headers
jastrachan | 15 Apr 2004 22:02
Picon

Re: ProtectionDomain

FWIW I've committed Steve's patch now which adds proper security access 
to various features & types & scripts. The SecurityTest case isn't 
working yet but all the other ones are working. I've excluded the 
SecurityTest for now until we get eclipse + maven working with this 
test case.

On 15 Apr 2004, at 10:33, Max Kington wrote:
> Brian,
>
> Thanks for that, I'll keep an eye on it,
>
> Max
>
> -----Original Message-----
> From: groovy-user-admin@...
> [mailto:groovy-user-admin@...]On Behalf Of
LARSON, BRIAN
> (SBCSI)
> Sent: 14 April 2004 20:03
> To: groovy-user@...
> Subject: RE: [groovy-user] ProtectionDomain
>
>
> Max, see issue 173 in JIRA
> http://jira.codehaus.org/secure/ViewIssue.jspa?key=GROOVY-173
> Steve Goetze has written the initial code to support security, but it's
> not in CVS yet.
> You could get the patch or wait until it is put into CVS.
>
> We need to do the same thing in our application.  In addition to
> restricting things like System.exit(), threads and i/o, we also need to
> restrict package access to prevent them from accessing most classes in
> our server (using the package.access security property).  This all 
> seems
> to be supported with Steve's patch.
>
> Thanks,
> Brian Larson
> SBC
>
>
>> -----Original Message-----
>> From: groovy-user-admin@...
>> [mailto:groovy-user-admin@...] On Behalf Of
Max Kington
>>
>> We're using groovy to allow a technical group here to extend our
>> applications by scripting them. What we do need to do tho is run
>> their code in a sandbox, to prevent them inadvertantly calling
>> System.exit(1) and shutting down our appserver.  At the moment
>> we have a subclass of GroovyClassLoader that allows to provide
>> a ProtectionDomain.  This is however, all that the subclass does
>> and it would be nice if we could pass this right into the
>> GroovyClassLoader and not have to unpick the compiler and parser
>> to do this.
>>
>> So, any chance you could override and expose the defineClass
>> method that takes a ProtectionDomain.
> _______________________________________________
> groovy-user mailing list
> groovy-user@...
> http://lists.codehaus.org/mailman/listinfo/groovy-user
> _______________________________________________
> groovy-user mailing list
> groovy-user@...
> http://lists.codehaus.org/mailman/listinfo/groovy-user
>
>

James
-------
http://radio.weblogs.com/0112098/
Permalink | Reply |

Gmane