Re: [Jython-users] restricting java classes access in jython

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

This is totally what the Java 2 Security model aims to provide. When access
control is enabled, any prohibited operation will fail with a SecurityException.
A mini-howto (for Java 2):

You must have a security manager installed. The default one will do fine. use:
    -Djava.security.manager on the command line
    System.setSecurityManager(new SecurityManager()); from within code

The security policy is defined in java.policy in jre/lib/security. It consists
of grant clauses, each which has a codebase location, and the set of permissions
granted to code loaded from the place.

You need to add 2 new grant clauses. One for the python interpreter, ie
jython.jar, allowing the operations for scripts. And one for your normal trusted
code, ie your app, allowing full permissions, (I guess). The reason this second
one is now required is that a SecutiryManager is installed.

Details of policy filew sysntax and available permisisons is in the Java
Security Architecture doc, bundled with the 1.3 Java Docs

Good luck,
Ben

----- Original Message -----
From: "Adam Berger" <sir...@ya...>
To: <jyt...@li...>
Sent: Wednesday, May 02, 2001 7:18 AM
Subject: Re: [Jython-users] restricting java classes access in jython

> On a related note, is there any way to take advantage
> of the java security system to make (untrusted) python
> code run in an environment similar to that given to
> applets? That is, no access to the disk drive, etc.
> I'm sure I'm not the only one using jython as an
> unrtusted extension language... having security
> guarantees would be magnifique.
>
> Adam
>
> --- Tait Larson <ta...@we...> wrote:
> > I'm experimenting with building a jython interpreter
> > into our java
> > platform.  The our java platform implements the
> > business logic of a web
> > application.
> >
> > I'd like to restrict  the jython interpreter so that
> > it can only
> > directly access specific classes currently available
> > in the running
> > jvm.  I could then build a web front end to the
> > PythonInterpreter class
> > and have a powerful and -- with a well written api
> > -- a safe scripting
> > interface to our platform.
> >
> > How can I restrict the java classes which the
> > PythonInterpreter class'
> > exec and eval methods recognize.
> >
> > Thanks,
> >
> > Tait
> >
> > _______________________________________________
> > Jython-users mailing list
> > Jyt...@li...
> > http://lists.sourceforge.net/lists/listinfo/jython-users
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
>
> _______________________________________________
> Jython-users mailing list
> Jyt...@li...
> http://lists.sourceforge.net/lists/listinfo/jython-users
>