[Jython-users] embedding jython

[Liam C. <lsc...@gm...>]

Hello folks,

Maybe it's just that my google skills are failing me, but I'm having
trouble finding guidance for my use case embedding jython.

Essentially, I would like to use jython as an embedded scripting language
within my application.  That said, my application has fairly strict
security and privacy constraints ( think HIPAA and PCI ) and the scripts
will be provided by end-users of a multi-tenant application.  To that end I
would like to be able to impose security constraints on what java classes
jython scripts can import, and what methods of java classes jython scripts
can call ( depending on caller context, or user idenity etc. )

In another world, I modified groovy's runtime MetaClassHandle to inject
security checks into every pass through the MOP.  This allowed me to save
compiled groovy code, and then just instantiate the compiled groovy code
and execute it.

It seems like I could do this with jython's PyAdapter class or something
like that, or perhaps by overriding the classloader that is passed in to
the systemstate when you instantiate an interpreter.  Does this sound like
i'm on the right course?

Ideally, I would like to compile my python scripts load them as classes and
have my security checks inserted/executed at runtime.  I would like to be
able pre-compile things, and save the bytecode rather then having to
compile at system start time, or compile on demand, but beggars can't
really be choosers here -- I'm more interested in what's possible then
what's ideal at this point.

In any case I can't seem to find a definitive guide on how to control
exposure of java elements to jython - everything seems to be geared towards
exposing jython objects to java which is the reverse of my use case.

Any advice, links or any help at all really would be greatly appreciated.

Thanks
-L