If your script loaded from a URL (via 'load' call), then you can use
that URL in policy file and give permissions to that script. If it is
"eval", you always get a 'sandbox' script. If you're using
ScriptEngine.eval with a Reader, then you can pass a
jdk.nashorn.api.scripting.URLReader
(https://docs.oracle.com/javase/8/docs/jdk/api/nashorn/jdk/nashorn/api/scripting/URLReader.html).
In that case, the underlying URL is the code origin and you can give
permissions to that URL in your policy.
hope this helps,
-Sundar
On 10/6/2015 9:20 PM, Richard Evans wrote:
I'm running with a Java Security manager, trying to give permissions to
compiled Nashorn JavaScript, but cannot find the right codebase.
Some debug has shown an access control context entry like:
ProtectionDomain (null <no signer certificates>)
HYPERLINK
"mailto:jdk.nashorn.internal.runtime.ScriptLoader@67e1a6ee"jdk.nashorn.internal.runtime.ScriptLoader@67e1a6ee
<no principals>
HYPERLINK
"mailto:java.security.Permissions@28443842"java.security.Permissions@28443842 (
("java.lang.RuntimePermission"
"accessClassInPackage.jdk.nashorn.internal.runtime")
("java.lang.RuntimePermission"
"accessClassInPackage.jdk.nashorn.internal.scripts")
("java.lang.RuntimePermission"
"accessClassInPackage.jdk.nashorn.internal.objects")
("java.lang.RuntimePermission"
"accessClassInPackage.jdk.nashorn.internal.runtime.linker")
("java.lang.RuntimePermission"
"accessClassInPackage.jdk.nashorn.internal.runtime.arrays")
)
Looks like the codebase is null - how can this be specified in a policy file?
Or can the codebase be set somewhere?
Thanks
Richard
