What is codebase for compiled Nashorn scripts?
Sundararajan Athijegannathan
sundararajan.athijegannathan at oracle.com
Tue Oct 6 16:27:37 UTC 2015
If your script loaded from a URL (via 'load' call), then you can use
that URL in policy file and give permissions to that script. If it is
"eval", you always get a 'sandbox' script. If you're using
ScriptEngine.eval with a Reader, then you can pass a
jdk.nashorn.api.scripting.URLReader
(https://docs.oracle.com/javase/8/docs/jdk/api/nashorn/jdk/nashorn/api/scripting/URLReader.html).
In that case, the underlying URL is the code origin and you can give
permissions to that URL in your policy.
hope this helps,
-Sundar
On 10/6/2015 9:20 PM, Richard Evans wrote:
> I'm running with a Java Security manager, trying to give permissions to compiled Nashorn JavaScript, but cannot find the right codebase.
>
>
>
> Some debug has shown an access control context entry like:
>
>
>
> ProtectionDomain (null <no signer certificates>)
>
> HYPERLINK "mailto:jdk.nashorn.internal.runtime.ScriptLoader at 67e1a6ee"jdk.nashorn.internal.runtime.ScriptLoader at 67e1a6ee
>
> <no principals>
>
> HYPERLINK "mailto:java.security.Permissions at 28443842"java.security.Permissions at 28443842 (
>
> ("java.lang.RuntimePermission" "accessClassInPackage.jdk.nashorn.internal.runtime")
>
> ("java.lang.RuntimePermission" "accessClassInPackage.jdk.nashorn.internal.scripts")
>
> ("java.lang.RuntimePermission" "accessClassInPackage.jdk.nashorn.internal.objects")
>
> ("java.lang.RuntimePermission" "accessClassInPackage.jdk.nashorn.internal.runtime.linker")
>
> ("java.lang.RuntimePermission" "accessClassInPackage.jdk.nashorn.internal.runtime.arrays")
>
> )
>
>
>
> Looks like the codebase is null - how can this be specified in a policy file? Or can the codebase be set somewhere?
>
>
>
> Thanks
>
>
>
> Richard
>
>
>
More information about the nashorn-dev
mailing list