本文介绍了使用Java脚本编写的安全性(JRuby,Jython,Groovy,BeanShell等)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我希望运行一些未经验证的脚本(以一种尚未确定的语言编写,但需要基于Java,所以JRuby,Groovy,Jython,BeanShell等都是候选者)。我希望这些脚本能够做一些事情,并限制其他事情。



通常,我只需要使用Java的SecurityManager并完成它。这很简单,让我限制文件和网络访问,关闭JVM的能力等。这对于我想阻止的高级别内容来说很好。





我不相信这种类型的安全性可以通过标准的Java安全模型来完成,但也许可以。我对脚本语言本身的性能或灵活性没有具体的要求(脚本将通过基本的循环/分支对我的API进行简单的程序调用)。所以,即使是每次反射电话都检查安全检查的大开销也没有问题。



建议?

解决方案

Java安全API,所以可能有更好的方法来做到这一点。



我在,基于Java的Open来源企业CMS,我们实施了类似于您所描述的内容。我们希望允许使用脚本,但只能将一部分Java API暴露给脚本引擎。

我们选择了Rhino Engine for JavaScript脚本。它允许您控制哪些API暴露给JavaScript,从而允许我们选择哪些类可用,哪些不可用。据我们的工程师称,开销为10%左右 - 不算太坏。除此之外,这也可能与你有关,在Java方面,我们使用Acegi(现在称为Spring Security),并使用AOP来提供角色可以控制某个用户可以调用哪些方法。这对于授权非常有效。因此,实际上,首先通过JavaScript访问我们的应用的用户首先有一个受限制的API,然后基于授权可以进一步限制该API。因此,您可以使用AOP技术来进一步限制可以调用哪些方法,从而允许以其他脚本语言(例如Groovy等)公开此类方法。我们正在添加这些方法,并且相信我们的基础Java API保护用户免受未经授权的访问。

I'm looking to run some un-verified scripts (written in a yet-to-be-determined language, but needs to be Java-based, so JRuby, Groovy, Jython, BeanShell, etc are all candidates). I want these scripts to be able to do some things and restricted from doing other things.

Normally, I'd just go use Java's SecurityManager and be done with it. That's pretty simple and lets me restrict file and network access, the ability to shutdown the JVM, etc. And that will work well for the high level stuff I want to block off.

But there is some stuff I want to allow, but only via my custom API/library that I've providing. For example, I don't want to allow direct network access to open up a URLConnection to yahoo.com, but I am OK if it is done with MyURLConnection. That is - there is a set of methods/classes that I want to allow and then everything else I want to be off limits.

I don't believe this type of security can be done with the standard Java security model, but perhaps it can. I don't have a specific requirement for performance or flexibility in the scripting language itself (the scripts will be simple procedural calls to my API with basic looping/branching). So even a "large" overhead that checks a security check on every reflection call is fine by me.

Suggestions?

解决方案

Disclaimer: I am not an expert on Java Security APIs, so there may be a better way to do this.

I work for Alfresco, Java-based Open Source Enterprise CMS, and we implemented something similar to what you describe. We wanted to allow scripting, but only to expose a subset of our Java APIs to the scripting engine.

We chose Rhino Engine for JavaScript scripting. It allows you to control which APIs are exposed to JavaScript, which allows us to choose which classes are available, and which are not. The overhead, according to our engineers, is on the order of 10%- not too bad.

In addition to this, and this may be relevant to you as well, on the Java side, we use Acegi (now Spring Security), and use AOP to give role-based control over which methods a certain user can call. That works pretty well for authorization. So in effect, a user accessing our app through JavaScript first has a restricted API available to him in the first place, and then that API can be restricted even further based on authorization. So you could use the AOP techniques to further restrict which methods can be called, thus allowing to expose this in other scripting languages, such as Groovy, etc. We are in the process of adding those as well, having the confidence that our underlying Java APIs protect users from unauthorized access.

这篇关于使用Java脚本编写的安全性(JRuby,Jython,Groovy,BeanShell等)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-23 18:22