Class SourceSecurity
Whether it's a condition (LHS), or rule action (RHS), or both, Evrete rule engine heavily relies on compiling Java sources on the fly or building rules from external Java classes. To prevent potential malicious rules authored by third-parties, generated rule sources are split into three categories, each having its own security permissions.
The RuleScope.LHS scope holds all permissions related to the evaluation of literal conditions
and field values. For example, if evaluation of a condition requires file or network access,
necessary permissions should be added to this scope before the condition is compiled.
The RuleScope.RHS scope holds all permissions related to the action part of a rule (right-hand side)
The RuleScope.BOTH is used when both LHS and RHS sides come from the same source.
-
Method Summary
Modifier and TypeMethodDescriptionaddPermission(RuleScope scope, Permission permission) Adds security permission to protection scope.getProtectionDomain(RuleScope scope) Creates if necessary and returns ProtectionDomain for s security scope
-
Method Details
-
addPermission
Adds security permission to protection scope. Important: when a ProtectionDomain is created in the given scope, the corresponding Permissions becomes locked.
- Parameters:
scope- scope of the permissionpermission- permission to add- Returns:
- self
- Throws:
SecurityException- if the corresponded Permissions object is locked
-
getProtectionDomain
Creates if necessary and returns ProtectionDomain for s security scope
- Parameters:
scope- scope of protection- Returns:
- existing or newly created ProtectionDomain
-