使用Java脚本编写的安全性(JRuby,Jython,Groovy,BeanShell等) [英] Security with Java Scripting (JRuby, Jython, Groovy, BeanShell, etc)
问题描述
通常,我只需要使用Java的SecurityManager并完成它。这很简单,让我限制文件和网络访问,关闭JVM的能力等。这对于我想阻止的高级别内容来说很好。
<但有一些我想允许的东西,但只能通过我提供的自定义API /库。例如,我不想允许直接网络访问来打开yahoo.com的URLConnection,但如果使用MyURLConnection完成操作,则可以。那就是 - 我想要允许的一组方法/类,然后我想要限制其他方法。
我不相信这种类型的安全性可以通过标准的Java安全模型来完成,但也许可以。我对脚本语言本身的性能或灵活性没有具体的要求(脚本将通过基本的循环/分支对我的API进行简单的程序调用)。所以,即使是每次反射电话都检查安全检查的大开销也没有问题。
建议?
Java安全API,所以可能有更好的方法来做到这一点。
我在 Alfresco ,基于Java的Open来源企业CMS,我们实施了类似于您所描述的内容。我们希望允许使用脚本,但只能将一部分Java API暴露给脚本引擎。
我们选择了Rhino Engine for JavaScript脚本。它允许您控制哪些API暴露给JavaScript,从而允许我们选择哪些类可用,哪些不可用。据我们的工程师称,开销为10%左右 - 不算太坏。除此之外,这也可能与你有关,在Java方面,我们使用Acegi(现在称为Spring Security),并使用AOP来提供角色可以控制某个用户可以调用哪些方法。这对于授权非常有效。因此,实际上,首先通过JavaScript访问我们的应用的用户首先有一个受限制的API,然后基于授权可以进一步限制该API。因此,您可以使用AOP技术来进一步限制可以调用哪些方法,从而允许以其他脚本语言(例如Groovy等)公开此类方法。我们正在添加这些方法,并且相信我们的基础Java API保护用户免受未经授权的访问。
I'm looking to run some un-verified scripts (written in a yet-to-be-determined language, but needs to be Java-based, so JRuby, Groovy, Jython, BeanShell, etc are all candidates). I want these scripts to be able to do some things and restricted from doing other things.
Normally, I'd just go use Java's SecurityManager and be done with it. That's pretty simple and lets me restrict file and network access, the ability to shutdown the JVM, etc. And that will work well for the high level stuff I want to block off.
But there is some stuff I want to allow, but only via my custom API/library that I've providing. For example, I don't want to allow direct network access to open up a URLConnection to yahoo.com, but I am OK if it is done with MyURLConnection. That is - there is a set of methods/classes that I want to allow and then everything else I want to be off limits.
I don't believe this type of security can be done with the standard Java security model, but perhaps it can. I don't have a specific requirement for performance or flexibility in the scripting language itself (the scripts will be simple procedural calls to my API with basic looping/branching). So even a "large" overhead that checks a security check on every reflection call is fine by me.
Suggestions?
Disclaimer: I am not an expert on Java Security APIs, so there may be a better way to do this.
I work for Alfresco, Java-based Open Source Enterprise CMS, and we implemented something similar to what you describe. We wanted to allow scripting, but only to expose a subset of our Java APIs to the scripting engine.
We chose Rhino Engine for JavaScript scripting. It allows you to control which APIs are exposed to JavaScript, which allows us to choose which classes are available, and which are not. The overhead, according to our engineers, is on the order of 10%- not too bad.
In addition to this, and this may be relevant to you as well, on the Java side, we use Acegi (now Spring Security), and use AOP to give role-based control over which methods a certain user can call. That works pretty well for authorization. So in effect, a user accessing our app through JavaScript first has a restricted API available to him in the first place, and then that API can be restricted even further based on authorization. So you could use the AOP techniques to further restrict which methods can be called, thus allowing to expose this in other scripting languages, such as Groovy, etc. We are in the process of adding those as well, having the confidence that our underlying Java APIs protect users from unauthorized access.
这篇关于使用Java脚本编写的安全性(JRuby,Jython,Groovy,BeanShell等)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
