org.mozilla.javascript
Interface SecuritySupport

All Superinterfaces:
ClassShutter

Deprecated. Since Rhino 1.5 R4 this interface is split into ClassShutter interface with the single ClassShutter.visibleToScripts(String fullClassName) method and the abstract SecurityController class to implement domain-based security restrictions.

For binary compatibility with older code implementing SecuritySupport only to restrict class access via the visibleToScripts method, this interface extends ClassShutter, so to upgrade you code in this case simply replace SecuritySupport by ClassShutter and remove empty implementation of the defineClass, getClassContext and getSecurityDomain methods. Then call Context.setClassShutter(ClassShutter) in place ofContext.setSecuritySupport(SecuritySupport).

The new SecurityController is incompatible with the old security implementation, so if you previously had non-trivial implementation of the defineClass, getClassContext and getSecurityDomain methods, you need to upgrade you code to use the new SecurityController.

public interface SecuritySupport
extends ClassShutter


Method Summary
 boolean visibleToScripts(java.lang.String fullClassName)
          Deprecated. Return true iff the Java class with the given name should be exposed to scripts.
 

Method Detail

visibleToScripts

public boolean visibleToScripts(java.lang.String fullClassName)
Deprecated. 
Description copied from interface: ClassShutter
Return true iff the Java class with the given name should be exposed to scripts.

An embedding may filter which Java classes are exposed through LiveConnect to JavaScript scripts.

Due to the fact that there is no package reflection in Java, this method will also be called with package names. There is no way for Rhino to tell if "Packages.a.b" is a package name or a class that doesn't exist. What Rhino does is attempt to load each segment of "Packages.a.b.c": It first attempts to load class "a", then attempts to load class "a.b", then finally attempts to load class "a.b.c". On a Rhino installation without any ClassShutter set, and without any of the above classes, the expression "Packages.a.b.c" will result in a [JavaPackage a.b.c] and not an error.

With ClassShutter supplied, Rhino will first call visibleToScripts before attempting to look up the class name. If visibleToScripts returns false, the class name lookup is not performed and subsequent Rhino execution assumes the class is not present. So for "java.lang.System.out.println" the lookup of "java.lang.System" is skipped and thus Rhino assumes that "java.lang.System" doesn't exist. So then for "java.lang.System.out", Rhino attempts to load the class "java.lang.System.out" because it assumes that "java.lang.System" is a package name.

Specified by:
visibleToScripts in interface ClassShutter
Following copied from interface: org.mozilla.javascript.ClassShutter
Parameters:
fullClassName - the full name of the class (including the package name, with '.' as a delimiter). For example the standard string class is "java.lang.String"
Returns:
whether or not to reveal this class to scripts