jakarta-bsf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Elder <ant.el...@uk.ibm.com>
Subject Re: BSF with Rhino, Java 2 Security problem
Date Sat, 03 Mar 2007 10:43:43 GMT
Maybe you should try asking over on the Rhino mailing list as this looks 
more like something they could help with than a BSF problem. 

See http://groups.google.co.uk/group/mozilla.dev.tech.js-engine/topics

       ...ant


Please respond to "Bean Scripting Framework users" 
<bsf-user@jakarta.apache.org> 
To:     bsf-user@jakarta.apache.org
cc:      
Subject:        BSF with Rhino, Java 2 Security problem



I have made extensive use of BSF with Rhino over the past several years to
code business logic in a Servlet based application in WebSphere v4. 
(upwards
of 100,000 loc in javascript) Moving to Websphere v5 and Java 1.4 with 
Java
2 Security has resulted in the exception below. 

BSF v2.4
Rhino v1.6.4

org.apache.bsf.BSFException: JavaScript Error:
java.lang.IllegalAccessException: Class org.mozilla.javascript.MemberBox 
can
not access a member of class java.util.TreeMap$KeyIterator with modifiers
"public"
                 at
org.apache.bsf.engines.javascript.JavaScriptEngine.handleError(JavaScriptEngine.java:195)
                 at
org.apache.bsf.engines.javascript.JavaScriptEngine.eval(JavaScriptEngine.java:147)
                 at 
org.apache.bsf.util.BSFEngineImpl.exec(BSFEngineImpl.java:141)
                 at org.apache.bsf.BSFManager$6.run(BSFManager.java:493)
                 at java.security.AccessController.doPrivileged1(Native 
Method)
                 at
java.security.AccessController.doPrivileged(AccessController.java(Compiled
Code))
                 at 
org.apache.bsf.BSFManager.exec(BSFManager.java(Compiled Code))
                 at
tools.JavaScriptEngineWrapper.jsExec(JavaScriptEngineWrapper.java(Inlined
Compiled Code))


For stack trace above: 
  Package tools is the app
  jsExec calls BSF to execute a javascript 
  the javascript starts to run in   JavaScriptEngine.eval
  this particular script creates a TreeMap object and then uses an 
iterator
over its contents, which results in the
  IllegalAccessException

Here's the policy file 

grant codeBase "file:${application}" {
  permission java.security.AllPermission;
};

grant codeBase "file:${jars}" {
  permission java.security.AllPermission;
};

grant codeBase "file:${connectorComponent}" {
  permission java.security.AllPermission;
};

grant codeBase "file:${webComponent}" {
  permission java.security.AllPermission;
};

grant codeBase "file:${ejbComponent}" {
  permission java.security.AllPermission;
};

grant {
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
};

The JavaScript which results in the exception (but many other various
examples also fail)

   var map = new java.util.TreeMap();
   // put data in map
   var it = map.keySet().iterator();


I stress that this code works as designed with Java 2 Security disabled.


Can anyone suggest a policy file change to allow code like this to work? I
can supply additional documentation upon request. 

Thank you!

-- 
View this message in context: 
http://www.nabble.com/BSF-with-Rhino%2C-Java-2-Security-problem-tf3306796.html#a9198064

Sent from the BSF - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: bsf-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: bsf-user-help@jakarta.apache.org








Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU






Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message