Class SafeConfig
- java.lang.Object
-
- org.apache.velocity.tools.generic.SafeConfig
-
- Direct Known Subclasses:
AbstractLockConfig
,AlternatorTool
,ClassTool
,ContextTool
,EscapeTool
,FieldTool
,LinkTool
,LocaleConfig
,MarkupTool
,RenderTool
,XmlTool
public class SafeConfig extends java.lang.Object
Implements common logic and constants for tools which automatically locks down the
public void configure(Map params)
method after it is called once. This keeps application or session scoped tools thread-safe in templates, which generally have access to the tool after configuration has happened.It also provides for a separate "safe mode" setting which tells tools to block any functions that may pose a security threat. This, of course, is set to
true
by default.Once "locked down", the
configure(Map)
may still be called, however it will do nothing (unless some subclass is foolish enough to override it and not check ifisConfigLocked()
before changing configurations. The proper method for subclasses to override isconfigure(ValueParser)
which will only be called byconfigure(Map)
when theisConfigLocked()
is false (i.e. the first time only).- Since:
- VelocityTools 2.0
- Author:
- Nathan Bubna
-
-
Field Summary
Fields Modifier and Type Field Description private boolean
configLocked
static java.lang.String
LOCK_CONFIG_KEY
The key used for specifying whether or not to prevent templates from reconfiguring this tool.static java.lang.String
OLD_LOCK_CONFIG_KEY
Deprecated.static java.lang.String
SAFE_MODE_KEY
Many tools interested in locking configure() also have other things they wish to secure.private boolean
safeMode
-
Constructor Summary
Constructors Constructor Description SafeConfig()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
configure(java.util.Map params)
IfisConfigLocked()
returnstrue
, then this method does nothing; otherwise, iffalse
, this will create a newValueParser
from the specified Map of params and callconfigure(ValueParser)
with it.protected void
configure(ValueParser values)
Does the actual configuration.boolean
isConfigLocked()
Returnstrue
if theconfigure(Map)
method has been locked.boolean
isSafeMode()
Returnstrue
if this tool is in "safe mode".protected void
setLockConfig(boolean lock)
Only allow subclass access to this.protected void
setSafeMode(boolean safe)
-
-
-
Field Detail
-
LOCK_CONFIG_KEY
public static final java.lang.String LOCK_CONFIG_KEY
The key used for specifying whether or not to prevent templates from reconfiguring this tool. The default is true.- See Also:
- Constant Field Values
-
OLD_LOCK_CONFIG_KEY
@Deprecated public static final java.lang.String OLD_LOCK_CONFIG_KEY
Deprecated.- See Also:
- Constant Field Values
-
SAFE_MODE_KEY
public static final java.lang.String SAFE_MODE_KEY
Many tools interested in locking configure() also have other things they wish to secure. This key controls that property. The default value is true, of course.- See Also:
- Constant Field Values
-
configLocked
private boolean configLocked
-
safeMode
private boolean safeMode
-
-
Method Detail
-
setLockConfig
protected void setLockConfig(boolean lock)
Only allow subclass access to this.
-
setSafeMode
protected void setSafeMode(boolean safe)
-
isConfigLocked
public boolean isConfigLocked()
Returnstrue
if theconfigure(Map)
method has been locked.
-
isSafeMode
public boolean isSafeMode()
Returnstrue
if this tool is in "safe mode".
-
configure
public void configure(java.util.Map params)
IfisConfigLocked()
returnstrue
, then this method does nothing; otherwise, iffalse
, this will create a newValueParser
from the specified Map of params and callconfigure(ValueParser)
with it. Then this will check the parameters itself to find out whether or not the configuration for this tool should be put into safe mode or have its config locked. The safe mode value should be a boolean under the keySAFE_MODE_KEY
and the lock value should be a boolean under the keyLOCK_CONFIG_KEY
.
-
configure
protected void configure(ValueParser values)
Does the actual configuration. This is protected, so subclasses may share the same ValueParser and call configure at any time, while preventing templates from doing so when configure(Map) is locked.
-
-