Example: Add SpEL Java classes to the allowed list
When you develop policies, you can use SpEL expressions in your deployment packages. Configure the Java classes used during SpEL expression evaluation by adding classes to the allowed list.
When using embedded PDP mode, the policy engine allows use of the following classes by default.
java.lang.String java.util.Date java.util.UUID java.lang.Integer java.lang.Long java.lang.Double java.lang.Byte java.lang.Math java.lang.Boolean java.time.LocalDate java.time.LocalTime java.time.LocalDateTime java.time.ZonedDateTime java.time.DayOfWeek java.time.Instant java.time.temporal.ChronoUnit java.text.SimpleDateFormat java.util.Collections
Use dsconfig
or the administrative console to add non-standard classes to the allowed list. In the administrative console, you can find SpEL allowed classes in the Policy Decision Service configuration.
Example
The following example shows how to add the java.time.format.DateTimeFormatter
and java.util.Base64
classes to the allowed list. Run dsconfig
with the set-policy-decision-service-prop
option.
dsconfig set-policy-decision-service-prop \ --set spel-allowed-class:java.time.format.DateTimeFormatter \ --set spel-allowed-class:java.util.Base64
After you add non-standard classes to the allowed list, you must make them available on the server classpath at server start. |
The following example shows how to add .jar
files containing the classes to the lib
folder and restart the server.
cd <paz-instance-root> cp <jar-file-dir>/addl-spel-classes.jar lib bin/stop-server -R