ognl.security

Class OgnlSecurityManager

java.lang.Object

java.lang.SecurityManager

ognl.security.OgnlSecurityManager

public class OgnlSecurityManager
extends SecurityManager

Wraps current security manager with JDK security manager if is inside OgnlRuntime user's methods body execution. Add the `-Dognl.security.manager` to JVM options to enable.

Note: Due to potential performance and concurrency issues, try this only if you afraid your app can have an unknown "expression injection" flaw or you afraid you cannot prevent those in your app's internal sandbox comprehensively e.g. you cannot discover and maintain all attack vectors over time because of many dependencies and also their change over time.

This tries to provide an option to you to enable a security manager that disables any sensitive action e.g. exec and exit even if attacker had a successful "expression injection" in any unknown way into your app. However, also honors previous security manager and policies if any set, as parent, and rolls back to them after method execution finished.

Since:

3.1.24

Author:

Yasser Zamani

Field Summary

Fields inherited from class java.lang.SecurityManager

inCheck

Constructor Summary

Constructors

Constructor and Description
OgnlSecurityManager(SecurityManager parentSecurityManager)

Method Summary

Methods

Modifier and Type	Method and Description
void	checkPermission(Permission perm)
void	checkPermission(Permission perm, Object context)
Long	enter()
void	leave(long token)

Methods inherited from class java.lang.SecurityManager

checkAccept, checkAccess, checkAccess, checkAwtEventQueueAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkExit, checkLink, checkListen, checkMemberAccess, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkSystemClipboardAccess, checkTopLevelWindow, checkWrite, checkWrite, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoader

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OgnlSecurityManager

public OgnlSecurityManager(SecurityManager parentSecurityManager)

Method Detail

checkPermission

public void checkPermission(Permission perm)

Overrides:

checkPermission in class SecurityManager

checkPermission

public void checkPermission(Permission perm,
                   Object context)

Overrides:

checkPermission in class SecurityManager

enter

public Long enter()

leave

public void leave(long token)
           throws SecurityException

Throws:

SecurityException