[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bsf-user
Subject:    Being able to set SecuritySupport on JavaScriptEngine's Context
From:       Jeff Adams <jeffa () wolfram ! com>
Date:       2003-01-23 21:25:21
[Download RAW message or body]


Hi,

Maybe there is already a hook into this, but with the JavaScriptEngine,
it creates Contexts with each eval within

Context.enter()

Context.exit()

blocks.

The Rhino engine has a SecuritySupport object to be optionally added 
to Contexts
and Apache Batik actually uses this and turns on security within 
their copy of js.jar and makes sure Batik calls setSecuritySupport() 
on the Context objs.

The current JavaScriptEngine should probably have methods where one can
setSecuritySupport() and this instance is added to each 
Context.enter() call it makes.

One reason why I get bit by this current limitation is if you happen
to have a copy of Batik's js.jar in your classpath and its used first,
with its security=true setting it won't allow the JavaScriptEngine to work
unless you have a SecuritySupport object set for the Context instances.

Yes, I know making sure only a single  js.jar file with 
security=false should exist but to avoid tracking this down adding 
SecuritySupport to the JavaScriptEngine is probably a better long 
term solution?

Thanks
Jeff

[prev in list] [next in list] [prev in thread] [next in thread]