类 SafeConfig

java.lang.Object
org.apache.velocity.tools.generic.SafeConfig
直接已知子类:
AbstractLockConfig, AlternatorTool, ClassTool, ContextTool, EscapeTool, FieldTool, LinkTool, LocaleConfig, MarkupTool, RenderTool, XmlTool

public class SafeConfig extends Object

Implements common logic and constants for tools which automatically locks down the public void configure(Map params) method after it is called once. This keeps application or session scoped tools thread-safe in templates, which generally have access to the tool after configuration has happened.

It also provides for a separate "safe mode" setting which tells tools to block any functions that may pose a security threat. This, of course, is set to true by default.

Once "locked down", the configure(Map) may still be called, however it will do nothing (unless some subclass is foolish enough to override it and not check if isConfigLocked() before changing configurations. The proper method for subclasses to override is configure(ValueParser) which will only be called by configure(Map) when the isConfigLocked() is false (i.e. the first time only).

从以下版本开始:
VelocityTools 2.0
作者:
Nathan Bubna
  • 字段详细资料

    • LOCK_CONFIG_KEY

      public static final String LOCK_CONFIG_KEY
      The key used for specifying whether or not to prevent templates from reconfiguring this tool. The default is true.
      另请参阅:
    • OLD_LOCK_CONFIG_KEY

      @Deprecated public static final String OLD_LOCK_CONFIG_KEY
      已过时。
      另请参阅:
    • SAFE_MODE_KEY

      public static final String SAFE_MODE_KEY
      Many tools interested in locking configure() also have other things they wish to secure. This key controls that property. The default value is true, of course.
      另请参阅:
    • configLocked

      private boolean configLocked
    • safeMode

      private boolean safeMode
  • 构造器详细资料

    • SafeConfig

      public SafeConfig()
  • 方法详细资料

    • setLockConfig

      protected void setLockConfig(boolean lock)
      Only allow subclass access to this.
    • setSafeMode

      protected void setSafeMode(boolean safe)
    • isConfigLocked

      public boolean isConfigLocked()
      Returns true if the configure(Map) method has been locked.
    • isSafeMode

      public boolean isSafeMode()
      Returns true if this tool is in "safe mode".
    • configure

      public void configure(Map params)
      If isConfigLocked() returns true, then this method does nothing; otherwise, if false, this will create a new ValueParser from the specified Map of params and call configure(ValueParser) with it. Then this will check the parameters itself to find out whether or not the configuration for this tool should be put into safe mode or have its config locked. The safe mode value should be a boolean under the key SAFE_MODE_KEY and the lock value should be a boolean under the key LOCK_CONFIG_KEY.
    • configure

      protected void configure(ValueParser values)
      Does the actual configuration. This is protected, so subclasses may share the same ValueParser and call configure at any time, while preventing templates from doing so when configure(Map) is locked.