Package org.wicketstuff.nashorn.resource
Class NashornSecurityManager
- java.lang.Object
-
- java.lang.SecurityManager
-
- org.wicketstuff.nashorn.resource.NashornSecurityManager
-
public class NashornSecurityManager extends SecurityManager
A security manager which is going to be enabled within a nashorn script callable.
Example to enable the manager programmatically:System.setProperty("java.security.policy", MyClass.class.getResource("nashorn.policy").toString()); System.setSecurityManager(new NashornSecurityManager(false));
Examples for policy file (note that you have to replace the version of the jar file):grant { permission java.security.AllPermission; }; --- or --- grant { permission org.wicketstuff.nashorn.resource.NashornSecurityManagerPermission; permission java.lang.RuntimePermission "nashorn.setConfig"; permission java.lang.RuntimePermission "createClassLoader"; permission java.io.FilePermission "/Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/ext/nashorn.jar","read"; //permission java.io.FilePermission "${user.home}/git/core/nashorn-parent/nashorn/target/classes/org/wicketstuff/nashorn/resource/esprima.js","read"; //permission java.io.FilePermission "${user.home}/git/core/nashorn-parent/nashorn/target/classes/org/wicketstuff/nashorn/resource/escodegen.browser.js","read"; permission java.io.FilePermission "${user.home}/.m2/repository/org/wicketstuff/wicketstuff-nashorn/7.2.0-SNAPSHOT/wicketstuff-nashorn-7.2.0-SNAPSHOT.jar","read"; permission java.io.FilePermission "/Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/libnio.dylib","read"; permission java.io.FilePermission "/Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/content-types.properties","read"; permission java.lang.RuntimePermission "nashorn.createContext"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.util.PropertyPermission "sun.misc.ProxyGenerator.saveGeneratedFiles","read"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.util.logging.LoggingPermission "control"; permission java.util.PropertyPermission "sun.util.logging.disableCallerCheck","read"; permission java.util.PropertyPermission "java.util.logging.SimpleFormatter.format","read"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.org.objectweb.asm"; permission java.lang.RuntimePermission "nashorn.createGlobal"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.org.objectweb.asm.util"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.nashorn.internal.runtime"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.nashorn.internal.scripts"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.nashorn.internal.objects"; permission java.lang.RuntimePermission "accessClassInPackage.jdk.nashorn.internal.runtime.linker"; permission java.util.PropertyPermission "java.util.logging.manager", "read"; permission java.lang.RuntimePermission "fileSystemProvider"; permission java.util.PropertyPermission "user.dir", "read"; permission java.util.PropertyPermission "user.home", "read"; permission java.util.PropertyPermission "hotjava.home", "read"; permission java.util.PropertyPermission "java.home", "read"; permission java.util.PropertyPermission "sun.jnu.encoding", "read"; permission java.util.PropertyPermission "java.net.ftp.imagepath.*", "read"; permission java.util.PropertyPermission "sun.nio.fs.chdirAllowed", "read"; permission java.util.PropertyPermission "content.types.user.table", "read"; permission java.util.PropertyPermission "java.nio.file.spi.DefaultFileSystemProvider", "read"; permission java.util.PropertyPermission "content.types.temp.file.template", "read"; permission java.util.PropertyPermission "user.mailcap", "read"; permission java.lang.RuntimePermission "loadLibrary.nio"; permission java.lang.RuntimePermission "setFactory"; permission java.util.PropertyPermission "java.protocol.handler.pkgs","read"; };
- Author:
- Tobias Soloschenko
-
-
Constructor Summary
Constructors Constructor Description NashornSecurityManager(boolean enabledByDefault)
Creates a new nashorn security manager
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkPermission(Permission permission)
Check the permissions based on the given permissionsvoid
checkPermission(Permission permission, Object context)
Checks the permissionsvoid
disable()
Disables the security managervoid
enable()
Enables the security managerboolean
isEnabled()
Checks if the security manager is enabled-
Methods inherited from class java.lang.SecurityManager
checkAccept, checkAccess, checkAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkExit, checkLink, checkListen, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkWrite, checkWrite, getClassContext, getSecurityContext, getThreadGroup
-
-
-
-
Method Detail
-
checkPermission
public void checkPermission(Permission permission)
Check the permissions based on the given permissions- Overrides:
checkPermission
in classSecurityManager
-
checkPermission
public void checkPermission(Permission permission, Object context)
Checks the permissions- Overrides:
checkPermission
in classSecurityManager
-
enable
public void enable()
Enables the security manager
-
disable
public void disable()
Disables the security manager
-
isEnabled
public boolean isEnabled()
Checks if the security manager is enabled- Returns:
- if the security manager is enabled
-
-