001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * https://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.commons.beanutils; 018 019import java.beans.IntrospectionException; 020import java.util.Collection; 021import java.util.Collections; 022import java.util.HashSet; 023import java.util.Set; 024 025/** 026 * <p> 027 * A specialized {@code BeanIntrospector} implementation which suppresses some properties. 028 * </p> 029 * <p> 030 * An instance of this class is passed a set with the names of the properties it should 031 * process. During introspection of a bean class it removes all these properties from the 032 * {@link IntrospectionContext}. So effectively, properties added by a different 033 * {@code BeanIntrospector} are removed again. 034 * </p> 035 * 036 * @since 1.9.2 037 */ 038public class SuppressPropertiesBeanIntrospector implements BeanIntrospector { 039 040 /** 041 * A specialized instance which is configured to suppress the special {@code class} properties of Java beans. Unintended access to the property 042 * {@code class} (which is common to all Java objects) can be a security risk because it also allows access to the class loader. Adding this instance as 043 * {@code BeanIntrospector} to an instance of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no longer be accessed. 044 */ 045 public static final SuppressPropertiesBeanIntrospector SUPPRESS_CLASS = new SuppressPropertiesBeanIntrospector(Collections.singleton("class")); 046 047 /** 048 * A specialized instance which is configured to suppress the special {@code class} properties of Java beans. Unintended access to the call for 049 * {@code declaringClass} (which is common to all Java {@code enum}) can be a security risk because it also allows access to the class loader. Adding this 050 * instance as {@code BeanIntrospector} to an instance of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no longer be 051 * accessed. 052 * 053 * @since 1.11.0 054 */ 055 public static final SuppressPropertiesBeanIntrospector SUPPRESS_DECLARING_CLASS = new SuppressPropertiesBeanIntrospector( 056 Collections.singleton("declaringClass")); 057 058 /** A set with the names of the properties to be suppressed. */ 059 private final Set<String> propertyNames; 060 061 /** 062 * Creates a new instance of {@code SuppressPropertiesBeanIntrospector} and sets the 063 * names of the properties to be suppressed. 064 * 065 * @param propertiesToSuppress the names of the properties to be suppressed (must not 066 * be <strong>null</strong>) 067 * @throws IllegalArgumentException if the collection with property names is 068 * <strong>null</strong> 069 */ 070 public SuppressPropertiesBeanIntrospector(final Collection<String> propertiesToSuppress) { 071 if (propertiesToSuppress == null) { 072 throw new IllegalArgumentException("Property names must not be null!"); 073 } 074 075 propertyNames = Collections.unmodifiableSet(new HashSet<>( 076 propertiesToSuppress)); 077 } 078 079 /** 080 * Returns a (unmodifiable) set with the names of the properties which are suppressed 081 * by this {@code BeanIntrospector}. 082 * 083 * @return a set with the names of the suppressed properties 084 */ 085 public Set<String> getSuppressedProperties() { 086 return propertyNames; 087 } 088 089 /** 090 * {@inheritDoc} This implementation removes all properties from the given context it 091 * is configured for. 092 */ 093 @Override 094 public void introspect(final IntrospectionContext icontext) throws IntrospectionException { 095 for (final String property : getSuppressedProperties()) { 096 icontext.removePropertyDescriptor(property); 097 } 098 } 099}