Package org.pkl.core

Class SecurityManagers

java.lang.Object

org.pkl.core.SecurityManagers

public final class SecurityManagers
extends Object

A provider for SecurityManagers.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SecurityManagers.StandardBuilder

Field Summary

Fields

Modifier and Type	Field	Description
static final List<Pattern>	defaultAllowedModules	Returns the list of module patterns that the default security manager will use to determine if a module import may be resolved.
static final List<Pattern>	defaultAllowedResources	Returns the list of resource patterns that the default security manager will use to determine if an external resource may be read.
static final SecurityManager	defaultManager	Returns a standard security manager with default allowed modules, default allowed resources, default trust levels, and no root directory for modules and resources.
static final Function<URI,Integer>	defaultTrustLevels	Returns the mapping from module URIs to trust levels used by the default security manager.

Method Summary

Modifier and Type	Method	Description
static SecurityManager	standard(List<Pattern> allowedModules, List<Pattern> allowedResources, Function<URI,Integer> trustLevels, @Nullable Path rootDir)	Creates a SecurityManager that determines whether a module can be resolved based on the given list of module URI patterns, whether an external resources can be read based on the given list of resource URI patterns, and whether a module can import another module based on the given module trust levels.
static SecurityManagers.StandardBuilder	standardBuilder()	Creates an unconfigured builder for setting up a standard SecurityManager.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

defaultAllowedModules

public static final List<Pattern> defaultAllowedModules

Returns the list of module patterns that the default security manager will use to determine if a module import may be resolved.

defaultAllowedResources

public static final List<Pattern> defaultAllowedResources

Returns the list of resource patterns that the default security manager will use to determine if an external resource may be read.

defaultTrustLevels

public static final Function<URI,Integer> defaultTrustLevels

Returns the mapping from module URIs to trust levels used by the default security manager.

Trust levels are used to determine whether a module may import another module. Only modules with the same or a lower trust level may be imported.

This mapping supports a fixed set of module URI schemes. Local modules are given a higher trust level than remote modules. For example, a local file may import a remote file, but not the other way around.

defaultManager

public static final SecurityManager defaultManager

Returns a standard security manager with default allowed modules, default allowed resources, default trust levels, and no root directory for modules and resources.

Method Details

standard

public static SecurityManager standard(List<Pattern> allowedModules,
 List<Pattern> allowedResources,
 Function<URI,Integer> trustLevels,
 @Nullable
 @Nullable Path rootDir)

Creates a SecurityManager that determines whether a module can be resolved based on the given list of module URI patterns, whether an external resources can be read based on the given list of resource URI patterns, and whether a module can import another module based on the given module trust levels. A module can only import modules with the same or a lower trust level.

If rootDir is non-null, access to file-based modules and resources is restricted to those located under rootDir. Any symlinks are resolved before this check is performed.

standardBuilder

public static SecurityManagers.StandardBuilder standardBuilder()

Creates an unconfigured builder for setting up a standard SecurityManager.