001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.commons.beanutils; 018 019import java.beans.IntrospectionException; 020import java.util.Collection; 021import java.util.Collections; 022import java.util.HashSet; 023import java.util.Set; 024 025/** 026 * <p> 027 * A specialized {@code BeanIntrospector} implementation which suppresses some properties. 028 * </p> 029 * <p> 030 * An instance of this class is passed a set with the names of the properties it should 031 * process. During introspection of a bean class it removes all these properties from the 032 * {@link IntrospectionContext}. So effectively, properties added by a different 033 * {@code BeanIntrospector} are removed again. 034 * </p> 035 * 036 * @since 1.9.2 037 */ 038public class SuppressPropertiesBeanIntrospector implements BeanIntrospector { 039 /** 040 * A specialized instance which is configured to suppress the special {@code class} 041 * properties of Java beans. Unintended access to the property {@code class} (which is 042 * common to all Java objects) can be a security risk because it also allows access to 043 * the class loader. Adding this instance as {@code BeanIntrospector} to an instance 044 * of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no 045 * longer be accessed. 046 */ 047 public static final SuppressPropertiesBeanIntrospector SUPPRESS_CLASS = 048 new SuppressPropertiesBeanIntrospector(Collections.singleton("class")); 049 050 /** A set with the names of the properties to be suppressed. */ 051 private final Set<String> propertyNames; 052 053 /** 054 * Creates a new instance of {@code SuppressPropertiesBeanIntrospector} and sets the 055 * names of the properties to be suppressed. 056 * 057 * @param propertiesToSuppress the names of the properties to be suppressed (must not 058 * be <strong>null</strong>) 059 * @throws IllegalArgumentException if the collection with property names is 060 * <strong>null</strong> 061 */ 062 public SuppressPropertiesBeanIntrospector(final Collection<String> propertiesToSuppress) { 063 if (propertiesToSuppress == null) { 064 throw new IllegalArgumentException("Property names must not be null!"); 065 } 066 067 propertyNames = Collections.unmodifiableSet(new HashSet<>( 068 propertiesToSuppress)); 069 } 070 071 /** 072 * Returns a (unmodifiable) set with the names of the properties which are suppressed 073 * by this {@code BeanIntrospector}. 074 * 075 * @return a set with the names of the suppressed properties 076 */ 077 public Set<String> getSuppressedProperties() { 078 return propertyNames; 079 } 080 081 /** 082 * {@inheritDoc} This implementation removes all properties from the given context it 083 * is configured for. 084 */ 085 @Override 086 public void introspect(final IntrospectionContext icontext) throws IntrospectionException { 087 for (final String property : getSuppressedProperties()) { 088 icontext.removePropertyDescriptor(property); 089 } 090 } 091}