Class OgnlSecurityManager
Add the `-Dognl.security.manager` to JVM options to enable.
Note: Due to potential performance and concurrency issues, try this only if you afraid your app can have an unknown "expression injection" flaw or you afraid you cannot prevent those in your app's internal sandbox comprehensively e.g. you cannot discover and maintain all attack vectors over time because of many dependencies and also their change over time.
This tries to provide an option to you to enable a security manager that disables any sensitive action e.g. exec and exit even if attacker had a successful "expression injection" in any unknown way into your app. However, also honors previous security manager and policies if any set, as parent, and rolls back to them after method execution finished.
- Since:
- 3.1.24
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidcheckPermission(Permission perm) Deprecated.voidcheckPermission(Permission perm, Object context) Deprecated.enter()Deprecated.voidleave(long token) Deprecated.Methods inherited from class SecurityManager
checkAccept, checkAccess, checkAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkExit, checkLink, checkListen, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkWrite, checkWrite, getClassContext, getSecurityContext, getThreadGroup
-
Constructor Details
-
OgnlSecurityManager
Deprecated.
-
-
Method Details
-
checkPermission
Deprecated.- Overrides:
checkPermissionin classSecurityManager
-
checkPermission
Deprecated.- Overrides:
checkPermissionin classSecurityManager
-
enter
Deprecated. -
leave
-