The problem is, that I want to run untrusted Jython user code on a server machine. There's a small API that should be used by the user. The web application itselfs needs access to different Java classes (e.g. java.io.*). But the user code must be restricted.
Furthermore, I need to restrict the maximum heap for the user code. Possibly, this is only realizable with a separte JVM.
Von: Johannes Buchner <firstname.lastname@example.org> An: email@example.com Gesendet: 17:24 Samstag, 2.Februar 2013 Betreff: Re: [Jython-users] How to restrict accessible packages
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/02/2013 05:11 PM, PAX wrote: > Hi friends of Jython > > I've got a question: Is it possible to let Jython restrict the > access to specific Java packages? For instance, how can I tell > Jython to reject the usage of classes from "java.io.*" in user > code?
Perhaps you can achieve what you want using Java permissions:
Can you elaborate why you want to restrict access to java.io? I think if you try to cripple Jython, you will run into many issues and it may not even run. Permissions seem to be the right way (TM) to restrict IO.