|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
ClassShutter
interface with the single ClassShutter.visibleToScripts(String fullClassName)
method and the abstract SecurityController
class to implement domain-based security restrictions.
For binary compatibility with older code implementing SecuritySupport only to restrict class access via the visibleToScripts method, this interface extends ClassShutter
, so to upgrade you code in this case simply replace SecuritySupport by ClassShutter and remove empty implementation of the defineClass, getClassContext and getSecurityDomain methods. Then call Context.setClassShutter(ClassShutter)
in place ofContext.setSecuritySupport(SecuritySupport)
.
The new SecurityController
is incompatible with the old security implementation, so if you previously had non-trivial implementation of the defineClass, getClassContext and getSecurityDomain methods, you need to upgrade you code to use the new SecurityController
.
Method Summary | |
boolean |
visibleToScripts(java.lang.String fullClassName)
Deprecated. Return true iff the Java class with the given name should be exposed to scripts. |
Method Detail |
public boolean visibleToScripts(java.lang.String fullClassName)
ClassShutter
An embedding may filter which Java classes are exposed through LiveConnect to JavaScript scripts.
Due to the fact that there is no package reflection in Java, this method will also be called with package names. There is no way for Rhino to tell if "Packages.a.b" is a package name or a class that doesn't exist. What Rhino does is attempt to load each segment of "Packages.a.b.c": It first attempts to load class "a", then attempts to load class "a.b", then finally attempts to load class "a.b.c". On a Rhino installation without any ClassShutter set, and without any of the above classes, the expression "Packages.a.b.c" will result in a [JavaPackage a.b.c] and not an error.
With ClassShutter supplied, Rhino will first call visibleToScripts before attempting to look up the class name. If visibleToScripts returns false, the class name lookup is not performed and subsequent Rhino execution assumes the class is not present. So for "java.lang.System.out.println" the lookup of "java.lang.System" is skipped and thus Rhino assumes that "java.lang.System" doesn't exist. So then for "java.lang.System.out", Rhino attempts to load the class "java.lang.System.out" because it assumes that "java.lang.System" is a package name.
visibleToScripts
in interface ClassShutter
org.mozilla.javascript.ClassShutter
fullClassName
- the full name of the class (including the package
name, with '.' as a delimiter). For example the
standard string class is "java.lang.String"
|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |