Re: [Jython-users] security/package question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Sunday 14 April 2002 12:48 am, Steve Yegge wrote:
> This is sort of a complicated question - hopefully
> one of the Jython gurus here can help me out.
>
> Context:  I'm putting a SecurityManager into my game, so
> I can restrict the permissions for end-user jython code.
>
> The simplest way to do this (read:  the only way I know
> how) is to call getClassContext() and look at the classes
> on the execution stack.  If an end-user class is in the
> execution context, then I'll restrict the permissions.
>
> This is easy for Java classes, since I can check if the
> package name is "wyvern.wiz.<whatever>".  However, I'm
> not sure how to do it for my Jython classes.  They all
> have class names like "org.python.proxies.*".
>
> I want to be able to tell if a Jython class was loaded
> from a directory containing end-user (i.e. "wizard") code.
> Basically it boils down to needing to know which directory
> the source file was loaded from, for a given class.
>
> I can think of various ways one might accomplish this:

You may want to look at some exising python security models.  The ones I know 
of are rexec (not sure if that works in jython), MAL's Proxy stuff (which is 
written in C) and Zope's explicit security model.

The only one I have experience with to any great degree is Zope's, but I've 
used all three.  Zope's model is to associate a security object with a class. 
 these assertions define permissions that a user must have in order to access 
the classes members.  here's an example from a real Product:

class ZopeState(State, Entitled, Explicit, Persistent):

    security = ClassSecurityInfo()

    security.declareProtected(Permissions.ManageWorkflow,
                              'getName',
                              'addTransition',
                              'delTransition')

    security.declareProtected(Permissions.UseWorkflow,
                              'listTransitionNames',
                              'listTransitions',
                              'hasTransition',
                              'getTransitionInfo')

InitializeClass(ZopeState)

The methods 'getName', 'addTransition' etc are defined by base classes (which 
can also define their own security assertions).  The InitializeClass does 
some magic behind the scenes to remember the security associations.  At 
runtime, Zope looks are the users 'Roles' to see if the user has a role which 
has the permission to call a particular method.

That's just an overview, the mechanisms are probably a bit complex and 
possible even Zope specific, but I bet with some research you could come up 
with something comparable.  The other two solutions, rexec, and Proxy, are 
documented:

http://py-howto.sourceforge.net/rexec/rexec.html

http://www.lemburg.com/files/python/mxProxy.html

As I said, the latter is a C extension, but maybe porting it is easy.  The 
former I don't know much about either, perhaps its just straight python and 
easily portable.

-Michel