001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.commons.beanutils;
018
019import java.beans.IntrospectionException;
020import java.util.Collection;
021import java.util.Collections;
022import java.util.HashSet;
023import java.util.Set;
024
025/**
026 * <p>
027 * A specialized {@code BeanIntrospector} implementation which suppresses some properties.
028 * </p>
029 * <p>
030 * An instance of this class is passed a set with the names of the properties it should
031 * process. During introspection of a bean class it removes all these properties from the
032 * {@link IntrospectionContext}. So effectively, properties added by a different
033 * {@code BeanIntrospector} are removed again.
034 * </p>
035 *
036 * @since 1.9.2
037 */
038public class SuppressPropertiesBeanIntrospector implements BeanIntrospector {
039    /**
040     * A specialized instance which is configured to suppress the special {@code class}
041     * properties of Java beans. Unintended access to the property {@code class} (which is
042     * common to all Java objects) can be a security risk because it also allows access to
043     * the class loader. Adding this instance as {@code BeanIntrospector} to an instance
044     * of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no
045     * longer be accessed.
046     */
047    public static final SuppressPropertiesBeanIntrospector SUPPRESS_CLASS =
048            new SuppressPropertiesBeanIntrospector(Collections.singleton("class"));
049
050    /** A set with the names of the properties to be suppressed. */
051    private final Set<String> propertyNames;
052
053    /**
054     * Creates a new instance of {@code SuppressPropertiesBeanIntrospector} and sets the
055     * names of the properties to be suppressed.
056     *
057     * @param propertiesToSuppress the names of the properties to be suppressed (must not
058     * be <strong>null</strong>)
059     * @throws IllegalArgumentException if the collection with property names is
060     * <strong>null</strong>
061     */
062    public SuppressPropertiesBeanIntrospector(final Collection<String> propertiesToSuppress) {
063        if (propertiesToSuppress == null) {
064            throw new IllegalArgumentException("Property names must not be null!");
065        }
066
067        propertyNames = Collections.unmodifiableSet(new HashSet<>(
068                propertiesToSuppress));
069    }
070
071    /**
072     * Returns a (unmodifiable) set with the names of the properties which are suppressed
073     * by this {@code BeanIntrospector}.
074     *
075     * @return a set with the names of the suppressed properties
076     */
077    public Set<String> getSuppressedProperties() {
078        return propertyNames;
079    }
080
081    /**
082     * {@inheritDoc} This implementation removes all properties from the given context it
083     * is configured for.
084     */
085    @Override
086    public void introspect(final IntrospectionContext icontext) throws IntrospectionException {
087        for (final String property : getSuppressedProperties()) {
088            icontext.removePropertyDescriptor(property);
089        }
090    }
091}