程序包 org.apache.velocity.tools.generic

类 SafeConfig

java.lang.Object
org.apache.velocity.tools.generic.SafeConfig
直接已知子类:
AlternatorTool, ClassTool, CollectionTool, ContextTool, EscapeTool, FieldTool, ImportSupport, ImportTool, LinkTool, LocaleConfig, LogTool, LoopTool, MarkupTool, RenderTool, XmlTool
public class SafeConfig extends Object

Implements common logic and constants for tools which automatically locks down the public void configure(Map params) method after it is called once. This keeps application or session scoped tools thread-safe in templates, which generally have access to the tool after configuration has happened.

It also provides for a separate "safe mode" setting which tells tools to block any functions that may pose a security threat. This, of course, is set to true by default.

Once "locked down", the configure(Map) may still be called, however it will do nothing (unless some subclass is foolish enough to override it and not check if isConfigLocked() before changing configurations. The proper method for subclasses to override is configure(ValueParser) which will only be called by configure(Map) when the isConfigLocked() is false (i.e. the first time only).

从以下版本开始:
VelocityTools 2.0
作者:
Nathan Bubna

  • 字段详细资料

    • LOCK_CONFIG_KEY

      public static final String LOCK_CONFIG_KEY
      The key used for specifying whether or not to prevent templates from reconfiguring this tool. The default is true.
      另请参阅:

    • SAFE_MODE_KEY

      public static final String SAFE_MODE_KEY
      Many tools interested in locking configure() also have other things they wish to secure. This key controls that property. The default value is true, of course.
      另请参阅:

    • LOGGER_NAME_KEY

      public static final String LOGGER_NAME_KEY
      Key used to explicitely specify the logger name
      另请参阅:

    • USE_CLASS_LOGGER_KEY

      public static final String USE_CLASS_LOGGER_KEY
      Key used to specify whether or not tools shall use loggers named after the tools classes.
      另请参阅:

    • log

      protected org.slf4j.Logger log

  • 构造器详细资料

    • SafeConfig

      public SafeConfig()

  • 方法详细资料

    • setLockConfig

      protected void setLockConfig(boolean lock)
      Only allow subclass access to this.
      参数:
      lock - whether to lock config

    • setSafeMode

      protected void setSafeMode(boolean safe)
      Set or clear safe mode.
      参数:
      safe - whether to set safe mode

    • isConfigLocked

      public boolean isConfigLocked()
      Returns true if the configure(Map) method has been locked.
      返回:
      locked status

    • isSafeMode

      public boolean isSafeMode()
      Returns true if this tool is in "safe mode".
      返回:
      safe mode status

    • configure

      public void configure(Map<String,Object> params)
      If isConfigLocked() returns true, then this method does nothing; otherwise, if false, this will create a new ValueParser from the specified Map of params and call configure(ValueParser) with it. Then this will check the parameters itself to find out whether or not the configuration for this tool should be put into safe mode or have its config locked. The safe mode value should be a boolean under the key SAFE_MODE_KEY and the lock value should be a boolean under the key LOCK_CONFIG_KEY.
      参数:
      params - configuration values map

    • configure

      protected void configure(ValueParser values)
      Does the actual configuration. This is protected, so subclasses may share the same ValueParser and call configure at any time, while preventing templates from doing so when configure(Map) is locked.
      参数:
      values - configuration values

    • initLogger

      protected void initLogger(ValueParser params)
      Initialize logger. Default implementation will try to get a Velocity engine from the configuration parameters, then try to use either the configured logger instance, or the configured logger name suffixed by 'tools.<key>'
      参数:
      params - configuration parameters

    • getLog

      protected org.slf4j.Logger getLog()
      Get logger
      返回:
      logger