From: Michel P. <mi...@di...> - 2002-04-15 14:30:01
|
On Sunday 14 April 2002 12:48 am, Steve Yegge wrote: > This is sort of a complicated question - hopefully > one of the Jython gurus here can help me out. > > Context: I'm putting a SecurityManager into my game, so > I can restrict the permissions for end-user jython code. > > The simplest way to do this (read: the only way I know > how) is to call getClassContext() and look at the classes > on the execution stack. If an end-user class is in the > execution context, then I'll restrict the permissions. > > This is easy for Java classes, since I can check if the > package name is "wyvern.wiz.<whatever>". However, I'm > not sure how to do it for my Jython classes. They all > have class names like "org.python.proxies.*". > > I want to be able to tell if a Jython class was loaded > from a directory containing end-user (i.e. "wizard") code. > Basically it boils down to needing to know which directory > the source file was loaded from, for a given class. > > I can think of various ways one might accomplish this: You may want to look at some exising python security models. The ones I know of are rexec (not sure if that works in jython), MAL's Proxy stuff (which is written in C) and Zope's explicit security model. The only one I have experience with to any great degree is Zope's, but I've used all three. Zope's model is to associate a security object with a class. these assertions define permissions that a user must have in order to access the classes members. here's an example from a real Product: class ZopeState(State, Entitled, Explicit, Persistent): security = ClassSecurityInfo() security.declareProtected(Permissions.ManageWorkflow, 'getName', 'addTransition', 'delTransition') security.declareProtected(Permissions.UseWorkflow, 'listTransitionNames', 'listTransitions', 'hasTransition', 'getTransitionInfo') InitializeClass(ZopeState) The methods 'getName', 'addTransition' etc are defined by base classes (which can also define their own security assertions). The InitializeClass does some magic behind the scenes to remember the security associations. At runtime, Zope looks are the users 'Roles' to see if the user has a role which has the permission to call a particular method. That's just an overview, the mechanisms are probably a bit complex and possible even Zope specific, but I bet with some research you could come up with something comparable. The other two solutions, rexec, and Proxy, are documented: http://py-howto.sourceforge.net/rexec/rexec.html http://www.lemburg.com/files/python/mxProxy.html As I said, the latter is a C extension, but maybe porting it is easy. The former I don't know much about either, perhaps its just straight python and easily portable. -Michel |