Maybe you should try asking over on the Rhino mailing list as this looks more like something they could help with than a BSF problem.
See http://groups.google.co.uk/group/mozilla.dev.tech.js-engine/topics ...ant Please respond to "Bean Scripting Framework users" <bsf-user@jakarta.apache.org> To: bsf-user@jakarta.apache.org cc: Subject: BSF with Rhino, Java 2 Security problem I have made extensive use of BSF with Rhino over the past several years to code business logic in a Servlet based application in WebSphere v4. (upwards of 100,000 loc in javascript) Moving to Websphere v5 and Java 1.4 with Java 2 Security has resulted in the exception below. BSF v2.4 Rhino v1.6.4 org.apache.bsf.BSFException: JavaScript Error: java.lang.IllegalAccessException: Class org.mozilla.javascript.MemberBox can not access a member of class java.util.TreeMap$KeyIterator with modifiers "public" at org.apache.bsf.engines.javascript.JavaScriptEngine.handleError(JavaScriptEngine.java:195) at org.apache.bsf.engines.javascript.JavaScriptEngine.eval(JavaScriptEngine.java:147) at org.apache.bsf.util.BSFEngineImpl.exec(BSFEngineImpl.java:141) at org.apache.bsf.BSFManager$6.run(BSFManager.java:493) at java.security.AccessController.doPrivileged1(Native Method) at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code)) at org.apache.bsf.BSFManager.exec(BSFManager.java(Compiled Code)) at tools.JavaScriptEngineWrapper.jsExec(JavaScriptEngineWrapper.java(Inlined Compiled Code)) For stack trace above: Package tools is the app jsExec calls BSF to execute a javascript the javascript starts to run in JavaScriptEngine.eval this particular script creates a TreeMap object and then uses an iterator over its contents, which results in the IllegalAccessException Here's the policy file grant codeBase "file:${application}" { permission java.security.AllPermission; }; grant codeBase "file:${jars}" { permission java.security.AllPermission; }; grant codeBase "file:${connectorComponent}" { permission java.security.AllPermission; }; grant codeBase "file:${webComponent}" { permission java.security.AllPermission; }; grant codeBase "file:${ejbComponent}" { permission java.security.AllPermission; }; grant { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.lang.RuntimePermission "accessDeclaredMembers"; }; The JavaScript which results in the exception (but many other various examples also fail) var map = new java.util.TreeMap(); // put data in map var it = map.keySet().iterator(); I stress that this code works as designed with Java 2 Security disabled. Can anyone suggest a policy file change to allow code like this to work? I can supply additional documentation upon request. Thank you! -- View this message in context: http://www.nabble.com/BSF-with-Rhino%2C-Java-2-Security-problem-tf3306796.html#a9198064 Sent from the BSF - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
