Package org.pkl.core

Class SecurityManagers

  • public final class SecurityManagers
extends java.lang.Object
    A provider for SecurityManagers.

    • Field Detail

      • defaultAllowedModules

        public static final java.util.List<java.util.regex.Pattern> defaultAllowedModules
        Returns the list of module patterns that the default security manager will use to determine if a module import may be resolved.

      • defaultAllowedResources

        public static final java.util.List<java.util.regex.Pattern> defaultAllowedResources
        Returns the list of resource patterns that the default security manager will use to determine if an external resource may be read.

      • defaultTrustLevels

        public static final java.util.function.Function<java.net.URI,​java.lang.Integer> defaultTrustLevels
        Returns the mapping from module URIs to trust levels used by the default security manager.

        Trust levels are used to determine whether a module may import another module. Only modules with the same or a lower trust level may be imported.

        This mapping supports a fixed set of module URI schemes. Local modules are given a higher trust level than remote modules. For example, a local file may import a remote file, but not the other way around.

    • Method Detail

      • standard

        public static SecurityManager standard​(java.util.List<java.util.regex.Pattern> allowedModules,
                                       java.util.List<java.util.regex.Pattern> allowedResources,
                                       java.util.function.Function<java.net.URI,​java.lang.Integer> trustLevels,
                                       @Nullable java.nio.file.Path rootDir)
        Creates a SecurityManager that determines whether a module can be resolved based on the given list of module URI patterns, whether an external resources can be read based on the given list of resource URI patterns, and whether a module can import another module based on the given module trust levels. A module can only import modules with the same or a lower trust level.

        If rootDir is non-null, access to file-based modules and resources is restricted to those located under rootDir. Any symlinks are resolved before this check is performed.