Menu
▾
▴
[Webmacro-devel] Semantics of class instantiation in set properties
|
From: Tim P. <ti...@pa...> - 2010-02-19 02:09:55
|
Hi, The current semantics of class instantiation in the Setprops directive are a bit odd: If the property org.webmacro.AllowedPackages is null then any class may be instantiated. If it is not empty then it must contain the package of the class you are trying to instantiate. I think that this is a bug. The test TestSetpropsDirective was failing when run through Maven but passing in Eclipse. I have set the Maven tests to fork pertest and all tests pass. However this was a bad smell, so I have fished around and made the test so that they no longer interfere with each other. (Well they are in an order so that they don't) So the current failing test illustrates that we have no restrictions on what classes are instantiated using the setprops directive. I think the desired behavior is for a default set of packages to be allowed (java.util, java.lang, org.webmacro.util) and for these also to be implied packages, ie you can refer to them without a full classname: just using HashMap or Exception If you alter the configuation then you must explicitly specify all packages, including the default. This can be used to disallow even the default packages. If you try to instantiate any other classes that will be disallowed. Does this make sense? Tim PS can't get ant to work on teh build machine (debian etch with ant-optional installed) but all works at home -- We are in dialogue. |