I have a couple of questions about embedding BeanShell that I didn't
find answered with a quick scan of the archives.
First, security via JAAS and a SecurityManager. I need to prevent a
script from reading files, using sockets, or calling System.exit().
I've managed to set up a dummy Subject with a custom
ScriptingPrincipal whose context the BSH code is run in, and my
security policy and JAAS configuration do more or less what I need.
More or less; there are still a couple of shaky spots in there, and
I'd like to hear how others have gone about this task.
(Conversely, if anyone needs info on how to do this, drop me an email.)
Second, interrupting script execution: I also need to catch runaway
scripts, both to prevent runaway loops and recursions, and in general
just to avoid too computing intensive scripting tasks. (If that
happens, I'll just need to provide an alternative to scripting a
The JDK 1.5 concurrency utilities provide nice tools to assign worker
threads and control timeouts, but browsing the sources and JavaDocs,
I see no way of telling the bsh Interpreter to actually kill a
Is this correct? I've considered patching the source and adding an
interrupt check, but it's not immediately obvious where in the
interpreter code this would go; has anyone else done or explored this?
Other than these two stumbling blocks, bsh has been very handy, and
answers our needs. Thanks to all involved;