On Feb 18, 6:40 am, Attila Szegedi <[email protected]> wrote: > Probably the app server places additional restrictions on code in > applications. It might be possible that you'd need to grant some > additional privileges to js.jar when it's in app directory (and then > we might need to augment Rhino to use doPrivileged() in few places > after you identify those places). > > I suggest you run your JVM with -Djava.security.debug="access,failure" > and see exactly what code fails obtaining which permissions, and come > back to us with the findings. > > Attila. > > On 2009.02.17., at 23:31, Gary Brown wrote: > > > > > I have some code similar to the following that is used to call js code > > from java. > > > ContextFactory contextFactory = new ContextFactory(); > > Context context = contextFactory.enterContext(); > > context.setSecurityController( new PolicySecurityController() ); > > Scriptable scope = context.initStandardObjects( new > > ImporterTopLevel( context ) ); > > URL url = new URL( "http://acme.com/scripting/test.js"; ); > > CodeSource codeSource = new CodeSource( url, ( CodeSigner[] ) > > null ); > > context.evaluateString( scope, script, "test.js", 0, codeSource ); > > Context.exit(); > > > The code works and can be secured using java policy when executed from > > a simple stand-alone application. The code also works correctly when > > executed from a web application running on Weblogic 10.0, but only if > > js.jar from Rhino 1.7R1 is in the classpath. The file js.jar must be > > placed ahead of the Weblogic jars in the classpath because one of the > > classes conflicts with a class found in the Weblogic jars. > > > The following is an example of the java policy file: > > > // Give java code full access. > > grant codeBase "file:/-" { > > permission java.security.AllPermission; > > }; > > > grant codeBase "file:C:/-" { > > permission java.security.AllPermission; > > }; > > > grant codeBase "file:D:/-" { > > permission java.security.AllPermission; > > }; > > > // Give javascript code no access. > > grant codeBase "http://acme.com/scripting"; { > > }; > > > If I remove js.jar from the classpath and instead put js.jar in the > > APP-INF/lib directory (I also have to put a weblogic-application.xml > > file in the META-INF directory to fix the class load conflict), I get > > security exceptions. The security exceptions go away if I grant full > > permissions to all code. > > > ----- > > I get similar results when I deploy my code to Tomcat 6. If js.jar is > > placed in $CATALINA_HOME/lib/ (and not in /WEB-INF/lib/), all is well. > > If js.jar is placed in /WEB-INF/lib/, I get 'ReferenceError: "java" is > > not defined.' unless I grant full permissions to all code. > > ----- > > > Is there any way to get this code to execute correctly without putting > > js.jar in the common classpath? Any idea why the code works with > > reduced permissions with js.jar in the common classpath, and with full > > permissions with js.jar in the application classpath, but not with > > reduced permissions with js.jar in the application classpath?- Hide quoted > > text - > > - Show quoted text -
This is a summary of the failures: access: access denied (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org\mozilla\javascript\NativeJavaTopPackage.class read) access: domain that failed ProtectionDomain (http://acme.com/ scripting <no signer certificates>) access: access denied (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org\mozilla\javascript\resources\Messages.class read) access: domain that failed ProtectionDomain (http://acme.com/ scripting <no signer certificates>) access: access denied (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org\mozilla\javascript\resources\Messages_en.class read) access: domain that failed ProtectionDomain (http://acme.com/ scripting <no signer certificates>) access: access denied (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org\mozilla\javascript\resources\Messages_en_US.class read) access: domain that failed ProtectionDomain (http://acme.com/ scripting <no signer certificates>) access: access denied (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org\mozilla\javascript\EcmaError.class read) access: domain that failed ProtectionDomain (http://acme.com/ scripting <no signer certificates>) java.security.AccessControlException: access denied (java.io.FilePermission D:\Demo\Demo\APP-INF\classes\org\mozilla \javascript\EcmaError.class read) This is the detail of the first and last failures: . . . access: access allowed (java.net.SocketPermission acme.com resolve) access: access denied (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org\mozilla\javascript\NativeJavaTopPackage.class read) java.lang.Exception: Stack trace at java.lang.Thread.dumpStack(Thread.java:1158) at java.security.AccessControlContext.checkPermission (AccessControlContext.java:253) at java.security.AccessController.checkPermission (AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java: 532) at java.lang.SecurityManager.checkRead(SecurityManager.java:871) at java.io.File.exists(File.java:700) at weblogic.utils.classloaders.DirectoryClassFinder.getSource (DirectoryClassFinder.java:36) at weblogic.utils.classloaders.JarClassFinder.getSource (JarClassFinder.java:45) at weblogic.utils.classloaders.AbstractClassFinder.getClassSource (AbstractClassFinder.java:17) at weblogic.utils.classloaders.MultiClassFinder.getClassSource (MultiClassFinder.java:58) at weblogic.utils.classloaders.MultiClassFinder.getClassSource (MultiClassFinder.java:58) at weblogic.utils.classloaders.MultiClassFinder.getClassSource (MultiClassFinder.java:58) at weblogic.utils.classloaders.CodeGenClassFinder.getClassSource (CodeGenClassFinder.java:27) at weblogic.utils.classloaders.GenericClassLoader.findLocalClass (GenericClassLoader.java:280) at weblogic.utils.classloaders.GenericClassLoader.findClass (GenericClassLoader.java:259) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at weblogic.utils.classloaders.GenericClassLoader.loadClass (GenericClassLoader.java:179) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:164) at org.mozilla.javascript.Kit.classOrNull(Kit.java:74) at org.mozilla.javascript.LazilyLoadedCtor.buildValue (LazilyLoadedCtor.java:107) at org.mozilla.javascript.LazilyLoadedCtor.init (LazilyLoadedCtor.java:89) at org.mozilla.javascript.ScriptableObject.getImpl (ScriptableObject.java:1992) at org.mozilla.javascript.ScriptableObject.get (ScriptableObject.java:280) at org.mozilla.javascript.IdScriptableObject.get (IdScriptableObject.java:385) at org.mozilla.javascript.ImporterTopLevel.get (ImporterTopLevel.java:128) at org.mozilla.javascript.ScriptableObject.getProperty (ScriptableObject.java:1575) at org.mozilla.javascript.ScriptRuntime.topScopeName (ScriptRuntime.java:1748) at org.mozilla.javascript.ScriptRuntime.name(ScriptRuntime.java: 1650) at org.mozilla.javascript.gen.c1._c0(C:\temp\demo.js:1) at org.mozilla.javascript.gen.c1.call(C:\temp\demo.js) at org.mozilla.javascript.ContextFactory.doTopCall (ContextFactory.java:401) at org.mozilla.javascript.ScriptRuntime.doTopCall (ScriptRuntime.java:3003) at org.mozilla.javascript.gen.c1.call(C:\temp\demo.js) at org.mozilla.javascript.gen.c1.exec(C:\temp\demo.js) at org.mozilla.javascript.Context.evaluateString(Context.java: 1088) at com.acme.script.ScriptHelper.call(ScriptHelper.java:514) at com.acme.script.ScriptHelper.call(ScriptHelper.java:407) at com.acme.demo.NumberNegativeEvent.service (NumberNegativeEvent.java:91) at com.acme.next.next.NextController.processCurrentEvent (NextController.java:622) at com.acme.next.next.NextController.processAllEvents (NextController.java:359) at com.acme.next.next.NextController.service(NextController.java: 181) at com.acme.next.Transaction.run(Transaction.java:136) at com.acme.next.TransactionObject.processTransaction (TransactionObject.java:94) at com.acme.next.Loader.processRequest(Loader.java:1052) at com.acme.next.Loader.doService(Loader.java:727) at com.acme.next.Loader.service(Loader.java:548) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper $ServletServiceAction.run(StubSecurityHelper.java:226) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet (StubSecurityHelper.java:124) at weblogic.servlet.internal.ServletStubImpl.execute (ServletStubImpl.java:283) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java: 26) at weblogic.servlet.internal.FilterChainImpl.doFilter (FilterChainImpl.java:42) at com.acme.next.FrameworkFilter.doFilter(FrameworkFilter.java: 564) at weblogic.servlet.internal.FilterChainImpl.doFilter (FilterChainImpl.java:42) at weblogic.servlet.internal.WebAppServletContext $ServletInvocationAction.run(WebAppServletContext.java:3368) at weblogic.security.acl.internal.AuthenticatedSubject.doAs (AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(Unknown Source) at weblogic.servlet.internal.WebAppServletContext.securedExecute (WebAppServletContext.java:2117) at weblogic.servlet.internal.WebAppServletContext.execute (WebAppServletContext.java:2023) at weblogic.servlet.internal.ServletRequestImpl.run (ServletRequestImpl.java:1359) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200) at weblogic.work.ExecuteThread.run(ExecuteThread.java:172) access: access allowed (java.security.SecurityPermission getPolicy) access: domain that failed ProtectionDomain (http://acme.com/ scripting <no signer certificates>) org.mozilla.javascript.policysecuritycontroller$loa...@9c6e6e <no principals> java.security.permissi...@9453f9 ( (java.util.PropertyPermission java.version read) (java.util.PropertyPermission java.vm.name read) (java.util.PropertyPermission java.vm.vendor read) (java.util.PropertyPermission os.name read) (java.util.PropertyPermission java.vendor.url read) (java.util.PropertyPermission java.vm.specification.vendor read) (java.util.PropertyPermission java.specification.vendor read) (java.util.PropertyPermission os.version read) (java.util.PropertyPermission java.specification.name read) (java.util.PropertyPermission java.class.version read) (java.util.PropertyPermission file.separator read) (java.util.PropertyPermission java.vm.version read) (java.util.PropertyPermission os.arch read) (java.util.PropertyPermission java.vm.specification.name read) (java.util.PropertyPermission java.vm.specification.version read) (java.util.PropertyPermission java.specification.version read) (java.util.PropertyPermission java.vendor read) (java.util.PropertyPermission path.separator read) (java.util.PropertyPermission line.separator read) (java.net.SocketPermission localhost:1024- listen,resolve) (java.lang.RuntimePermission stopThread) ) . . . access: access allowed (java.security.SecurityPermission getPolicy) access: domain that failed ProtectionDomain (http://acme.com/ scripting <no signer certificates>) org.mozilla.javascript.policysecuritycontroller$loa...@9c6e6e <no principals> java.security.permissi...@11cdf8a ( (java.util.PropertyPermission java.version read) (java.util.PropertyPermission java.vm.name read) (java.util.PropertyPermission java.vm.vendor read) (java.util.PropertyPermission os.name read) (java.util.PropertyPermission java.vendor.url read) (java.util.PropertyPermission java.vm.specification.vendor read) (java.util.PropertyPermission java.specification.vendor read) (java.util.PropertyPermission os.version read) (java.util.PropertyPermission java.specification.name read) (java.util.PropertyPermission java.class.version read) (java.util.PropertyPermission file.separator read) (java.util.PropertyPermission java.vm.version read) (java.util.PropertyPermission os.arch read) (java.util.PropertyPermission java.vm.specification.name read) (java.util.PropertyPermission java.vm.specification.version read) (java.util.PropertyPermission java.specification.version read) (java.util.PropertyPermission java.vendor read) (java.util.PropertyPermission path.separator read) (java.util.PropertyPermission line.separator read) (java.net.SocketPermission localhost:1024- listen,resolve) (java.lang.RuntimePermission stopThread) ) access: access allowed (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org\mozilla\javascript\RhinoException.class read) access: access allowed (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org\mozilla\javascript\RhinoException.class read) access: access allowed (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org.mozilla.javascript.RhinoException read) access: access allowed (java.io.FilePermission D:\Demo\Demo\APP-INF \classes\org.mozilla.javascript.RhinoException read) access: access allowed (java.io.FilePermission D:\bea\user_projects \domains\Demo\servers\AdminServer\tmp\_WL_user\Demo\xa8amf\APP-INF\lib \js.jar read) access: access allowed (java.io.FilePermission D:\bea\user_projects \domains\Demo\servers\AdminServer\tmp\_WL_user\Demo\xa8amf\APP-INF\lib \js.jar read) access: access allowed (java.io.FilePermission D:\bea\user_projects \domains\Demo\servers\AdminServer\tmp\_WL_user\Demo\xa8amf\APP-INF\lib \js.jar read) java.security.AccessControlException: access denied (java.io.FilePermission D:\Demo\Demo\APP-INF\classes\org\mozilla \javascript\EcmaError.class read) at java.security.AccessControlContext.checkPermission (AccessControlContext.java:264) at java.security.AccessController.checkPermission (AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java: 532) at java.lang.SecurityManager.checkRead(SecurityManager.java:871) at java.io.File.exists(File.java:700) at weblogic.utils.classloaders.DirectoryClassFinder.getSource (DirectoryClassFinder.java:36) at weblogic.utils.classloaders.JarClassFinder.getSource (JarClassFinder.java:45) at weblogic.utils.classloaders.AbstractClassFinder.getClassSource (AbstractClassFinder.java:17) at weblogic.utils.classloaders.MultiClassFinder.getClassSource (MultiClassFinder.java:58) at weblogic.utils.classloaders.MultiClassFinder.getClassSource (MultiClassFinder.java:58) at weblogic.utils.classloaders.MultiClassFinder.getClassSource (MultiClassFinder.java:58) at weblogic.utils.classloaders.CodeGenClassFinder.getClassSource (CodeGenClassFinder.java:27) at weblogic.utils.classloaders.GenericClassLoader.findLocalClass (GenericClassLoader.java:280) at weblogic.utils.classloaders.GenericClassLoader.findClass (GenericClassLoader.java:259) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at weblogic.utils.classloaders.GenericClassLoader.loadClass (GenericClassLoader.java:179) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at org.mozilla.javascript.ScriptRuntime.constructError (ScriptRuntime.java:3557) at org.mozilla.javascript.ScriptRuntime.constructError (ScriptRuntime.java:3535) at org.mozilla.javascript.ScriptRuntime.notFoundError (ScriptRuntime.java:3620) at org.mozilla.javascript.ScriptRuntime.name(ScriptRuntime.java: 1652) at org.mozilla.javascript.gen.c1._c0(C:\temp\demo.js:1) at org.mozilla.javascript.gen.c1.call(C:\temp\demo.js) at org.mozilla.javascript.ContextFactory.doTopCall (ContextFactory.java:401) at org.mozilla.javascript.ScriptRuntime.doTopCall (ScriptRuntime.java:3003) at org.mozilla.javascript.gen.c1.call(C:\temp\demo.js) at org.mozilla.javascript.gen.c1.exec(C:\temp\demo.js) at org.mozilla.javascript.Context.evaluateString(Context.java: 1088) at com.acme.script.ScriptHelper.call(ScriptHelper.java:514) at com.acme.script.ScriptHelper.call(ScriptHelper.java:407) at com.acme.demo.NumberNegativeEvent.service (NumberNegativeEvent.java:91) at com.acme.next.next.NextController.processCurrentEvent (NextController.java:622) at com.acme.next.next.NextController.processAllEvents (NextController.java:359) at com.acme.next.next.NextController.service(NextController.java: 181) at com.acme.next.Transaction.run(Transaction.java:136) at com.acme.next.TransactionObject.processTransaction (TransactionObject.java:94) at com.acme.next.Loader.processRequest(Loader.java:1052) at com.acme.next.Loader.doService(Loader.java:727) at com.acme.next.Loader.service(Loader.java:548) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper $ServletServiceAction.run(StubSecurityHelper.java:226) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet (StubSecurityHelper.java:124) at weblogic.servlet.internal.ServletStubImpl.execute (ServletStubImpl.java:283) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java: 26) at weblogic.servlet.internal.FilterChainImpl.doFilter (FilterChainImpl.java:42) at com.acme.next.FrameworkFilter.doFilter(FrameworkFilter.java: 564) at weblogic.servlet.internal.FilterChainImpl.doFilter (FilterChainImpl.java:42) at weblogic.servlet.internal.WebAppServletContext $ServletInvocationAction.run(WebAppServletContext.java:3368) at weblogic.security.acl.internal.AuthenticatedSubject.doAs (AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(Unknown Source) at weblogic.servlet.internal.WebAppServletContext.securedExecute (WebAppServletContext.java:2117) at weblogic.servlet.internal.WebAppServletContext.execute (WebAppServletContext.java:2023) at weblogic.servlet.internal.ServletRequestImpl.run (ServletRequestImpl.java:1359) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200) at weblogic.work.ExecuteThread.run(ExecuteThread.java:172) access: access allowed (java.io.FilePermission D:\bea\user_projects \domains\Demo\com\acme\demo\NumberAddEvent.class read) . . . If I grant the following permissions to codeBase "http://acme.com/ scripting" it works! permission java.io.FilePermission "D:${/}Demo${/}Demo${/}APP-INF$ {/}classes${/}-", "read"; permission java.io.FilePermission "D:${/}bea${/}user_projects${/} domains${/}Demo${/}servers${/}AdminServer${/}tmp${/}_WL_user${/}Demo$ {/}xa8amf${/}APP-INF${/}lib${/}js.jar", "read"; The question is, why do I need to give codeBase "http://acme.com/ scripting" these permissions? The script itself does not read any files. importPackage(java.lang); var demo = {}; demo.add99 = function( changeNumberForm ) { } It looks like some of the java code in the org.mozilla.javascript package is running with the permissions of codeBase "http://acme.com/scripting"; rather than the permissions of the caller. _______________________________________________ dev-tech-js-engine-rhino mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
