Menu
▾
▴
Re: [Jython-users] Fwd: embedding jython
|
From: <jem...@fr...> - 2018-12-13 21:41:05
|
PythonInterpreter interp = new PythonInterpreter(....);
interp.getSystemState().path_hooks.insert(0, yourPathHookObject);
On Thu, 13 Dec 2018 22:10:55 +0100, Liam Coughlin <lsc...@gm...>
wrote:
> Thanks for the pointers, it gives me direction.
> Second question though -- how do I register it with the system, uh...
> outside the system. The documentation seems to indicate that you
> register the hook in the script that then imports things, where in, i
> want to setup how imports are down external to the scripting context and
> lock it down.
> Any suggestions?
> Thanks-L
> On Thu, Dec 13, 2018 at 7:10 PM wrote:
> I havent done this, but heres how Id go about it. Use JavaImporter or
> zipimporter as models to implement your own path_hook that you would
add
> to
> sys.path_hooks. Implement find_module and load_module, and most
> importantly get_data. The import mechanism prefers loading byte code
> to
> source code, so you should be able to store your compiled code instead
> of
> your source. I dont think the details you need to do this are
> documented
> anywhere, so youll need to read some of the Jython source.
> org.python.core.imp, org.python.core.util.importer,
> org..python.core.JavaImporter, org.python.modules.zipimport.*. Turn on
> verbose import printout.
>
> On Thu, 13 Dec 2018 13:26:54 +0100, Liam Coughlin
> wrote:
> > ---------- Forwarded message ---------
> > From: LIAM COUGHLIN
> > Date: Wed, Dec 12, 2018 at 11:57 PM
> > Subject: Re: [Jython-users] embedding jython
> > To:
> >
> > It got me a good chunk of where I needed to go. I can effectively
> > manage access to java Classes, and return bytecodefiddled classes
that
> > deny access to certain methods etc. so this got me 90% of the way
> there.
> >
> > Now Im left with 2 issues relating to the fact that my scripts are
> stored
> > in a persistence tier and I would much rather _not_ jump through
hoops
> > echoing things to the local filesystem. The first issue is that I
> would
> > like to not be constantly recompiling my scripts when a JVM starts
> up.
> > There seems to be a way for me to hook into the compilation chain
> capture
> > the bytecode and restart the compilation chain from Py.makeClass()
> > somewhere. It will be hacky, but it will be doable.
> > The second issue is a little more head scratchy. I read through the
> > jython book, cp. 8, Advanced Import Manipulation / Import Hooks. It
> > seems you can manipulate the import system quite a bit, but there
> doesnt
> > seem to be a default way add a custom resource resolver or whatever
so
> > that I can pull my scripts from memory to be imported rather then off
> the
> > filesystem somewhere.
> > I feel like I can probably attach this functionality into my custom
> class
> > loader, but I also feel like I might be missing something here, so I
> > thought I would ask.
> > Cheers-L
> >
> > On Tue, Dec 11, 2018 at 5:50 PM wrote:
> > What I have done to limit which Java classes Jython code can access
is
> to
> > set the classloader that jython uses:
> >
> > PySystemState.initialize(properties,postProps,
> > new String[]{""},
> > getClassLoaderForJython());
> >
> > Maybe this can help you, but its probably not as secure as you need.
> It
> > isnt as fine grained as a running with a custom SecurityManager. I
> > dont
> > see in the Jython source any opportunity to run with a
> SecurityManager
> > other than the system-wide one.
> >
> > On Tue, 11 Dec 2018 13:28:57 +0100, Liam Coughlin
> > wrote:
> > > Hello folks,
> > > Maybe its just that my google skills are failing me, but Im having
> > > trouble finding guidance for my use case embedding jython.
> > > Essentially, I would like to use jython as an embedded scripting
> > language
> > > within my application. That said, my application has fairly
> strict
> > > security and privacy constraints ( think HIPAA and PCI ) and the
> > scripts
> > > will be provided by end-users of a multi-tenant application. To
> that
> > > end I would like to be able to impose security constraints on what
> > java
> > > classes jython scripts can import, and what methods of java
> classes
> > > jython scripts can call ( depending on caller context, or user
> idenity
> > > etc. )
> > > In another world, I modified groovys runtime MetaClassHandle to
> inject
> > > security checks into every pass through the MOP. This allowed me
> to
> > > save compiled groovy code, and then just instantiate the compiled
> > groovy
> > > code and execute it.
> > > It seems like I could do this with jythons PyAdapter class or
> > something
> > > like that, or perhaps by overriding the classloader that is passed
> in
> > to
> > > the systemstate when you instantiate an interpreter. Does this
> sound
> > > like im on the right course?
> > >
> > > Ideally, I would like to compile my python scripts load them as
> > classes
> > > and have my security checks inserted/executed at runtime. I
> would
> > like
> > > to be able pre-compile things, and save the bytecode rather then
> > having
> > > to compile at system start time, or compile on demand, but beggars
> > cant
> > > really be choosers here -- Im more interested in whats possible
> then
> > > whats ideal at this point.
> > >
> > > In any case I cant seem to find a definitive guide on how to
> control
> > > exposure of java elements to jython - everything seems to be
> geared
> > > towards exposing jython objects to java which is the reverse of my
> use
> > > case.
> > > Any advice, links or any help at all really would be greatly
> > appreciated.
> > > Thanks-L
> >
> >
> >
> > Links:
> > ------
> > [1] mailto:lsc...@gm... [3]
> > [2] mailto:jem...@fr... [4]
> > [3] mailto:jem...@fr... [5]
> > [4] mailto:lsc...@gm... [6]
>
>
> Links:
> ------
> [1] mailto:jem...@fr...
> [2] mailto:lsc...@gm...
> [3] mailto:lsc...@gm...
> [4] mailto:jem...@fr...
> [5] mailto:jem...@fr...
> [6] mailto:lsc...@gm...
|
