You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Nashorn script security permissions

 

When you call "eval" method on ScriptEngine passing a String or a Reader, the script is treated as untrusted and so it gets only permissions given to "sandbox" code. The nashorn script evaluated does not inherit permissions of the calling Java code. This is because nashorn engine receives script whose origin URL is unknown. How can we then grant permissions for specific scripts? We may have trusted local scripts which could be given more permissions than a sandbox/untrusted script.

URLReader

Instead of passing a String or any other Reader to "eval" method, you can pass an instance of jdk.nashorn.api.scripting.URLReader. URLReader constructor accepts a URL. With that, you can grant permissions to a specific script by using URL of the script in your security policy file.

 

 

 

 

 

  • No labels


Terms * Trademarks * License: GPLv2 * Contact Us * Privacy