diff options
author | sundar <none@none> | 2014-08-20 18:59:11 +0530 |
---|---|---|
committer | sundar <none@none> | 2014-08-20 18:59:11 +0530 |
commit | 0b23e6ba79ce272d8bf0973f4f4e61f5c9cfe88b (patch) | |
tree | 85879c8664dd571ee0009d05cd15bb027359fade /src/jdk/nashorn/internal | |
parent | 1a6dc8268c841b348bd97c07e739ecd871ce15a4 (diff) |
8050078: Nashorn ClassFilter Support
Reviewed-by: attila, hannesw, jlaskey, lagergren
Diffstat (limited to 'src/jdk/nashorn/internal')
4 files changed, 72 insertions, 1 deletions
diff --git a/src/jdk/nashorn/internal/objects/Global.java b/src/jdk/nashorn/internal/objects/Global.java index d8f23b1f..1fe7cdb0 100644 --- a/src/jdk/nashorn/internal/objects/Global.java +++ b/src/jdk/nashorn/internal/objects/Global.java @@ -50,6 +50,7 @@ import javax.script.ScriptContext; import javax.script.ScriptEngine; import jdk.internal.dynalink.linker.GuardedInvocation; import jdk.internal.dynalink.linker.LinkRequest; +import jdk.nashorn.api.scripting.ClassFilter; import jdk.nashorn.api.scripting.ScriptObjectMirror; import jdk.nashorn.internal.codegen.ApplySpecialization; import jdk.nashorn.internal.codegen.CompilerConstants.Call; @@ -543,6 +544,14 @@ public final class Global extends ScriptObject implements Scope { // Runtime interface to Global /** + * Is there a class filter in the current Context? + * @return class filter + */ + public ClassFilter getClassFilter() { + return context.getClassFilter(); + } + + /** * Is this global of the given Context? * @param ctxt the context * @return true if this global belongs to the given Context diff --git a/src/jdk/nashorn/internal/runtime/Context.java b/src/jdk/nashorn/internal/runtime/Context.java index 53af0aed..d4355777 100644 --- a/src/jdk/nashorn/internal/runtime/Context.java +++ b/src/jdk/nashorn/internal/runtime/Context.java @@ -65,6 +65,7 @@ import java.util.logging.Level; import javax.script.ScriptEngine; import jdk.internal.org.objectweb.asm.ClassReader; import jdk.internal.org.objectweb.asm.util.CheckClassAdapter; +import jdk.nashorn.api.scripting.ClassFilter; import jdk.nashorn.api.scripting.ScriptObjectMirror; import jdk.nashorn.internal.codegen.Compiler; import jdk.nashorn.internal.codegen.Compiler.CompilationPhases; @@ -349,6 +350,9 @@ public final class Context { /** Unique id for 'eval' */ private final AtomicLong uniqueEvalId; + /** Optional class filter to use for Java classes. Can be null. */ + private final ClassFilter classFilter; + private static final ClassLoader myLoader = Context.class.getClassLoader(); private static final StructureLoader sharedLoader; @@ -403,7 +407,19 @@ public final class Context { * @param appLoader application class loader */ public Context(final Options options, final ErrorManager errors, final ClassLoader appLoader) { - this(options, errors, new PrintWriter(System.out, true), new PrintWriter(System.err, true), appLoader); + this(options, errors, appLoader, (ClassFilter)null); + } + + /** + * Constructor + * + * @param options options from command line or Context creator + * @param errors error manger + * @param appLoader application class loader + * @param classFilter class filter to use + */ + public Context(final Options options, final ErrorManager errors, final ClassLoader appLoader, final ClassFilter classFilter) { + this(options, errors, new PrintWriter(System.out, true), new PrintWriter(System.err, true), appLoader, classFilter); } /** @@ -416,11 +432,26 @@ public final class Context { * @param appLoader application class loader */ public Context(final Options options, final ErrorManager errors, final PrintWriter out, final PrintWriter err, final ClassLoader appLoader) { + this(options, errors, out, err, appLoader, (ClassFilter)null); + } + + /** + * Constructor + * + * @param options options from command line or Context creator + * @param errors error manger + * @param out output writer for this Context + * @param err error writer for this Context + * @param appLoader application class loader + * @param classFilter class filter to use + */ + public Context(final Options options, final ErrorManager errors, final PrintWriter out, final PrintWriter err, final ClassLoader appLoader, final ClassFilter classFilter) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new RuntimePermission(NASHORN_CREATE_CONTEXT)); } + this.classFilter = classFilter; this.env = new ScriptEnvironment(options, out, err); this._strict = env._strict; this.appLoader = appLoader; @@ -473,6 +504,15 @@ public final class Context { initLoggers(); } + + /** + * Get the class filter for this context + * @return class filter + */ + public ClassFilter getClassFilter() { + return classFilter; + } + /** * Get the error manager for this context * @return error manger @@ -890,6 +930,11 @@ public final class Context { throw new ClassNotFoundException(fullName); } + // give chance to ClassFilter to filter out, if present + if (classFilter != null && !classFilter.exposeToScripts(fullName)) { + throw new ClassNotFoundException(fullName); + } + // check package access as soon as possible! final SecurityManager sm = System.getSecurityManager(); if (sm != null) { diff --git a/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java b/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java index 66720c23..10ab4349 100644 --- a/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java +++ b/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java @@ -25,6 +25,8 @@ package jdk.nashorn.internal.runtime.linker; +import static jdk.nashorn.internal.runtime.ECMAErrors.typeError; + import java.lang.reflect.Modifier; import java.lang.reflect.Proxy; import jdk.internal.dynalink.CallSiteDescriptor; @@ -33,7 +35,9 @@ import jdk.internal.dynalink.linker.LinkRequest; import jdk.internal.dynalink.linker.LinkerServices; import jdk.internal.dynalink.linker.TypeBasedGuardingDynamicLinker; import jdk.internal.dynalink.support.CallSiteDescriptorFactory; +import jdk.nashorn.api.scripting.ClassFilter; import jdk.nashorn.internal.runtime.Context; +import jdk.nashorn.internal.objects.Global; /** * Check java reflection permission for java reflective and java.lang.invoke access from scripts @@ -100,6 +104,12 @@ final class ReflectionCheckLinker implements TypeBasedGuardingDynamicLinker{ } static void checkReflectionAccess(final Class<?> clazz, final boolean isStatic) { + final Global global = Context.getGlobal(); + final ClassFilter cf = global.getClassFilter(); + if (cf != null && isReflectiveCheckNeeded(clazz, isStatic)) { + throw typeError("no.reflection.with.classfilter"); + } + final SecurityManager sm = System.getSecurityManager(); if (sm != null && isReflectiveCheckNeeded(clazz, isStatic)) { checkReflectionPermission(sm); @@ -107,6 +117,12 @@ final class ReflectionCheckLinker implements TypeBasedGuardingDynamicLinker{ } private static void checkLinkRequest(final LinkRequest origRequest) { + final Global global = Context.getGlobal(); + final ClassFilter cf = global.getClassFilter(); + if (cf != null) { + throw typeError("no.reflection.with.classfilter"); + } + final SecurityManager sm = System.getSecurityManager(); if (sm != null) { final LinkRequest requestWithoutContext = origRequest.withoutRuntimeContext(); // Nashorn has no runtime context diff --git a/src/jdk/nashorn/internal/runtime/resources/Messages.properties b/src/jdk/nashorn/internal/runtime/resources/Messages.properties index 3a486da4..73445ecc 100644 --- a/src/jdk/nashorn/internal/runtime/resources/Messages.properties +++ b/src/jdk/nashorn/internal/runtime/resources/Messages.properties @@ -81,6 +81,7 @@ type.error.not.a.file={0} is not a File type.error.not.a.numeric.array={0} is not a numeric array type.error.not.a.bytebuffer={0} is not a java.nio.ByteBuffer type.error.not.an.arraybuffer.in.dataview=First arg to DataView constructor must be an ArrayBuffer +type.error.no.reflection.with.classfilter=Java reflection not supported when class filter is present # operations not permitted on undefined type.error.cant.call.undefined=Cannot call undefined |