Package org.pkl.core
Interface SecurityManager
public interface SecurityManager
Enforces a security model during
evaluation.
Use SecurityManagers to obtain or construct an instance of this type.
-
Method Summary
Modifier and TypeMethodDescriptionvoidcheckImportModule(URI importingModule, URI importedModule) Checks if the given importing module may import the given imported module.voidcheckReadResource(URI resource) Checks if the given resource may be read.voidcheckResolveModule(URI uri) Checks if the given module may be resolved.voidcheckResolveResource(URI resource) Checks if the given resource may be resolved.resolveSecurePath(URI uri) Resolves the givenfile:URI to a secure, symlink-free path that has been verified to be within the root directory (if one is configured).
-
Method Details
-
checkResolveModule
Checks if the given module may be resolved. This check is required before any attempt is made to access the given URI.- Throws:
SecurityManagerException
-
checkImportModule
Checks if the given importing module may import the given imported module.- Throws:
SecurityManagerException
-
checkReadResource
Checks if the given resource may be read.- Throws:
SecurityManagerException
-
checkResolveResource
Checks if the given resource may be resolved. This check is required before any attempt is made to access the given URI.- Throws:
SecurityManagerException
-
resolveSecurePath
@Nullable default @Nullable Path resolveSecurePath(URI uri) throws SecurityManagerException, IOException Resolves the givenfile:URI to a secure, symlink-free path that has been verified to be within the root directory (if one is configured). The returned path can be opened withLinkOption.NOFOLLOW_LINKS.Returns
nullfor non-file:URIs or if no root directory is configured.- Parameters:
uri- the URI to resolve- Returns:
- the resolved, symlink-free path under root directory, or
null - Throws:
SecurityManagerException- if the resolved path is not within the root directoryIOException- if the path cannot be resolved
-