You are not logged in.
Pages: 1
Topic closed
Hello everybody,
I struggle a little bit with the java-sandbox API. Consider the following code:
Sandkiste.java:
import java.util.List;
import java.util.concurrent.TimeUnit;
import net.datenwerke.sandbox.*;
import net.datenwerke.sandbox.SandboxContext.AccessType;
import net.datenwerke.sandbox.SandboxContext.RuntimeMode;
import net.datenwerke.sandbox.handlers.BadThreadKillHandler;
public class Sandkiste {
public static void main(String[] args) {
Sandkiste s = new Sandkiste();
s.run();
}
public void run(){
SandboxService sandboxService = SandboxServiceImpl.getInstance();
/* configure context */
SandboxContext context = new SandboxContext();
context.addClassForApplicationLoader("Test");
context.addClassPermission(AccessType.PERMIT,UntrustedCode.class.getName());
context.addClassPermission(AccessType.DENY, "java.lang.System");
context.addClassPermission(AccessType.DENY, "java.io.PrintStream");
context.setRunInThread(true);
/* run code in sandbox */
SandboxedCallResult<List<String>> result = sandboxService.runSandboxed(UntrustedCode.class, context);
/* output result */
}
}
UntrustedCode.java:
import java.util.List;
import net.datenwerke.sandbox.SandboxedEnvironment;
public class UntrustedCode implements SandboxedEnvironment<List<String>> {
@Override
public List<String> execute() throws Exception {
Test t = new Test();
t.print();
return null;
}
}
Test.java:
public class Test {
public void print() {
System.out.println("Erlaubt!");
}
}
I want to deny the access of the System.class in all classes which are being executed in the sandbox but
despite denying permission of the System.class the class "Test" is still able to call methods of System. Is there are way to realize this?
Cheers
Offline
Hi,
this is a bit out of scope in this forum, but let me try to help. All my classes are in the default package, as I guess were yours.
1) If I run the code as is, with a single change, namely I've added the debug option to the context, i.e, the run method in Sandkiste is
public void run(){
SandboxService sandboxService = SandboxServiceImpl.getInstance();
/* configure context */
SandboxContext context = new SandboxContext();
context.setDebug(true);
context.addClassForApplicationLoader("Test");
context.addClassPermission(AccessType.PERMIT,UntrustedCode.class.getName());
context.addClassPermission(AccessType.DENY, "java.lang.System");
context.addClassPermission(AccessType.DENY, "java.io.PrintStream");
context.setRunInThread(true);
/* run code in sandbox */
SandboxedCallResult<List<String>> result = sandboxService.runSandboxed(UntrustedCode.class, context);
/* output result */
}
I'll get the following output
Dez 20, 2014 9:46:14 AM net.datenwerke.sandbox.jvm.server.SandboxJvmServer <init>
Information: started sandbox server: SandboxRemoteServerNr1
Dez 20, 2014 9:46:15 AM net.datenwerke.sandbox.jvm.server.SandboxJvmServer <init>
Information: started sandbox server: SandboxRemoteServerNr2
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208670712) about to load class: UntrustedCode
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208670712) about to load class: net.datenwerke.sandbox.SandboxedEnvironment
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208670712) about to load class: java.lang.Object
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208670712) about to load class: java.util.List
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208670712) about to load class: java.lang.Exception
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208670712) about to load class: Test
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxContext debug
Information: (2061231983) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxContext debug
Information: (2061231983) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxContext debug
Information: (2061231983) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxContext debug
Information: (2061231983) : ClassAccessCheck: Test
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxContext debug
Warnung: (2061231983) : DENY: ClassAccessCheck: Test
0 : class net.datenwerke.sandbox.SandboxSecurityManager
1 : class net.datenwerke.sandbox.SandboxLoader
2 : class java.lang.ClassLoader
3 : class UntrustedCode
4 : class net.datenwerke.sandbox.SandboxedThread
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxContext debug
Information: (2061231983) : PackageAccessCheck: java.util
Dez 20, 2014 9:46:16 AM net.datenwerke.sandbox.SandboxContext debug
Information: (2061231983) : PackageAccessCheck: java.util
Exception in thread "main" net.datenwerke.sandbox.exception.SandboxException: java.security.AccessControlException: No class access allowed for class: Test
at net.datenwerke.sandbox.SandboxServiceImpl.run(SandboxServiceImpl.java:568)
at net.datenwerke.sandbox.SandboxServiceImpl.runSandboxed(SandboxServiceImpl.java:499)
at net.datenwerke.sandbox.SandboxServiceImpl.runSandboxed(SandboxServiceImpl.java:490)
at Sandkiste.run(Sandkiste.java:36)
at Sandkiste.main(Sandkiste.java:15)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at net.datenwerke.sandbox.SandboxedThread.run(SandboxedThread.java:59)
Caused by: java.security.AccessControlException: No class access allowed for class: Test
at net.datenwerke.sandbox.SandboxSecurityManager.checkClassAccess(SandboxSecurityManager.java:146)
at net.datenwerke.sandbox.SandboxLoader.loadClass(SandboxLoader.java:336)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at UntrustedCode.execute(UntrustedCode.java:11)
... 5 more
The important lines are
Warnung: (2061231983) : DENY: ClassAccessCheck: Test
0 : class net.datenwerke.sandbox.SandboxSecurityManager
1 : class net.datenwerke.sandbox.SandboxLoader
2 : class java.lang.ClassLoader
3 : class UntrustedCode
4 : class net.datenwerke.sandbox.SandboxedThread
which is where the UntrustedCode tries to access class Test which is denied, since there is no rule that allows to load class Test. Now, if we
explicitly whitelist Test (i.e. context.addClassPermission(AccessType.PERMIT, "Test");) we get the following response
Dez 20, 2014 9:50:05 AM net.datenwerke.sandbox.jvm.server.SandboxJvmServer <init>
Information: started sandbox server: SandboxRemoteServerNr1
Dez 20, 2014 9:50:06 AM net.datenwerke.sandbox.jvm.server.SandboxJvmServer <init>
Information: started sandbox server: SandboxRemoteServerNr2
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208981104) about to load class: UntrustedCode
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208981104) about to load class: net.datenwerke.sandbox.SandboxedEnvironment
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208981104) about to load class: java.lang.Object
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208981104) about to load class: java.util.List
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208981104) about to load class: java.lang.Exception
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (208981104) about to load class: Test
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxContext debug
Information: (850671470) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxContext debug
Information: (850671470) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxContext debug
Information: (850671470) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxContext debug
Information: (850671470) : ClassAccessCheck: Test
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxContext debug
Information: (850671470) : PackageAccessCheck: java.io
Erlaubt!
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxContext debug
Information: (850671470) : PackageAccessCheck: java.util
Dez 20, 2014 9:50:07 AM net.datenwerke.sandbox.SandboxContext debug
Information: (850671470) : PackageAccessCheck: java.util
which I guess is what you were having. The question is, why is Test allowed to call java.lang.System? The reason is that you've told the Sandbox to
load class Test not with the Sandbox loader but with the ApplicationClassloader via
context.addClassForApplicationLoader("Test");
Thus, all subsequent class loading activities triggered by Test are handled not by the SandboxLoader but by the Application ClassLoader which cannot
be monitored by the sandbox and hence the call to java.System goes trough. There should, however, not be any reason to load Test not with the
SandboxLoader. So if Sandkiste is as follows:
public void run(){
SandboxService sandboxService = SandboxServiceImpl.getInstance();
/* configure context */
SandboxContext context = new SandboxContext();
context.setDebug(true);
context.addClassPermission(AccessType.PERMIT,UntrustedCode.class.getName());
context.addClassPermission(AccessType.PERMIT, "Test");
context.setRunInThread(true);
/* run code in sandbox */
SandboxedCallResult<List<String>> result = sandboxService.runSandboxed(UntrustedCode.class, context);
/* output result */
}
Then you get the expected result. (Note that I also removed the two Deny class permissions since this is implicit as the Sandbox by default
disallows anything that is not explicitly allowed.)
Dez 20, 2014 9:54:29 AM net.datenwerke.sandbox.jvm.server.SandboxJvmServer <init>
Information: started sandbox server: SandboxRemoteServerNr1
Dez 20, 2014 9:54:30 AM net.datenwerke.sandbox.jvm.server.SandboxJvmServer <init>
Information: started sandbox server: SandboxRemoteServerNr2
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (1333699935) about to load class: UntrustedCode
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (1333699935) about to load class: net.datenwerke.sandbox.SandboxedEnvironment
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (1333699935) about to load class: java.lang.Object
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (1333699935) about to load class: java.util.List
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (1333699935) about to load class: java.lang.Exception
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (1333699935) about to load class: Test
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : PermissionCheck: ("java.io.FilePermission" "/Users/arno/Datenwerke/Projekte/Sandbox/current/Test/bin/Test.class" "read")
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : ClassAccessCheck: Test
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (1333699935) about to load class: java.lang.System
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : ClassAccessCheck: java.lang.System
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Warnung: (1355039451) : DENY: ClassAccessCheck: java.lang.System
0 : class net.datenwerke.sandbox.SandboxSecurityManager
1 : class net.datenwerke.sandbox.SandboxLoader
2 : class java.lang.ClassLoader
3 : class Test
4 : class UntrustedCode
5 : class net.datenwerke.sandbox.SandboxedThread
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : PackageAccessCheck: java.util
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : PackageAccessCheck: java.util
Exception in thread "main" net.datenwerke.sandbox.exception.SandboxException: java.security.AccessControlException: No class access allowed for class: java.lang.System
at net.datenwerke.sandbox.SandboxServiceImpl.run(SandboxServiceImpl.java:568)
at net.datenwerke.sandbox.SandboxServiceImpl.runSandboxed(SandboxServiceImpl.java:499)
at net.datenwerke.sandbox.SandboxServiceImpl.runSandboxed(SandboxServiceImpl.java:490)
at Sandkiste.run(Sandkiste.java:35)
at Sandkiste.main(Sandkiste.java:15)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at net.datenwerke.sandbox.SandboxedThread.run(SandboxedThread.java:59)
Caused by: java.security.AccessControlException: No class access allowed for class: java.lang.System
at net.datenwerke.sandbox.SandboxSecurityManager.checkClassAccess(SandboxSecurityManager.java:146)
at net.datenwerke.sandbox.SandboxLoader.loadClass(SandboxLoader.java:336)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at Test.print(Test.java:6)
at UntrustedCode.execute(UntrustedCode.java:12)
... 5 more
Again the important lines in the debug output are
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxLoader loadClass
Information: (1333699935) about to load class: java.lang.System
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Information: (1355039451) : ClassAccessCheck: java.lang.System
Dez 20, 2014 9:54:31 AM net.datenwerke.sandbox.SandboxContext debug
Warnung: (1355039451) : DENY: ClassAccessCheck: java.lang.System
0 : class net.datenwerke.sandbox.SandboxSecurityManager
1 : class net.datenwerke.sandbox.SandboxLoader
2 : class java.lang.ClassLoader
3 : class Test
4 : class UntrustedCode
5 : class net.datenwerke.sandbox.SandboxedThread
I hope this helps.
Cheers
Arno
Offline
Hello Arno,
first of all I really appreciate your answer! Sadly I can't reproduce your result. If I take your last piece of code e.g.:
import java.util.List;
import java.util.concurrent.TimeUnit;
import net.datenwerke.sandbox.*;
import net.datenwerke.sandbox.SandboxContext.AccessType;
import net.datenwerke.sandbox.SandboxContext.RuntimeMode;
import net.datenwerke.sandbox.handlers.BadThreadKillHandler;
public class Sandkiste {
public static void main(String[] args) {
Sandkiste s = new Sandkiste();
s.run();
}
public void run(){
SandboxService sandboxService = SandboxServiceImpl.getInstance();
/* configure context */
SandboxContext context = new SandboxContext();
context.setDebug(true);
context.addClassPermission(AccessType.PERMIT, Test.class.getName());
context.addClassPermission(AccessType.PERMIT,UntrustedCode.class.getName());
context.setRunInThread(true);
/* run code in sandbox */
SandboxedCallResult<List<String>> result = sandboxService.runSandboxed(UntrustedCode.class, context);
/* output result */
}
}
My result is sadly a java.lang.NoClassDefFoundError, rather than the expected java.security.AccessControlException. My full console log:
Dez 22, 2014 9:47:11 AM net.datenwerke.sandbox.jvm.server.SandboxJvmServer <init>
INFORMATION: started sandbox server: SandboxRemoteServerNr1
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.jvm.server.SandboxJvmServer <init>
INFORMATION: started sandbox server: SandboxRemoteServerNr2
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxLoader loadClass
INFORMATION: (939047783) about to load class: UntrustedCode
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxLoader loadClass
INFORMATION: (939047783) about to load class: net.datenwerke.sandbox.SandboxedEnvironment
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxLoader loadClass
INFORMATION: (939047783) about to load class: java.lang.Object
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxLoader loadClass
INFORMATION: (939047783) about to load class: java.util.List
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxLoader loadClass
INFORMATION: (939047783) about to load class: java.lang.Exception
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxLoader loadClass
INFORMATION: (939047783) about to load class: Test
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxContext debug
INFORMATION: (2042447294) : PermissionCheck: ("java.io.FilePermission" "\C:\Users\Tobias\workspace\Sandkiste\bin\Test.class" "read")
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxContext debug
WARNUNG: (2042447294) : DENY: PermissionCheck: ("java.io.FilePermission" "\C:\Users\Tobias\workspace\Sandkiste\bin\Test.class" "read")
0 : class net.datenwerke.sandbox.SandboxSecurityManager
1 : class sun.misc.URLClassPath
2 : class sun.misc.URLClassPath$FileLoader
3 : class sun.misc.URLClassPath$FileLoader
4 : class sun.misc.URLClassPath
5 : class java.net.URLClassLoader$2
6 : class java.net.URLClassLoader$2
7 : class java.net.URLClassLoader
8 : class java.lang.ClassLoader
9 : class java.net.URLClassLoader
10 : class net.datenwerke.sandbox.SandboxLoader
11 : class java.lang.ClassLoader
12 : class UntrustedCode
13 : class net.datenwerke.sandbox.SandboxedThread
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxContext debug
INFORMATION: (2042447294) : PermissionCheck: ("java.io.FilePermission" "\C:\Users\Tobias\workspace\Sandkiste\bin\Test.class" "read")
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxContext debug
WARNUNG: (2042447294) : DENY: PermissionCheck: ("java.io.FilePermission" "\C:\Users\Tobias\workspace\Sandkiste\bin\Test.class" "read")
0 : class net.datenwerke.sandbox.SandboxSecurityManager
1 : class java.lang.SecurityManager
2 : class sun.misc.URLClassPath
3 : class sun.misc.URLClassPath$FileLoader
4 : class sun.misc.URLClassPath$FileLoader
5 : class sun.misc.URLClassPath
6 : class java.net.URLClassLoader$2
7 : class java.net.URLClassLoader$2
8 : class java.net.URLClassLoader
9 : class java.lang.ClassLoader
10 : class java.net.URLClassLoader
11 : class net.datenwerke.sandbox.SandboxLoader
12 : class java.lang.ClassLoader
13 : class UntrustedCode
14 : class net.datenwerke.sandbox.SandboxedThread
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxContext debug
INFORMATION: (2042447294) : PackageAccessCheck: java.util
Dez 22, 2014 9:47:12 AM net.datenwerke.sandbox.SandboxContext debug
INFORMATION: (2042447294) : PackageAccessCheck: java.util
Exception in thread "main" net.datenwerke.sandbox.exception.SandboxException: java.lang.NoClassDefFoundError: Test
at net.datenwerke.sandbox.SandboxServiceImpl.run(SandboxServiceImpl.java:568)
at net.datenwerke.sandbox.SandboxServiceImpl.runSandboxed(SandboxServiceImpl.java:499)
at net.datenwerke.sandbox.SandboxServiceImpl.runSandboxed(SandboxServiceImpl.java:490)
at Sandkiste.run(Sandkiste.java:34)
at Sandkiste.main(Sandkiste.java:15)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at net.datenwerke.sandbox.SandboxedThread.run(SandboxedThread.java:59)
Caused by: java.lang.NoClassDefFoundError: Test
at UntrustedCode.execute(UntrustedCode.java:9)
... 5 more
Caused by: java.lang.ClassNotFoundException: Could not load Test
at net.datenwerke.sandbox.SandboxLoader.loadClass(SandboxLoader.java:330)
at java.lang.ClassLoader.loadClass(Unknown Source)
... 6 more
Caused by: java.lang.ClassNotFoundException: Could not find Test
at net.datenwerke.sandbox.SandboxLoader.loadClass(SandboxLoader.java:308)
... 7 more
Cheers
Offline
Hi,
you are running into a FilePermission check which is denied. When instantiating a context using
new SandboxContext();
the sandbox tries to add default read permissions for everything in the classpath. For this it uses the property
System.getProperty("java.class.path");
My guess is, that for some reason this does not work on your system. An alternative could be that there is a bug concerning the
path recognition (I think I only tested it on Unix systems). To find out what file permissions are set put a breakpoint after the
instantiation of the context object and look for the member "fileReadPermissions".
To simply allow read access for all files you can add
context.addFilePermission(FileAccess.READ, AccessType.PERMIT, new FilePrefixPermission(""));
Cheers
Arno
Offline
Pages: 1
Topic closed