001: package org.apache.velocity.util.introspection;
002:
003: /*
004: * Licensed to the Apache Software Foundation (ASF) under one
005: * or more contributor license agreements. See the NOTICE file
006: * distributed with this work for additional information
007: * regarding copyright ownership. The ASF licenses this file
008: * to you under the Apache License, Version 2.0 (the
009: * "License"); you may not use this file except in compliance
010: * with the License. You may obtain a copy of the License at
011: *
012: * http://www.apache.org/licenses/LICENSE-2.0
013: *
014: * Unless required by applicable law or agreed to in writing,
015: * software distributed under the License is distributed on an
016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017: * KIND, either express or implied. See the License for the
018: * specific language governing permissions and limitations
019: * under the License.
020: */
021:
022: import java.util.Iterator;
023:
024: import org.apache.velocity.runtime.RuntimeConstants;
025: import org.apache.velocity.runtime.RuntimeServices;
026: import org.apache.velocity.util.RuntimeServicesAware;
027:
028: /**
029: * Use a custom introspector that prevents classloader related method
030: * calls. Use this introspector for situations in which template
031: * writers are numerous or untrusted. Specifically, this introspector
032: * prevents creation of arbitrary objects or reflection on objects.
033: *
034: * <p>To use this introspector, set the following property:
035: * <pre>
036: * runtime.introspector.uberspect = org.apache.velocity.util.introspection.SecureUberspector
037: * </pre>
038: *
039: * @author <a href="mailto:wglass@forio.com">Will Glass-Husain</a>
040: * @version $Id: SecureUberspector.java 470261 2006-11-02 07:32:37Z wglass $
041: */
042: public class SecureUberspector extends UberspectImpl implements
043: RuntimeServicesAware {
044: RuntimeServices runtimeServices;
045:
046: public SecureUberspector() {
047: super ();
048: }
049:
050: /**
051: * init - generates the Introspector. As the setup code
052: * makes sure that the log gets set before this is called,
053: * we can initialize the Introspector using the log object.
054: */
055: public void init() {
056: String[] badPackages = runtimeServices
057: .getConfiguration()
058: .getStringArray(
059: RuntimeConstants.INTROSPECTOR_RESTRICT_PACKAGES);
060:
061: String[] badClasses = runtimeServices.getConfiguration()
062: .getStringArray(
063: RuntimeConstants.INTROSPECTOR_RESTRICT_CLASSES);
064:
065: introspector = new SecureIntrospectorImpl(badClasses,
066: badPackages, log);
067: }
068:
069: /**
070: * Get an iterator from the given object. Since the superclass method
071: * this secure version checks for execute permission.
072: *
073: * @param obj object to iterate over
074: * @param i line, column, template info
075: * @return Iterator for object
076: * @throws Exception
077: */
078: public Iterator getIterator(Object obj, Info i) throws Exception {
079: if ((obj != null)
080: && !((SecureIntrospectorControl) introspector)
081: .checkObjectExecutePermission(obj.getClass(),
082: null)) {
083: log.warn("Cannot retrieve iterator from object of class "
084: + obj.getClass().getName()
085: + " due to security restrictions.");
086: return null;
087:
088: } else {
089: return super .getIterator(obj, i);
090: }
091: }
092:
093: /**
094: * Store the RuntimeServices before the object is initialized..
095: * @param rs RuntimeServices object for initialization
096: */
097: public void setRuntimeServices(RuntimeServices rs) {
098: this.runtimeServices = rs;
099: }
100:
101: }
|