From: David H. <dav...@gm...> - 2007-10-19 06:23:56
|
On 10/18/07, Dave Kuhlman <dku...@re...> wrote: > I'm going to try to tell myself that it does not matter that my example is a > bit impractical. I'm concerned that people who are thinking about embedding a > Jython interpreter into a Java application, will want to expose some of the > Java classes in that application to scripts, but prohibit access to others. > So, I figure that as long as I show a way to do that screening, I've done what > I need to do. You think? As long as it works, i.e., you can define classes Goodclass1 and Badclass1 and show that Goodclass1 can be loaded while Badclass1 can't, then it's a good example. I'm not sure it will work for *any* Goodclass1, so I think you should make the definition of Goodclass1 part of the example. If you leave Goodclass1 undefined, some poor user might attempt the example with an unexpected definition of Goodclass1 that invalidates the example. I'm particularly concerned that if the definition of Goodclass1 requires loading of other classes that don't appear on the whitelist, and if the JVM attempts to load them through the custom class loader, the class loader will reject them, resulting in Goodclass1 failing to load. My understanding of class loading is pretty fuzzy, so I'm not sure that my reservations are valid. It would be safest to fully specify and test the example, though. -David |