In fact, I have backported the API to work with the JDK 5. I don't use Rhino, provided with the jdk 6, but the version 1.6R7 downloaded on the mozilla site.
On 11 août, 19:27, Attila Szegedi <[email protected]> wrote: > Problem is, the Rhino bundled with Java 6 is a quite heavily modified > version and we don't know much about it. With plain Rhino, you'd be > able to use PolicySecurityController to enforce Java security policy > even on a per-script basis. I have no idea how much of these > mechanisms is actually exposed through the scripting API. > > Attila. > > On 2009.08.11., at 15:50, RhinoUser95 Rhino wrote: > > > Hi everybody, > > > Perhaps you know that since the version 6 of java, the JDK provides > > now a scripting API (javax.script) which enables the execution of > > differents script language, including the JavaScript through RHINO. I > > work currently on the development of a web application, which allows, > > for users, to execute their own scripts. Of course we need to forbid > > the use of differents package for the security of our application. > > That's why we have think to use the security property > > "access.package" ,available in the java.security file present in the > > JRE, and which list all packages which are banned in my class. This > > behaviour operates perfectly in my class but works partially when the > > script is interpreted through the method eval() of the same scripting > > API : In fact, in the packages "blacklisted", only the packages from > > the JDK, causes an exception during the instanciation of the objects. > > There are no exceptions when we instantiate objects from our own > > packages "com.foo" but also "blacklisted" ;( > > > My question is the following : Does Rhino has its own classloader to > > import the packages java (through the method importPackage() ) ? And > > if yes, why this same classloader doesn't calls the security manager ? > > > I hope it's enough clear to understand my situation... > > > Thank you in advance ;) > > > Technical details : My application server is "weblogic 10.0" _______________________________________________ dev-tech-js-engine-rhino mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
