Package com.xebialabs.xlrelease.script
Class Jsr223ScriptExecutor
java.lang.Object
com.xebialabs.xlrelease.script.Jsr223ScriptExecutor
- All Implemented Interfaces:
ScriptExecutor
- Direct Known Subclasses:
JythonScriptExecutor
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final org.slf4j.Loggerprotected ScriptEngineprotected ScriptPermissionsProviderprotected ScriptEngine -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedJsr223ScriptExecutor(Jsr223EngineFactory engineFactory, ScriptPermissionsProvider scriptPermissionsProvider, boolean sandboxEnabled, String workDir) -
Method Summary
Modifier and TypeMethodDescriptionprotected voidaddCiUtilsPermissions(Permissions permissions) protected voidaddGroovyLibrariesReadPermissions(Permissions minimalPermissions) protected voidaddInternalAccessPermissions(Permissions minimalPermissions) protected voidaddJavaHomeSecurityLibPermissions(Permissions minimalPermissions) protected voidaddJavaPrimitivesPermissions(Permissions minimalPermissions) protected voidaddJsonModule(Permissions permissions) protected voidaddJsonSmartLibraryPermissions(Permissions minimalPermissions) protected voidaddJythonLibrariesReadPermissions(Permissions minimalPermissions) protected voidaddReadPermissionOnJar(List<String> jarNames, Permissions minimalPermissions) protected voidaddReadPermissionOnPluginsFolder(Permissions minimalPermissions) protected ScriptEngineconfigureSandboxAndGetEngine(boolean checkPolicyPermissions) This method sets threadlocal "sandbox" property that is later used by SandboxAwarePackageManager to restrict packages (class namespaces) that are accessibleprotected Permissionsprotected ObjectdoPrivileged(ScriptEngine engine, String script, ScriptContext scriptContext, AccessControlContext accessControlContext) evalScript(XlrScriptContext xlrScriptContext) protected abstract ObjectevalScriptPrivileged(ScriptEngine engine, String script, ScriptContext scriptContext, AccessControlContext accessControlContext) protected AccessControlContextprotected Stringprotected booleanisRestricted(boolean checkPolicyPermissions) protected Booleanvoidprotected PermissionresolvePermissionIfNecessary(Permission permission)
-
Field Details
-
logger
protected final org.slf4j.Logger logger -
unrestrictedEngine
-
restrictedEngine
-
scriptPermissionsProvider
-
-
Constructor Details
-
Jsr223ScriptExecutor
protected Jsr223ScriptExecutor(Jsr223EngineFactory engineFactory, ScriptPermissionsProvider scriptPermissionsProvider, boolean sandboxEnabled, String workDir)
-
-
Method Details
-
evalScript
- Specified by:
evalScriptin interfaceScriptExecutor- Throws:
Exception
-
evalScriptPrivileged
protected abstract Object evalScriptPrivileged(ScriptEngine engine, String script, ScriptContext scriptContext, AccessControlContext accessControlContext) throws Exception - Throws:
Exception
-
doPrivileged
protected Object doPrivileged(ScriptEngine engine, String script, ScriptContext scriptContext, AccessControlContext accessControlContext) throws Exception - Throws:
Exception
-
isScriptSandboxEnabled
-
getWorkDir
-
getAccessControlContext
-
createMinimalPermissions
-
addJavaPrimitivesPermissions
-
addInternalAccessPermissions
-
addJythonLibrariesReadPermissions
-
addGroovyLibrariesReadPermissions
-
addJsonModule
-
addCiUtilsPermissions
-
addJsonSmartLibraryPermissions
-
addJavaHomeSecurityLibPermissions
-
addReadPermissionOnJar
-
addReadPermissionOnPluginsFolder
-
resolvePermissionIfNecessary
-
configureSandboxAndGetEngine
This method sets threadlocal "sandbox" property that is later used by SandboxAwarePackageManager to restrict packages (class namespaces) that are accessible -
reloadScriptEngines
public void reloadScriptEngines() -
isRestricted
protected boolean isRestricted(boolean checkPolicyPermissions)
-