how to forbid some methods for an object

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

how to forbid some methods for an object

Mikhail Maroukhine
Hello All,

I there possibility to forbid certain object' s methods?

For example, I would like to forbid the following methods execution from
BeanShell script

System.exit
java.io.File.delete
...

--

WBR,
Mikhail


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users
Reply | Threaded
Open this post in threaded view
|

Re: how to forbid some methods for an object

David Lee
There is no way that I know of.

----- Original Message -----
From: "Mikhail Maroukhine" <[hidden email]>
To: <[hidden email]>
Sent: Wednesday, May 02, 2007 11:43 PM
Subject: [Beanshell-users] how to forbid some methods for an object


> Hello All,
>
> I there possibility to forbid certain object' s methods?
>
> For example, I would like to forbid the following methods execution from
> BeanShell script
>
> System.exit
> java.io.File.delete
> ...
>
> --
>
> WBR,
> Mikhail
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Beanshell-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/beanshell-users
>

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users
Reply | Threaded
Open this post in threaded view
|

Re: how to forbid some methods for an object

Jan de Visser
On Friday 04 May 2007 11:01:12 David A. Lee wrote:
> There is no way that I know of.

You would be mistaken:

http://java.sun.com/j2se/1.5.0/docs/api/java/lang/SecurityManager.html

jan

>
> ----- Original Message -----
> From: "Mikhail Maroukhine" <[hidden email]>
> To: <[hidden email]>
> Sent: Wednesday, May 02, 2007 11:43 PM
> Subject: [Beanshell-users] how to forbid some methods for an object
>
> > Hello All,
> >
> > I there possibility to forbid certain object' s methods?
> >
> > For example, I would like to forbid the following methods execution from
> > BeanShell script
> >
> > System.exit
> > java.io.File.delete
> > ...
> >
> > --
> >
> > WBR,
> > Mikhail
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Beanshell-users mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/beanshell-users
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 expre
ss and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Beanshell-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/beanshell-users



--
--------------------------------------------------------------
Jan de Visser                     [hidden email]

                Baruk Khazad! Khazad ai-menu!
--------------------------------------------------------------

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users
Reply | Threaded
Open this post in threaded view
|

Re: how to forbid some methods for an object

David Lee
Could you suggest how to use this to restrict beanshell *script* operations
but not restrict other java code in the same JVM ?


----- Original Message -----
From: "Jan de Visser" <[hidden email]>
To: <[hidden email]>; "David A. Lee"
<[hidden email]>
Cc: "Mikhail Maroukhine" <[hidden email]>
Sent: Friday, May 04, 2007 10:20 AM
Subject: Re: [Beanshell-users] how to forbid some methods for an object


> On Friday 04 May 2007 11:01:12 David A. Lee wrote:
>> There is no way that I know of.
>
> You would be mistaken:
>
> http://java.sun.com/j2se/1.5.0/docs/api/java/lang/SecurityManager.html
>
> jan
>
>>
>> ----- Original Message -----
>> From: "Mikhail Maroukhine" <[hidden email]>
>> To: <[hidden email]>
>> Sent: Wednesday, May 02, 2007 11:43 PM
>> Subject: [Beanshell-users] how to forbid some methods for an object
>>
>> > Hello All,
>> >
>> > I there possibility to forbid certain object' s methods?
>> >
>> > For example, I would like to forbid the following methods execution
>> > from
>> > BeanShell script
>> >
>> > System.exit
>> > java.io.File.delete
>> > ...
>> >
>> > --
>> >
>> > WBR,
>> > Mikhail
>> >
>> >
>> > -------------------------------------------------------------------------
>> > This SF.net email is sponsored by DB2 Express
>> > Download DB2 Express C - the FREE version of DB2 express and take
>> > control of your XML. No limits. Just data. Click to get it now.
>> > http://sourceforge.net/powerbar/db2/
>> > _______________________________________________
>> > Beanshell-users mailing list
>> > [hidden email]
>> > https://lists.sourceforge.net/lists/listinfo/beanshell-users
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by DB2 Express
>> Download DB2 Express C - the FREE version of DB2 expre
> ss and take
>> control of your XML. No limits. Just data. Click to get it now.
>> http://sourceforge.net/powerbar/db2/
>> _______________________________________________
>> Beanshell-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/beanshell-users
>
>
>
> --
> --------------------------------------------------------------
> Jan de Visser [hidden email]
>
> Baruk Khazad! Khazad ai-menu!
> --------------------------------------------------------------
>


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users
Reply | Threaded
Open this post in threaded view
|

Re: how to forbid some methods for an object

Jan de Visser
On Friday 04 May 2007 11:24:25 David A. Lee wrote:
> Could you suggest how to use this to restrict beanshell *script* operations
> but not restrict other java code in the same JVM ?

Set a threadlocal or something before doing the eval() and have your
SecurityManager pay attention to that? I think you can set up ThreadLocals so
that they inherit their value from the thread spawning new a new thread, so
that would even work for threads spawned by the bsh code. (Checks) yes, use
InheritableThreadLocal.

Caveat: never tried it.

jan

>
>
> ----- Original Message -----
> From: "Jan de Visser" <[hidden email]>
> To: <[hidden email]>; "David A. Lee"
> <[hidden email]>
> Cc: "Mikhail Maroukhine" <[hidden email]>
> Sent: Friday, May 04, 2007 10:20 AM
> Subject: Re: [Beanshell-users] how to forbid some methods for an object
>
> > On Friday 04 May 2007 11:01:12 David A. Lee wrote:
> >> There is no way that I know of.
> >
> > You would be mistaken:
> >
> > http://java.sun.com/j2se/1.5.0/docs/api/java/lang/SecurityManager.html
> >
> > jan
> >
> >> ----- Original Message -----
> >> From: "Mikhail Maroukhine" <[hidden email]>
> >> To: <[hidden email]>
> >> Sent: Wednesday, May 02, 2007 11:43 PM
> >> Subject: [Beanshell-users] how to forbid some methods for an object
> >>
> >> > Hello All,
> >> >
> >> > I there possibility to forbid certain object' s methods?
> >> >
> >> > For example, I would like to forbid the following methods execution
> >> > from
> >> > BeanShell script
> >> >
> >> > System.exit
> >> > java.io.File.delete
> >> > ...
> >> >
> >> > --
> >> >
> >> > WBR,
> >> > Mikhail
> >> >
> >> >
> >> > ----------------------------------------------------------------------
> >> >--- This SF.net email is sponsored by DB2 Express
> >> > Download DB2 Express C - the FREE version of DB2 express and take
> >> > control of your XML. No limits. Just data. Click to get it now.
> >> > http://sourceforge.net/powerbar/db2/
> >> > _______________________________________________
> >> > Beanshell-users mailing list
> >> > [hidden email]
> >> > https://lists.sourceforge.net/lists/listinfo/beanshell-users
> >>
> >> ------------------------------------------------------------------------
> >>- This SF.net email is sponsored by DB2 Express
> >> Download DB2 Express C - the FREE version of DB2 expre
> >
> > ss and take
> >
> >> control of your XML. No limits. Just data. Click to get it now.
> >> http://sourceforge.net/powerbar/db2/
> >> _______________________________________________
> >> Beanshell-users mailing list
> >> [hidden email]
> >> https://lists.sourceforge.net/lists/listinfo/beanshell-users
> >
> > --
> > --------------------------------------------------------------
> > Jan de Visser [hidden email]
> >
> > Baruk Khazad! Khazad ai-menu!
> > --------------------------------------------------------------



--
--------------------------------------------------------------
Jan de Visser                     [hidden email]

                Baruk Khazad! Khazad ai-menu!
--------------------------------------------------------------

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users
Reply | Threaded
Open this post in threaded view
|

Re: how to forbid some methods for an object

David Lee
Thank you ! This might be worth a try :)
Still concerned about java code in the beanshell *interpreter* code in the
eval being blocked ... but maybe some fancy stack checks could handle that.
Also there is code by classes that I provide which I want to allow access to
... but in each of those entry points I could set yet another flag ... so
yes it may well be possible (but tedious as hell ...)

I'd love a feature builtin to beanshell which has its own concept of
security management so that native java classes called by scripts are free
to do what they want but the scripted code is more managed.



----- Original Message -----
From: "Jan de Visser" <[hidden email]>
To: "David A. Lee" <[hidden email]>
Cc: <[hidden email]>; "Mikhail Maroukhine"
<[hidden email]>
Sent: Friday, May 04, 2007 10:33 AM
Subject: Re: [Beanshell-users] how to forbid some methods for an object


> On Friday 04 May 2007 11:24:25 David A. Lee wrote:
>> Could you suggest how to use this to restrict beanshell *script*
>> operations
>> but not restrict other java code in the same JVM ?
>
> Set a threadlocal or something before doing the eval() and have your
> SecurityManager pay attention to that? I think you can set up ThreadLocals
> so
> that they inherit their value from the thread spawning new a new thread,
> so
> that would even work for threads spawned by the bsh code. (Checks) yes,
> use
> InheritableThreadLocal.
>
> Caveat: never tried it.
>
> jan
>
>>
>>
>> ----- Original Message -----
>> From: "Jan de Visser" <[hidden email]>
>> To: <[hidden email]>; "David A. Lee"
>> <[hidden email]>
>> Cc: "Mikhail Maroukhine" <[hidden email]>
>> Sent: Friday, May 04, 2007 10:20 AM
>> Subject: Re: [Beanshell-users] how to forbid some methods for an object
>>
>> > On Friday 04 May 2007 11:01:12 David A. Lee wrote:
>> >> There is no way that I know of.
>> >
>> > You would be mistaken:
>> >
>> > http://java.sun.com/j2se/1.5.0/docs/api/java/lang/SecurityManager.html
>> >
>> > jan
>> >
>> >> ----- Original Message -----
>> >> From: "Mikhail Maroukhine" <[hidden email]>
>> >> To: <[hidden email]>
>> >> Sent: Wednesday, May 02, 2007 11:43 PM
>> >> Subject: [Beanshell-users] how to forbid some methods for an object
>> >>
>> >> > Hello All,
>> >> >
>> >> > I there possibility to forbid certain object' s methods?
>> >> >
>> >> > For example, I would like to forbid the following methods execution
>> >> > from
>> >> > BeanShell script
>> >> >
>> >> > System.exit
>> >> > java.io.File.delete
>> >> > ...
>> >> >
>> >> > --
>> >> >
>> >> > WBR,
>> >> > Mikhail
>> >> >
>> >> >
>> >> > ----------------------------------------------------------------------
>> >> >--- This SF.net email is sponsored by DB2 Express
>> >> > Download DB2 Express C - the FREE version of DB2 express and take
>> >> > control of your XML. No limits. Just data. Click to get it now.
>> >> > http://sourceforge.net/powerbar/db2/
>> >> > _______________________________________________
>> >> > Beanshell-users mailing list
>> >> > [hidden email]
>> >> > https://lists.sourceforge.net/lists/listinfo/beanshell-users
>> >>
>> >> ------------------------------------------------------------------------
>> >>- This SF.net email is sponsored by DB2 Express
>> >> Download DB2 Express C - the FREE version of DB2 expre
>> >
>> > ss and take
>> >
>> >> control of your XML. No limits. Just data. Click to get it now.
>> >> http://sourceforge.net/powerbar/db2/
>> >> _______________________________________________
>> >> Beanshell-users mailing list
>> >> [hidden email]
>> >> https://lists.sourceforge.net/lists/listinfo/beanshell-users
>> >
>> > --
>> > --------------------------------------------------------------
>> > Jan de Visser [hidden email]
>> >
>> > Baruk Khazad! Khazad ai-menu!
>> > --------------------------------------------------------------
>
>
>
> --
> --------------------------------------------------------------
> Jan de Visser [hidden email]
>
> Baruk Khazad! Khazad ai-menu!
> --------------------------------------------------------------
>


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users
Reply | Threaded
Open this post in threaded view
|

Re: how to forbid some methods for an object

Alexey Zinger
In reply to this post by Jan de Visser
Looks good on paper.  The only issue I can think of is spawning Runnable
objects that are tied to the GUI thread via SwingUtilities.invokeLater.  But I
guess one can restrict SwingUtilities class as well.

--- Jan de Visser <[hidden email]> wrote:

> On Friday 04 May 2007 11:24:25 David A. Lee wrote:
> > Could you suggest how to use this to restrict beanshell *script* operations
> > but not restrict other java code in the same JVM ?
>
> Set a threadlocal or something before doing the eval() and have your
> SecurityManager pay attention to that? I think you can set up ThreadLocals so
>
> that they inherit their value from the thread spawning new a new thread, so
> that would even work for threads spawned by the bsh code. (Checks) yes, use
> InheritableThreadLocal.
>
> Caveat: never tried it.
>
> jan
>
> >
> >
> > ----- Original Message -----
> > From: "Jan de Visser" <[hidden email]>
> > To: <[hidden email]>; "David A. Lee"
> > <[hidden email]>
> > Cc: "Mikhail Maroukhine" <[hidden email]>
> > Sent: Friday, May 04, 2007 10:20 AM
> > Subject: Re: [Beanshell-users] how to forbid some methods for an object
> >
> > > On Friday 04 May 2007 11:01:12 David A. Lee wrote:
> > >> There is no way that I know of.
> > >
> > > You would be mistaken:
> > >
> > > http://java.sun.com/j2se/1.5.0/docs/api/java/lang/SecurityManager.html
> > >
> > > jan
> > >
> > >> ----- Original Message -----
> > >> From: "Mikhail Maroukhine" <[hidden email]>
> > >> To: <[hidden email]>
> > >> Sent: Wednesday, May 02, 2007 11:43 PM
> > >> Subject: [Beanshell-users] how to forbid some methods for an object
> > >>
> > >> > Hello All,
> > >> >
> > >> > I there possibility to forbid certain object' s methods?
> > >> >
> > >> > For example, I would like to forbid the following methods execution
> > >> > from
> > >> > BeanShell script
> > >> >
> > >> > System.exit
> > >> > java.io.File.delete
> > >> > ...
> > >> >
> > >> > --
> > >> >
> > >> > WBR,
> > >> > Mikhail
> > >> >
> > >> >
> > >> > ----------------------------------------------------------------------
> > >> >--- This SF.net email is sponsored by DB2 Express
> > >> > Download DB2 Express C - the FREE version of DB2 express and take
> > >> > control of your XML. No limits. Just data. Click to get it now.
> > >> > http://sourceforge.net/powerbar/db2/
> > >> > _______________________________________________
> > >> > Beanshell-users mailing list
> > >> > [hidden email]
> > >> > https://lists.sourceforge.net/lists/listinfo/beanshell-users
> > >>
> > >> ------------------------------------------------------------------------
> > >>- This SF.net email is sponsored by DB2 Express
> > >> Download DB2 Express C - the FREE version of DB2 expre
> > >
> > > ss and take
> > >
> > >> control of your XML. No limits. Just data. Click to get it now.
> > >> http://sourceforge.net/powerbar/db2/
> > >> _______________________________________________
> > >> Beanshell-users mailing list
> > >> [hidden email]
> > >> https://lists.sourceforge.net/lists/listinfo/beanshell-users
> > >
> > > --
> > > --------------------------------------------------------------
> > > Jan de Visser [hidden email]
> > >
> > > Baruk Khazad! Khazad ai-menu!
> > > --------------------------------------------------------------
>
>
>
> --
> --------------------------------------------------------------
> Jan de Visser                     [hidden email]
>
>                 Baruk Khazad! Khazad ai-menu!
> --------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Beanshell-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/beanshell-users
>


Alexey
2001 Honda CBR600F4i (CCS)
1992 Kawasaki EX500
http://azinger.blogspot.com
http://bsheet.sourceforge.net
http://wcollage.sourceforge.net


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users