Package com.atlassian.confluence.impl.plugin.web.readonly

Class ReadOnlyWebInterfaceManager

java.lang.Object
com.atlassian.confluence.impl.plugin.web.readonly.ReadOnlyWebInterfaceManager
All Implemented Interfaces:
com.atlassian.plugin.web.api.DynamicWebInterfaceManager, com.atlassian.plugin.web.WebInterfaceManager
public class ReadOnlyWebInterfaceManager extends Object implements com.atlassian.plugin.web.api.DynamicWebInterfaceManager
This class/package was introduced as protection against an SSTI vulnerability which leveraged this class to escalate privileges. Following the removal of DynamicWebInterfaceManager as a public getter from ConfluenceActionSupport, the addition of WebFragmentHelper to both the Struts and Velocity exclusion lists and the introduction of a Velocity method allowlist, this class and its package are redundant and can be deleted.

It was decided to remove this in Confluence 10.0 to reduce risk. I've intentionally avoided annotating this class with @Deprecated to prevent excessive logging when rendering Velocity templates and so as not to confuse marketplace vendors.

Please refer to this PR on how to delete this package when ready.

  • Constructor Details

    • ReadOnlyWebInterfaceManager

      public ReadOnlyWebInterfaceManager(com.atlassian.plugin.web.api.DynamicWebInterfaceManager delegate)

  • Method Details

    • hasSectionsForLocation

      public boolean hasSectionsForLocation(String s)
      Specified by:
      hasSectionsForLocation in interface com.atlassian.plugin.web.WebInterfaceManager

    • getSections

      public List<com.atlassian.plugin.web.api.descriptors.WebSectionModuleDescriptor> getSections(String s)
      Specified by:
      getSections in interface com.atlassian.plugin.web.WebInterfaceManager

    • getDisplayableSections

      public List<com.atlassian.plugin.web.api.descriptors.WebSectionModuleDescriptor> getDisplayableSections(String s, Map<String,Object> map)
      Specified by:
      getDisplayableSections in interface com.atlassian.plugin.web.WebInterfaceManager

    • getItems

      public List<com.atlassian.plugin.web.api.descriptors.WebItemModuleDescriptor> getItems(String s)
      Specified by:
      getItems in interface com.atlassian.plugin.web.WebInterfaceManager

    • getDisplayableItems

      public List<com.atlassian.plugin.web.api.descriptors.WebItemModuleDescriptor> getDisplayableItems(String s, Map<String,Object> map)
      Specified by:
      getDisplayableItems in interface com.atlassian.plugin.web.WebInterfaceManager

    • getWebPanels

      public List<? extends com.atlassian.plugin.web.api.model.WebPanel> getWebPanels(String s)
      Specified by:
      getWebPanels in interface com.atlassian.plugin.web.WebInterfaceManager

    • getDisplayableWebPanels

      public List<? extends com.atlassian.plugin.web.api.model.WebPanel> getDisplayableWebPanels(String s, Map<String,Object> map)
      Specified by:
      getDisplayableWebPanels in interface com.atlassian.plugin.web.WebInterfaceManager

    • getWebPanelDescriptors

      public List<com.atlassian.plugin.web.api.descriptors.WebPanelModuleDescriptor<? extends com.atlassian.plugin.web.api.model.WebPanel>> getWebPanelDescriptors(String s)
      Specified by:
      getWebPanelDescriptors in interface com.atlassian.plugin.web.WebInterfaceManager

    • getDisplayableWebPanelDescriptors

      public List<com.atlassian.plugin.web.api.descriptors.WebPanelModuleDescriptor<? extends com.atlassian.plugin.web.api.model.WebPanel>> getDisplayableWebPanelDescriptors(String s, Map<String,Object> map)
      Specified by:
      getDisplayableWebPanelDescriptors in interface com.atlassian.plugin.web.WebInterfaceManager

    • refresh

      public void refresh()
      Specified by:
      refresh in interface com.atlassian.plugin.web.WebInterfaceManager

    • getWebFragmentHelper

      public com.atlassian.plugin.web.WebFragmentHelper getWebFragmentHelper()
      Specified by:
      getWebFragmentHelper in interface com.atlassian.plugin.web.WebInterfaceManager

    • getWebItems

      public Iterable<com.atlassian.plugin.web.api.WebItem> getWebItems(String s, Map<String,Object> map)
      Specified by:
      getWebItems in interface com.atlassian.plugin.web.api.DynamicWebInterfaceManager

    • getDisplayableWebItems

      public Iterable<com.atlassian.plugin.web.api.WebItem> getDisplayableWebItems(String s, Map<String,Object> map)
      Specified by:
      getDisplayableWebItems in interface com.atlassian.plugin.web.api.DynamicWebInterfaceManager

    • getWebSections

      public Iterable<com.atlassian.plugin.web.api.WebSection> getWebSections(String s, Map<String,Object> map)
      Specified by:
      getWebSections in interface com.atlassian.plugin.web.api.DynamicWebInterfaceManager

    • getDisplayableWebSections

      public Iterable<com.atlassian.plugin.web.api.WebSection> getDisplayableWebSections(String s, Map<String,Object> map)
      Specified by:
      getDisplayableWebSections in interface com.atlassian.plugin.web.api.DynamicWebInterfaceManager