tags:

views:

113

answers:

2
+1  Q: 

Java Security Manager for JRuby

When using Java Security Manager for Jruby scripts, Is it possible give a particular script alone full permissions?

+1  A: 

If you mean using the same security manager for different scripts that applies different permissions, then the answer is no, unless you write the security manager yourself to somehow be script-aware. There's no way to specify a script in a security policy file (like you would for classes). I see two options at the moment:

  1. Write a custom security manager that can be made aware of what script is running,
  2. Compile JRuby scripts to Java classes (using jrubyc --java) and apply the permissions to the different Java classes.

For help with 2, I suggest taking a look at Charlie's recent post.

Nick Sieger  2010-06-03 12:27:40
Can you please elaborate on the first answer? Is it possible to make the security manger to be aware of what scripts are running?
 2010-06-03 14:26:20
You'll need to drive your script with the JRuby embedding API to ensure that you can reach the runtime structures from within the security manager. Here's a small example to give you an idea:http://gist.github.com/443025(Beware that the APIs that are outside of the `org.jruby.embed` package are subject to change.)
Nick Sieger  2010-06-18 00:35:10
I'm using JSR223 and it works this way too! Thanks for your help! :)
 2010-06-22 14:59:01
+1  A: 

There is potentially another answer: if you have separate security managers you want to apply to separate scripts, then you can always spin up separate JRuby instances in separate classloaders. They won't share anything and should remain pretty isolated. But Nick is right, there's nothing built into JRuby to sandbox individual scripts at the moment, and we don't have any plans to do so...

Charles Oliver Nutter  2010-06-04 03:38:55
Is it possible to get atleast some info about the script that is currently running? for example, using invokeFunction in java I call a function in ruby script which in-turn calls a function in another script and so on..
 2010-06-07 05:22:34
This is possible but would take some digging; when interpreting code, you can't see anything but JRuby interpreter frames on the Java stack. You have a couple options:* Explore org.jruby.runtime.ThreadContext and org.jruby.runtime.Frame, the internal runtime structures we use to represent a running Ruby thread and the Ruby calls it is interpreting.* Force everything to compile before executing, so that the script names will show up in a Java backtrace.
Charles Oliver Nutter  2010-06-10 05:50:16
Thank you for the help, I got it working! :)
 2010-06-14 13:04:03

related questions

Casting Java Objects From JRuby
Why does JRuby not recognize BigNums while Ruby does?
Glassfish in real world
Security with Java Scripting (JRuby, Jython, Groovy, BeanShell, etc)
JRuby/Windows and (native) extensions how do I distinguish them?
how to configure tomcat to handle rhtml pages using jruby?
JRuby vs YARV performance ---notable difference?
Asynchronous alarm signal
Conditional gem dependencies
JRuby on Rails deployment
Can I import Java class files into JRuby?
Java/JRuby on Rails vs .NET 3.5... feel like I'm doing it wrong
Rails Schema creation problem
JRuby and Java objects
Groovy advantages over Jython or Jruby?
Preserving JRuby gems between upgrades
JRuby on Rails vs. Ruby on Rails, what's difference?
What's the best way to deploy a JRuby on Rails application to Tomcat?
How can I determine if a different process id is running using Java or JRuby on Linux?
How do I find my PID in Java or JRuby on Linux?
Differences between Ruby VMs
Is it possible to compile a Rails app to a Java VM JAR file?
UI design alternatives with Groovy/JRuby/Jython or other JVM languages ?
Problem installing warbler gem on linux
Which ruby interpreter are you looking forward to?