Review request for JDK-8135251: Use Unsafe.defineAnonymousClass for loading Nashorn script code

Attila Szegedi attila.szegedi at oracle.com
Wed Sep 9 20:43:34 UTC 2015 

If I load one class from x.js and another from y.js and I have a security.policy file that says:

grant codeBase “x.js” {
    … some permissions ...
}

grant codeBase “y.js” {
    … some different permissions ...
}

then the class containing code compiled from x.js and y.js belongs to different protection domains. They can’t have the same host class. I need to create one host class with CodeSource representing the URL of x.js and one representing the URL of y.js so that a call to SecureClassLoader.defineClass(…, CodeSource) will instantiate them in appropriate protection domains based on their code source.

Attila.

> On Sep 9, 2015, at 9:05 PM, forax at univ-mlv.fr wrote:
> 
> If you create one class in an empty package (like with sun.invoke.empty.Empty) and use it as host class, it should be ok, no ?
> 
> Rémi
> 
> ----- Mail original -----
>> De: "Attila Szegedi" <attila.szegedi at oracle.com>
>> À: "Remi Forax" <forax at univ-mlv.fr>
>> Cc: nashorn-dev at openjdk.java.net
>> Envoyé: Mercredi 9 Septembre 2015 16:56:50
>> Objet: Re: Review request for JDK-8135251: Use Unsafe.defineAnonymousClass for	loading Nashorn script code
>> 
>> There’s one host class per CodeSource. Host classes provide their
>> ProtectionDomain to the anonymous classes, and we must code for running
>> under a security manager.
>> 
>>> On Sep 9, 2015, at 4:40 PM, Remi Forax <forax at univ-mlv.fr> wrote:
>>> 
>>> Hi Attila,
>>> in your patch you're using several different host classes (i beleive one by
>>> script) and i don't understand why ?
>>> 
>>> cheers,
>>> Rémi
>>> 
>>> On 09/09/2015 03:35 PM, Attila Szegedi wrote:
>>>> Please review JDK-8135251 "Use Unsafe.defineAnonymousClass for loading
>>>> Nashorn script code" at
>>>> <http://cr.openjdk.java.net/~attila/8135251/webrev.jdk9> for
>>>> <https://bugs.openjdk.java.net/browse/JDK-8135251>
>>>> 
>>>> Implementation notes are in
>>>> <https://bugs.openjdk.java.net/browse/JDK-8135251?focusedCommentId=13841379&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13841379
>>>> <https://bugs.openjdk.java.net/browse/JDK-8135251?focusedCommentId=13841379&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13841379>>
>>>> 
>>>> Thanks,
>>>> Attila.
>>> 
>> 
>>

More information about the nashorn-dev mailing list