Security Manager confusion [message #558211] |
Fri, 10 September 2010 14:17 |
Peter M. Murray Messages: 24 Registered: July 2009 |
Junior Member |
|
|
Please excuse me if this is an obvious question, but I'm a bit of a noob on java security framework issues.
I'm trying to ensure a strict sandbox for running groovy scripts within my application, but am running into what appears to be rogue insertion of AllPermissions into my stack's AccessControlContext when running within Equinox. This does not appear to happen when running without Equinox.
Below is some code that demonstrates the issue. When run directly as a Java Application, it runs property - the script Context does not have the tested permission. However, when run as an Eclipse IApplication, the script context DOES have the tested permission. Examination in the debugger shows that when run within Equinox, the /groovy/script ProtectionDomain has all of the "generic" ProtectionDomain permissions plus AllPermissions.
package test;
import groovy.lang.GroovyShell;
import java.security.AccessControlContext;
import org.eclipse.equinox.app.IApplication;
import org.eclipse.equinox.app.IApplicationContext;
public class TestSecurity implements IApplication
{
public static void main(String[] args)
{
System.out.println("STARTING!");
if (System.getSecurityManager() != null)
throw new RuntimeException("Already configured!");
System.setProperty("java.security.policy", "/tmp/test.policy");
System.setSecurityManager(new SecurityManager());
check(java.security.AccessController.getContext());
System.out.println("Inline has permission - GOOD");
GroovyShell shell = new GroovyShell();
try
{
check((AccessControlContext) shell.evaluate("java.security.AccessController.getContext();"));
System.out.println("Script has permission - BAD!!!");
}
catch (java.security.AccessControlException e)
{
System.out.println("Script has NO permission - GOOD");
}
}
private static void check(AccessControlContext context)
{
context.checkPermission(new java.io.FilePermission("/tmp/foo", "read"));
}
@Override
public Object start(IApplicationContext context) throws Exception
{
main(null);
return IApplication.EXIT_OK;
}
@Override
public void stop()
{
}
}
Here is /tmp/test.policy:
grant codebase "file:/home/pete/-" { permission java.security.AllPermission; };
All of the groovy code is generated with a code source url of "file:/groovy/script" or "file:/groovy/shell" - so it should not match my uber grant in test.policy (and doesn't when run via direct main() invocation.
Does anyone have any insight into this? Seems like I must be missing something.
Thanks,
pete
|
|
|
Powered by
FUDForum. Page generated in 0.03315 seconds