Details
New Feature
Closed
Major
Description
container() {
sandbox() {
socketPermission("*", 80)
serverSocketPermission("localhost", 8080)
filePermission("*", "read")
filePermission("foo/bar/", "read, write, execute, delete")
container()
}
}
or
container() {
container() {
classpathelement(path:"foo.jar")
sandbox()
component(key:A, class:"AImpl")
component(key:B, class:"BImpl")
}
}
or
container() {
container() {
classpathelement(path:"foo.jar")
sandbox()
}
}
or
container() {
container() {
classpath()
component(key:A, class:"AImpl")
component(key:B, class:"BImpl")
}
}
}
or somesuch.
Activity
Paul Hammant
made changes -
| Field | Original Value | New Value |
|---|---|---|
| Description |
container() { sandbox() { socketPermission("*",80) serverSocketPermission("localhost",8080) container() { component() } } } or somesuch. |
container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") container() { component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or somesuch. |
Paul Hammant
made changes -
| Description |
container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") container() { component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or somesuch. |
container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") container() { component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or container() { container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") } component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } or container() { container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or somesuch. |
Paul Hammant
made changes -
| Description |
container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") container() { component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or container() { container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") } component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } or container() { container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or somesuch. |
container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") container() { classpathelement(path:"foo.jar") component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or container() { container() { classpathelement(path:"foo.jar") sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") } component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } or container() { container() { classpathelement(path:"foo.jar") sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or container() { container() { classpath() { classpathelement(path:"foo.jar") socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") } component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or somesuch. |
+1 on last proposal/comment.
Minor variations on naming conventions - would prefer:
sandboxClassloader()
localClassloader(path)
remoteClassloader(bindto, port)
(note capitalisation too)
Show
Mauro Talevi
added a comment - +1 on last proposal/comment.
Minor variations on naming conventions - would prefer:
sandboxClassloader()
localClassloader(path)
remoteClassloader(bindto, port)
(note capitalisation too)
Mauro Talevi
added a comment - +1 on last proposal/comment.
Minor variations on naming conventions - would prefer:
sandboxClassloader()
localClassloader(path)
remoteClassloader(bindto, port)
(note capitalisation too)
CamelCase already done py Paul:
http://article.gmane.org/gmane.comp.java.picocontainer.cvs/1952
Show
Jörg Schaible
added a comment - CamelCase already done py Paul:
http://article.gmane.org/gmane.comp.java.picocontainer.cvs/1952
Jörg Schaible
added a comment - CamelCase already done py Paul:
http://article.gmane.org/gmane.comp.java.picocontainer.cvs/1952 Changed mind again :-
container() {
sandBox() {
classpathelement(path:"foo.jar")
grants
component(key:A, class:"AImpl")
component(key:B, class:"BImpl")
}
}
}
sandBox() takes away all right afforded to the parent classloader.
without sandBox() grants are additive to those that the parent classloader had recieved.
more thinking needed i think -
grants()
{ revoke(PropertyPermission("os.name","read")) compon.... }could be difficult to do...
- Paul
Show
Paul Hammant
added a comment - Changed mind again :-
container() {
sandBox() {
classpathelement(path:"foo.jar")
grants
{
grant(SocketPermission("google.com", 80))
grant(ServerSocketPermission("localhost", 8080))
grant(FilePermission("foo/bar/", "read, write, execute, delete"))
grant(PropertyPermission("os.name","read"))
}
component(key:A, class:"AImpl")
component(key:B, class:"BImpl")
}
}
}
sandBox() takes away all right afforded to the parent classloader.
without sandBox() grants are additive to those that the parent classloader had recieved.
more thinking needed i think -
grants()
{
revoke(PropertyPermission("os.name","read"))
compon....
}
could be difficult to do...
Paul
Paul Hammant
added a comment - Changed mind again :-
container() {
sandBox() {
classpathelement(path:"foo.jar")
grants
{
grant(SocketPermission("google.com", 80))
grant(ServerSocketPermission("localhost", 8080))
grant(FilePermission("foo/bar/", "read, write, execute, delete"))
grant(PropertyPermission("os.name","read"))
}
component(key:A, class:"AImpl")
component(key:B, class:"BImpl")
}
}
}
sandBox() takes away all right afforded to the parent classloader.
without sandBox() grants are additive to those that the parent classloader had recieved.
more thinking needed i think -
grants()
{
revoke(PropertyPermission("os.name","read"))
compon....
}
could be difficult to do...
Paul
I would keep "permissions" instead of "grants". Then "grant" and "revoke" makes more sense. Although IIRC "revoke" is really not easily to do.
Show
Jörg Schaible
added a comment - I would keep "permissions" instead of "grants". Then "grant" and "revoke" makes more sense. Although IIRC "revoke" is really not easily to do.
Jörg Schaible
added a comment - I would keep "permissions" instead of "grants". Then "grant" and "revoke" makes more sense. Although IIRC "revoke" is really not easily to do. Permissions in Nano, and Groovy and XML Builders. Other script langs can use directly.
Show
Paul Hammant
added a comment - Permissions in Nano, and Groovy and XML Builders. Other script langs can use directly.
Paul Hammant
added a comment - Permissions in Nano, and Groovy and XML Builders. Other script langs can use directly. Paul Hammant
made changes -
| Assignee | Paul Hammant [ paul ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Open [ 1 ] | Closed [ 6 ] |
re-opened to set fix version
Show
Mauro Talevi
added a comment - re-opened to set fix version
Mauro Talevi
added a comment - re-opened to set fix version Mauro Talevi
made changes -
| Status | Closed [ 6 ] | Reopened [ 4 ] |
| Resolution | Fixed [ 1 ] | |
| Assignee | Paul Hammant [ paul ] | Mauro Talevi [ maurotalevi ] |
set fix version
Show
Mauro Talevi
added a comment - set fix version
Mauro Talevi
added a comment - set fix version Mauro Talevi
made changes -
| Environment | ||
| Fix Version/s | 1.0 [ 10148 ] | |
| Description |
container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") container() { classpathelement(path:"foo.jar") component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or container() { container() { classpathelement(path:"foo.jar") sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") } component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } or container() { container() { classpathelement(path:"foo.jar") sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or container() { container() { classpath() { classpathelement(path:"foo.jar") socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") } component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or somesuch. |
container() { sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") container() { classpathelement(path:"foo.jar") component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or container() { container() { classpathelement(path:"foo.jar") sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") } component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } or container() { container() { classpathelement(path:"foo.jar") sandbox() { socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or container() { container() { classpath() { classpathelement(path:"foo.jar") socketPermission("*", 80) serverSocketPermission("localhost", 8080) filePermission("*", "read") filePermission("foo/bar/", "read, write, execute, delete") } component(key:A, class:"AImpl") component(key:B, class:"BImpl") } } } or somesuch. |
Mauro Talevi
made changes -
| Resolution | Fixed [ 1 ] | |
| Status | Reopened [ 4 ] | Closed [ 6 ] |
OK, this is only going to work on classloaders mounted outside the classes visible to the classloader that NanoContrainer/Groovy is running in. we already have a classloader() {} build term. Perhaps some variations :
sandBoxedClassLoader() - no rights
workDirClassLoader(workdir)
serverClassLoader(bindto, port)
they are all modifiablestarting points of course....
container() {
{ socketPermission("google.com", 80) serverSocketPermission("localhost", 8080) filePermission("foo/bar/", "read, write, execute, delete") add(PropertyPermission("os.name","read")) }sandBoxedClassLoader() {
classpathelement(path:"foo.jar")
permissions
component(key:A, class:"AImpl")
component(key:B, class:"BImpl")
}
}
}