Comments on: Security with Java Scripting (JRuby, Jython, Groovy, BeanShell, etc) http://lightbody.net/blog/2009/02/security-with-java-scriting-jruby-jython-groovy-beanshell-etc.html Patrick Lightbody's personal blog Tue, 17 Aug 2010 05:51:56 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: Don Brown http://lightbody.net/blog/2009/02/security-with-java-scriting-jruby-jython-groovy-beanshell-etc.html/comment-page-1#comment-1233 Don Brown Tue, 10 Feb 2009 12:46:12 +0000 http://lightbody.net/blog/2009/02/security-with-java-scriting-jruby-jython-groovy-beanshell-etc.html#comment-1233 I'd recommend looking at Rhino (JavaScript). You can hide access to any Java class, and even intercept specific methods of Java classes. There are plenty of books out there on the language, so it'll be easy for your users to pick up, and Rhino even has a built in debugger. Don't know if it matters, but Rhino is one of the fastest, if not the fastest, scripting languages for Java. I’d recommend looking at Rhino (JavaScript). You can hide access to any Java class, and even intercept specific methods of Java classes. There are plenty of books out there on the language, so it’ll be easy for your users to pick up, and Rhino even has a built in debugger. Don’t know if it matters, but Rhino is one of the fastest, if not the fastest, scripting languages for Java.

]]> By: Yuri Schimke http://lightbody.net/blog/2009/02/security-with-java-scriting-jruby-jython-groovy-beanshell-etc.html/comment-page-1#comment-1232 Yuri Schimke Tue, 10 Feb 2009 09:27:11 +0000 http://lightbody.net/blog/2009/02/security-with-java-scriting-jruby-jython-groovy-beanshell-etc.html#comment-1232 Isn't this what AccessController.doPrivileged() is intended for? http://java.sun.com/j2se/1.4.2/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction) Your codebase for MyURLConnection would be given extra rights, and can propagate that to code that it is calling. Isn’t this what AccessController.doPrivileged() is intended for?

http://java.sun.com/j2se/1.4.2/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)

Your codebase for MyURLConnection would be given extra rights, and can propagate that to code that it is calling.

]]> By: Peter Kelley http://lightbody.net/blog/2009/02/security-with-java-scriting-jruby-jython-groovy-beanshell-etc.html/comment-page-1#comment-1231 Peter Kelley Tue, 10 Feb 2009 00:03:41 +0000 http://lightbody.net/blog/2009/02/security-with-java-scriting-jruby-jython-groovy-beanshell-etc.html#comment-1231 I'm not saying that this is possible (I'd have to do some digging myself) but have you looked at using Spring Security? I’m not saying that this is possible (I’d have to do some digging myself) but have you looked at using Spring Security?

]]>