rameeshm commented on code in PR #1002:
URL: https://github.com/apache/ranger/pull/1002#discussion_r3373895245
##########
agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java:
##########
@@ -19,72 +19,61 @@
package org.apache.ranger.plugin.util;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.Path;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.script.Bindings;
-import javax.script.ScriptContext;
import javax.script.ScriptEngine;
-import javax.script.ScriptEngineManager;
-import java.io.File;
-import java.io.FilenameFilter;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import static java.util.Objects.requireNonNull;
+import java.lang.reflect.Executable;
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.util.function.Predicate;
public class GraalScriptEngineCreator implements ScriptEngineCreator {
private static final Logger LOG =
LoggerFactory.getLogger(GraalScriptEngineCreator.class);
- private static final String ENGINE_NAME = "graal.js";
- private static final String CONFIG_PREDIX_JVM = "polyglot";
- private static final String CONFIG_PREDIX_PLUGIN =
"ranger.plugin.script.";
- private static final String CONFIG_JAVA_CLASS_PATH = "java.class.path";
-
- // instance variables
- private final Map<String, Boolean> graalVmConfigs = new HashMap<>();
+ private static final String ENGINE_NAME = "graal.js";
+ private static final String CLS_HOST_ACCESS =
"org.graalvm.polyglot.HostAccess";
+ private static final String CLS_HOST_ACCESS_BUILDER =
"org.graalvm.polyglot.HostAccess$Builder";
+ private static final String CLS_CONTEXT = "org.graalvm.polyglot.Context";
+ private static final String CLS_CONTEXT_BUILDER =
"org.graalvm.polyglot.Context$Builder";
+ private static final String CLS_ENGINE = "org.graalvm.polyglot.Engine";
+ private static final String CLS_GRAAL_JS_ENGINE =
"com.oracle.truffle.js.scriptengine.GraalJSScriptEngine";
+
+ // Script-API classes whose public instance methods are exported to
scripts.
+ // getDeclaredMethods() returns only methods declared directly in each
class,
+ // NOT inherited ones (e.g. Object.getClass()) — so the reflection chain is
+ // closed without needing @HostAccess.Export annotations on those classes.
+ private static final String[] SCRIPT_API_CLASSES = new String[] {
+
"org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator",
+ "org.apache.ranger.plugin.contextenricher.RangerTagForEval"
+ };
+ private final Method createMethod;
+ private final Object ctxBuilder;
- // default constructor
public GraalScriptEngineCreator() {
- Map<String, Boolean> graalVmConfigsDefault = new HashMap<>(4);
//setting smallest size, which is big enough to avoid expand
- Configuration configuration = new Configuration();
- FilenameFilter fileNameFilter = (dir, name) ->
name.startsWith("ranger-") && name.endsWith("security.xml");
-
- graalVmConfigsDefault.put("polyglot.js.allowHostAccess",
Boolean.TRUE); //default is true for backward(Nashorn) compatibility
- graalVmConfigsDefault.put("polyglot.js.nashorn-compat", Boolean.TRUE);
//default is true for backward(Nashorn) compatibility
-
- for (String file : findFiles(fileNameFilter)) {
- configuration.addResource(new Path(file));
+ Method createMeth = null;
Review Comment:
Rename createMeth => createMethodToExec? or some meaningful variable name
##########
agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java:
##########
@@ -96,68 +85,37 @@ public ScriptEngine getScriptEngine(ClassLoader clsLoader) {
return ret;
}
- private Map<String, Boolean> getGraalVmConfigs(Configuration
configuration, Map<String, Boolean> graalVmConfigsDefault) {
- LOG.debug("===>> GraalScriptEngineCreator.getGraalVmConfigs()");
-
- Map<String, Boolean> ret = new HashMap<>();
-
- // set configs from ranger security config values, if present
- for (Map.Entry<String, String> entry :
configuration.getPropsWithPrefix(CONFIG_PREDIX_PLUGIN).entrySet()) {
- String key = entry.getKey();
- String value = entry.getValue();
-
- if (StringUtils.isNotBlank(value)) {
- ret.put(key, Boolean.valueOf(value));
- }
- }
-
- // add JVM options if not already set
- for (Map.Entry<Object, Object> entry :
System.getProperties().entrySet()) {
- if (entry.getKey().toString().startsWith(CONFIG_PREDIX_JVM)) {
- String key = entry.getKey().toString();
- String value = entry.getValue().toString();
-
- if (StringUtils.isNotBlank(value) && ret.get(key) == null) {
- ret.put(key, Boolean.valueOf(value));
+ private Object buildHostAccess() throws Exception {
+ Class<?> hostAccessCls = Class.forName(CLS_HOST_ACCESS);
+ Class<?> haBuilderCls = Class.forName(CLS_HOST_ACCESS_BUILDER);
+ Object haBuilder = hostAccessCls.getMethod("newBuilder").invoke(null);
+ Method allowAccessMeth = haBuilderCls.getMethod("allowAccess",
Executable.class);
Review Comment:
allowAccessMeth => allowAccessMethodToExec?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
