How about this:
I am new to jython, so please let me know if I am missing something
critical - it seems too easy.
I have not tested this solution extensively, but it should work:
Before you want to run the user's script call this code:
>>> oldimp = __import__
>>> def secureImport(name, globals=None,locals=None,fromlist=None):
... if name in ('xml','org.jdom','pawt','java.util'):
... print 'loading' , name
... return oldimp(name,globals,locals,fromlist)
... print 'No you cannot load ' , name
>>> from org.python.core import __builtin__
>>> __builtin__.__import__ = secureImport
--------Now the tests:
>>> import os
No you cannot load os
>>> import java.util
['AbstractCollection', 'AbstractList', 'AbstractMap',
'AbstractSequentialList', 'AbstractSet', 'ArrayList', 'Arrays',
'BitSet', 'Calendar', 'Collection', 'Collections', 'Comparator',
to set the import back run:
>>> __builtin__.__import__ = oldimp
You have to test this, because some modules will load other modules, and
it the dependent mods are not in the list, then it will fail.
Jeff Emanuel wrote:
> It appears that rexec is not available from jython.
> Aaron Held wrote:
>> > Java has a very flexible security api. Check out the info on security
>> I just subscribed to this list and I am planning to use jython as a
>> scripting interface to my Java application. I have not gotten to
>> testing yet, but I was planning to use python's Rexec environment to
>> run my scripts. The J2SE security offers user based security and is
>> very powerful, but much more complex.
>> I was planning to use Rexec to block all imports and then provide
>> proxy methods to get just the allowed classes.
>> Is this a good strategy?
>> Are there any examples somewhere of python scripted java apps?
>> -Aaron Held
>> This sf.net email is sponsored by:ThinkGeek
>> Welcome to geek heaven.
>> Jython-users mailing list