001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.commons.beanutils; 018 019import java.beans.IntrospectionException; 020import java.util.Collection; 021import java.util.Collections; 022import java.util.HashSet; 023import java.util.Set; 024 025/** 026 * <p> 027 * A specialized {@code BeanIntrospector} implementation which suppresses some properties. 028 * </p> 029 * <p> 030 * An instance of this class is passed a set with the names of the properties it should 031 * process. During introspection of a bean class it removes all these properties from the 032 * {@link IntrospectionContext}. So effectively, properties added by a different 033 * {@code BeanIntrospector} are removed again. 034 * </p> 035 * 036 * @version $Id$ 037 * @since 1.9.2 038 */ 039public class SuppressPropertiesBeanIntrospector implements BeanIntrospector { 040 041 /** 042 * A specialized instance which is configured to suppress the special {@code class} properties of Java beans. Unintended access to the property 043 * {@code class} (which is common to all Java objects) can be a security risk because it also allows access to the class loader. Adding this instance as 044 * {@code BeanIntrospector} to an instance of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no longer be accessed. 045 */ 046 public static final SuppressPropertiesBeanIntrospector SUPPRESS_CLASS = new SuppressPropertiesBeanIntrospector(Collections.singleton("class")); 047 048 /** 049 * A specialized instance which is configured to suppress the special {@code class} properties of Java beans. Unintended access to the call for 050 * {@code declaringClass} (which is common to all Java {@code enum}) can be a security risk because it also allows access to the class loader. Adding this 051 * instance as {@code BeanIntrospector} to an instance of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no longer be 052 * accessed. 053 */ 054 public static final SuppressPropertiesBeanIntrospector SUPPRESS_DECLARING_CLASS = new SuppressPropertiesBeanIntrospector( 055 Collections.singleton("declaringClass")); 056 057 /** A set with the names of the properties to be suppressed. */ 058 private final Set<String> propertyNames; 059 060 /** 061 * Creates a new instance of {@code SuppressPropertiesBeanIntrospector} and sets the 062 * names of the properties to be suppressed. 063 * 064 * @param propertiesToSuppress the names of the properties to be suppressed (must not 065 * be <b>null</b>) 066 * @throws IllegalArgumentException if the collection with property names is 067 * <b>null</b> 068 */ 069 public SuppressPropertiesBeanIntrospector(final Collection<String> propertiesToSuppress) { 070 if (propertiesToSuppress == null) { 071 throw new IllegalArgumentException("Property names must not be null!"); 072 } 073 074 propertyNames = Collections.unmodifiableSet(new HashSet<String>( 075 propertiesToSuppress)); 076 } 077 078 /** 079 * Returns a (unmodifiable) set with the names of the properties which are suppressed 080 * by this {@code BeanIntrospector}. 081 * 082 * @return a set with the names of the suppressed properties 083 */ 084 public Set<String> getSuppressedProperties() { 085 return propertyNames; 086 } 087 088 /** 089 * {@inheritDoc} This implementation removes all properties from the given context it 090 * is configured for. 091 */ 092 public void introspect(final IntrospectionContext icontext) throws IntrospectionException { 093 for (final String property : getSuppressedProperties()) { 094 icontext.removePropertyDescriptor(property); 095 } 096 } 097}