Skip to content
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -74,11 +74,21 @@ public Evaluator getEvaluator(final SCXML document) {
/** The internal JexlEngine instance to use. */
private transient volatile JexlEngine jexlEngine;

/** Optional: saves user defined packages, which JEXL should allow for evaluation */
private String[] customAllowedClasses;

/** Constructor. */
public JexlEvaluator() {
jexlEngine = getJexlEngine();
}

/** Constructor with further allowed classes or packages. Use an asterix for all classes in a package */
public JexlEvaluator(String... customAllowedClasses) {
Comment thread
Milchreis marked this conversation as resolved.
Outdated
this.customAllowedClasses = customAllowedClasses;
jexlEngine = getJexlEngine();
}


@Override
public String getSupportedDatamodel() {
return SUPPORTED_DATA_MODEL;
Expand Down Expand Up @@ -176,7 +186,7 @@ public Context newContext(final Context parent) {

/**
* Create the internal JexlEngine member during the initialization.
* This method can be overriden to specify more detailed options
* This method can be overridden to specify more detailed options
* into the JexlEngine.
* @return new JexlEngine instance
*/
Expand All @@ -185,7 +195,13 @@ protected JexlEngine createJexlEngine() {
// See javadoc of org.apache.commons.jexl2.JexlEngine#setFunctions(Map<String,Object> funcs) for detail.
final Map<String, Object> funcs = new HashMap<>();
funcs.put(null, JexlBuiltin.class);

JexlPermissions permissions = JexlPermissions.RESTRICTED.compose("org.apache.commons.scxml2.*");

if(customAllowedClasses != null && customAllowedClasses.length > 0) {
Comment thread
Milchreis marked this conversation as resolved.
Outdated
Comment thread
Milchreis marked this conversation as resolved.
Outdated
permissions = permissions.compose(customAllowedClasses);
}

return new JexlBuilder().permissions(permissions).namespaces(funcs).cache(256).create();
}

Expand Down
20 changes: 20 additions & 0 deletions src/test/java/com/custom/Payload.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package com.custom;
Comment thread
Milchreis marked this conversation as resolved.

public class Payload {

private final int id;
private final String someString;

public Payload(int id, String someString) {
this.id = id;
this.someString = someString;
}

public int getId() {
return id;
}

public String getSomeString() {
return someString;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
*/
package org.apache.commons.scxml2.env.jexl;

import com.custom.Payload;
import org.apache.commons.scxml2.Context;
import org.apache.commons.scxml2.Evaluator;
import org.apache.commons.scxml2.SCXMLExpressionException;
Expand Down Expand Up @@ -60,4 +61,17 @@ public void testErrorMessage() {
"JexlEvaluator: Incorrect error message");
}

@Test
void testEvalInCustomClass() throws SCXMLExpressionException {

// Arrange
final Evaluator eval = new JexlEvaluator("com.custom.*");
ctx.set("payload", new Payload(1, "hello"));

// Act
final Object result = eval.evalScript(ctx, "payload.getId()");

// Assert
Assertions.assertEquals(1, result);
}
}