.Object object,
                              java.lang.Object methodObj,
                              java.lang.Object args)

Check if a given object can execute the given method with the given arguments. This method will only be called at runtime. The default implementation simply calls checkMethod(Class, String)

Specified by:: checkMethod in class ExprSecurityPolicy

Parameters:: object - The object whose method will be called.; methodObj - The name of the method to call.; args - A argument, or array of arguments, which will be used on the method.
Returns:: true if checks pass, false (or a thrown exception) if checks fail.
See Also:: checkMethod(Class, String)

checkScriptMethod

protected boolean checkScriptMethod(java.lang.Object object,
                                    java.lang.String functionName)

Check if a given function can be invoked in the context of the given object. This method may be called at design time, in addition to runtime. The default implementation will always return true.

Specified by:: checkScriptMethod in class ExprSecurityPolicy

Parameters:: object - The context in which the function is invoked.; functionName - The invoked function's name
Returns:: true if checks pass, false (or a thrown exception) if checks fail.

checkMethod

protected boolean checkMethod(java.lang.Class clazz,
                              java.lang.String method)

Check if a given class has permission to execute a given method. This method may be called at design time, in addition to runtime. Whether a method is allowed is determined by checking against a static list of allowed methods, and looking for the presence of the AllowUntrustedScriptAccess annotation.

Specified by:: checkMethod in class ExprSecurityPolicy

Parameters:: clazz -; method -
Returns:: true if checks pass, false (or a thrown exception) if checks fail.
See Also:: AllowUntrustedScriptAccess

checkProperty

protected boolean checkProperty(java.lang.Object obj,
                                java.lang.String property,
                                java.lang.Boolean readOnly)

Check if a given property can be accessed on the given object. This method will only be called at runtime. The default implementation will return true if:

The property is a public final field of obj
The property is an attribute of Row obj
The property corresponds to a getter or setter of obj, depending on the value of readOnly

Specified by:: checkProperty in class ExprSecurityPolicy

Parameters:: obj - The object on which the property will act.; property - The property to be accessed.; readOnly - true if the property is used in a read context, false if called in a write context, or null if the context cannot be reliably determined.
Returns:: true if checks pass, false (or a thrown exception) if checks fail.

checkConstructor

protected boolean checkConstructor(java.lang.Class clazz)

Check if a given class can be constructed. This method may be called at design time, in addition to runtime. Whether a constructor is allowed is determined by checking against a static list of allowed constructors, and looking for the presence of the AllowUntrustedScriptAccess annotation.

Specified by:: checkConstructor in class ExprSecurityPolicy

Parameters:: clazz - The class to be constructed.
Returns:: true if checks pass, false (or a thrown exception) if checks fail.
See Also:: AllowUntrustedScriptAccess

Overview

Package

Class

Tree

Deprecated

Index

Help

Oracle Fusion Middleware Java API Reference for Oracle ADF Model
11g Release 1 (11.1.1.6.0)
E10653-07

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

oracle.jbo.script Class DefaultExprSecurityPolicy

DefaultExprSecurityPolicy

checkMethod

checkScriptMethod

checkMethod

checkProperty

checkConstructor

oracle.jbo.script
Class DefaultExprSecurityPolicy