I've written a Java class to do some parsing of a Google-style query
into XQuery that suits my db and search needs, and I'm calling it from
within XQuery quite happily on a test system, having enabled Java
binding. I'm now looking at the documentation which says:
Enabling the Java binding bears some risks: if you allow users to
directly pass XQuery code to the database, e.g. through the sandbox
application, they might use Java methods to inspect your system or
execute potentially destructive code on the server.
The XACML package therefore allows for fine-grained control of the Java
binding feature, e.g. restricting access to certain Java classes. Please
make sure you have properly set up XACML if you are planning to access
Java code via XQuery on a production system.
So I've been trying to get XACML set up and working. So far I've
succeeded in creating the dreaded read-only database problem three
times, as well as crashing Tomcat twice, and getting various errors due
to processes not having permission to do things they need to do. I'm not
much further forward, even after reading the XACML documentation (which
runs out with some TODOs just when it's getting interesting :-). As soon
as I turn on XACML, either with or without load-defaults="no",
everything seems to fall to bits.
What I'd really like to do is to turn on XACML in such a way that it
doesn't affect any of the existing permissions; then add only one
policy, which restricts access from XQuery to Java classes to those Java
classes used by eXist normally, and my own new class. Has anyone done
this sort of thing successfully, and if so, can you give me any pointers?
All help appreciated,