Package org.wicketstuff.nashorn.resource
Class NashornSecurityManager
- java.lang.Object
-
- java.lang.SecurityManager
-
- org.wicketstuff.nashorn.resource.NashornSecurityManager
-
public class NashornSecurityManager extends SecurityManager
A security manager which is going to be enabled within a nashorn script callable.
Example to enable the manager programmatically:
See also https://docs.oracle.com/javase/tutorial/essential/environment/security.htmlSystem.setProperty("java.security.policy", MyClass.class.getResource("nashorn.policy").toString()); System.setSecurityManager(new NashornSecurityManager(false));
Examples for policy file (note that you have to replace the version of the jar file):
The permissions can be different depending on the java version which is used.grant { permission java.security.AllPermission; }; --- or --- grant { permission org.wicketstuff.nashorn.resource.NashornSecurityManagerPermission; permission java.lang.RuntimePermission "nashorn.setConfig"; permission java.lang.RuntimePermission "createClassLoader"; permission java.io.FilePermission "/Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/ext/nashorn.jar","read"; //permission java.io.FilePermission "${user.home}/git/core/nashorn-parent/nashorn/target/classes/org/wicketstuff/nashorn/resource/esprima.js","read"; //permission java.io.FilePermission "${user.home}/git/core/nashorn-parent/nashorn/target/classes/org/wicketstuff/nashorn/resource/escodegen.browser.js","read"; permission java.io.FilePermission "${user.home}/.m2/repository/org/wicketstuff/wicketstuff-nashorn/7.2.0-SNAPSHOT/wicketstuff-nashorn-7.2.0-SNAPSHOT.jar","read"; permission java.io.FilePermission "/Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/libnio.dylib","read"; permission java.io.FilePermission "/Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/content-types.properties","read"; permission java.lang.RuntimePermission "nashorn.createContext"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.util.PropertyPermission "sun.misc.ProxyGenerator.saveGeneratedFiles","read"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.util.logging.LoggingPermission "control"; permission java.util.PropertyPermission "sun.util.logging.disableCallerCheck","read"; permission java.util.PropertyPermission "java.util.logging.SimpleFormatter.format","read"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.org.objectweb.asm"; permission java.lang.RuntimePermission "nashorn.createGlobal"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.org.objectweb.asm.util"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.nashorn.internal.runtime"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.nashorn.internal.scripts"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.nashorn.internal.objects"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.nashorn.internal.runtime.linker"; permission java.util.PropertyPermission "java.util.logging.manager", "read"; permission java.lang.RuntimePermission "fileSystemProvider"; permission java.util.PropertyPermission "user.dir", "read"; permission java.util.PropertyPermission "user.home", "read"; permission java.util.PropertyPermission "hotjava.home", "read"; permission java.util.PropertyPermission "java.home", "read"; permission java.util.PropertyPermission "sun.jnu.encoding", "read"; permission java.util.PropertyPermission "java.net.ftp.imagepath.*", "read"; permission java.util.PropertyPermission "sun.nio.fs.chdirAllowed", "read"; permission java.util.PropertyPermission "content.types.user.table", "read"; permission java.util.PropertyPermission "java.nio.file.spi.DefaultFileSystemProvider", "read"; permission java.util.PropertyPermission "content.types.temp.file.template", "read"; permission java.util.PropertyPermission "user.mailcap", "read"; permission java.lang.RuntimePermission "loadLibrary.nio"; permission java.lang.RuntimePermission "setFactory"; permission java.util.PropertyPermission "java.protocol.handler.pkgs","read"; };- Author:
- Tobias Soloschenko
-
-
Constructor Summary
Constructors Constructor Description NashornSecurityManager(boolean enabledByDefault)Creates a new nashorn security manager
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckPermission(Permission permission)Check the permissions based on the given permissionsvoidcheckPermission(Permission permission, Object context)Checks the permissionsvoiddisable()Disables the security managervoidenable()Enables the security managerbooleanisEnabled()Checks if the security manager is enabled-
Methods inherited from class java.lang.SecurityManager
checkAccept, checkAccess, checkAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkExit, checkLink, checkListen, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkWrite, checkWrite, getClassContext, getSecurityContext, getThreadGroup
-
-
-
-
Method Detail
-
checkPermission
public void checkPermission(Permission permission)
Check the permissions based on the given permissions- Overrides:
checkPermissionin classSecurityManager
-
checkPermission
public void checkPermission(Permission permission, Object context)
Checks the permissions- Overrides:
checkPermissionin classSecurityManager
-
enable
public void enable()
Enables the security manager
-
disable
public void disable()
Disables the security manager
-
isEnabled
public boolean isEnabled()
Checks if the security manager is enabled- Returns:
- if the security manager is enabled
-
-