001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      https://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.commons.beanutils;
018
019import java.beans.IntrospectionException;
020import java.util.Collection;
021import java.util.Collections;
022import java.util.HashSet;
023import java.util.Set;
024
025/**
026 * <p>
027 * A specialized {@code BeanIntrospector} implementation which suppresses some properties.
028 * </p>
029 * <p>
030 * An instance of this class is passed a set with the names of the properties it should
031 * process. During introspection of a bean class it removes all these properties from the
032 * {@link IntrospectionContext}. So effectively, properties added by a different
033 * {@code BeanIntrospector} are removed again.
034 * </p>
035 *
036 * @since 1.9.2
037 */
038public class SuppressPropertiesBeanIntrospector implements BeanIntrospector {
039
040    /**
041     * A specialized instance which is configured to suppress the special {@code class} properties of Java beans. Unintended access to the property
042     * {@code class} (which is common to all Java objects) can be a security risk because it also allows access to the class loader. Adding this instance as
043     * {@code BeanIntrospector} to an instance of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no longer be accessed.
044     */
045    public static final SuppressPropertiesBeanIntrospector SUPPRESS_CLASS = new SuppressPropertiesBeanIntrospector(Collections.singleton("class"));
046
047    /**
048     * A specialized instance which is configured to suppress the special {@code class} properties of Java beans. Unintended access to the call for
049     * {@code declaringClass} (which is common to all Java {@code enum}) can be a security risk because it also allows access to the class loader. Adding this
050     * instance as {@code BeanIntrospector} to an instance of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no longer be
051     * accessed.
052     *
053     * @since 1.11.0
054     */
055    public static final SuppressPropertiesBeanIntrospector SUPPRESS_DECLARING_CLASS = new SuppressPropertiesBeanIntrospector(
056            Collections.singleton("declaringClass"));
057
058    /** A set with the names of the properties to be suppressed. */
059    private final Set<String> propertyNames;
060
061    /**
062     * Creates a new instance of {@code SuppressPropertiesBeanIntrospector} and sets the
063     * names of the properties to be suppressed.
064     *
065     * @param propertiesToSuppress the names of the properties to be suppressed (must not
066     * be <strong>null</strong>)
067     * @throws IllegalArgumentException if the collection with property names is
068     * <strong>null</strong>
069     */
070    public SuppressPropertiesBeanIntrospector(final Collection<String> propertiesToSuppress) {
071        if (propertiesToSuppress == null) {
072            throw new IllegalArgumentException("Property names must not be null!");
073        }
074
075        propertyNames = Collections.unmodifiableSet(new HashSet<>(
076                propertiesToSuppress));
077    }
078
079    /**
080     * Returns a (unmodifiable) set with the names of the properties which are suppressed
081     * by this {@code BeanIntrospector}.
082     *
083     * @return a set with the names of the suppressed properties
084     */
085    public Set<String> getSuppressedProperties() {
086        return propertyNames;
087    }
088
089    /**
090     * {@inheritDoc} This implementation removes all properties from the given context it
091     * is configured for.
092     */
093    @Override
094    public void introspect(final IntrospectionContext icontext) throws IntrospectionException {
095        for (final String property : getSuppressedProperties()) {
096            icontext.removePropertyDescriptor(property);
097        }
098    }
099}