Menu
▾
▴
Re: [Jython-users] embedding jython
|
From: <jem...@fr...> - 2018-12-11 16:50:41
|
What I have done to limit which Java classes Jython code can access is to
set the classloader that jython uses:
PySystemState.initialize(properties,postProps,
new String[]{""}, getClassLoaderForJython());
Maybe this can help you, but it's probably not as secure as you need. It
isn't as fine grained as a running with a custom SecurityManager. I don't
see in the Jython source any opportunity to run with a SecurityManager
other than the system-wide one.
On Tue, 11 Dec 2018 13:28:57 +0100, Liam Coughlin <lsc...@gm...>
wrote:
> Hello folks,
> Maybe its just that my google skills are failing me, but Im having
> trouble finding guidance for my use case embedding jython.
> Essentially, I would like to use jython as an embedded scripting
language
> within my application. That said, my application has fairly strict
> security and privacy constraints ( think HIPAA and PCI ) and the scripts
> will be provided by end-users of a multi-tenant application. To that
> end I would like to be able to impose security constraints on what java
> classes jython scripts can import, and what methods of java classes
> jython scripts can call ( depending on caller context, or user idenity
> etc. )
> In another world, I modified groovys runtime MetaClassHandle to inject
> security checks into every pass through the MOP. This allowed me to
> save compiled groovy code, and then just instantiate the compiled groovy
> code and execute it.
> It seems like I could do this with jythons PyAdapter class or something
> like that, or perhaps by overriding the classloader that is passed in to
> the systemstate when you instantiate an interpreter. Does this sound
> like im on the right course?
>
> Ideally, I would like to compile my python scripts load them as classes
> and have my security checks inserted/executed at runtime. I would like
> to be able pre-compile things, and save the bytecode rather then having
> to compile at system start time, or compile on demand, but beggars cant
> really be choosers here -- Im more interested in whats possible then
> whats ideal at this point.
>
> In any case I cant seem to find a definitive guide on how to control
> exposure of java elements to jython - everything seems to be geared
> towards exposing jython objects to java which is the reverse of my use
> case.
> Any advice, links or any help at all really would be greatly
appreciated.
> Thanks-L
|
