Skip to content
Skip to breadcrumbs
Skip to header menu
Skip to action menu
Skip to quick search
Quick Search
Browse
Pages
Blog
Labels
Attachments
Mail
Advanced
What’s New
Space Directory
Feed Builder
Keyboard Shortcuts
Confluence Gadgets
Log In
Sign Up
Dashboard
Groovy
Copy Page
You are not logged in. Any changes you make will be marked as
anonymous
. You may want to
Log In
if you already have an account. You can also
Sign Up
for a new account.
This page is being edited by
.
Paragraph
Paragraph
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Preformatted
Quote
Bold
Italic
Underline
More colours
Strikethrough
Subscript
Superscript
Monospace
Clear Formatting
Bullet list
Numbered list
Outdent
Indent
Align left
Align center
Align right
Link
Table
Insert
Insert Content
Image
Link
Attachment
Symbol
Emoticon
Wiki Markup
Horizontal rule
tinymce.confluence.insert_menu.macro_desc
Info
JIRA Issue
Status
Gallery
Tasklist
Table of Contents
Other Macros
Page Layout
No Layout
Two column (simple)
Two column (simple, left sidebar)
Two column (simple, right sidebar)
Three column (simple)
Two column
Two column (left sidebar)
Two column (right sidebar)
Three column
Three column (left and right sidebars)
Undo
Redo
Find/Replace
Keyboard Shortcuts Help
<p>Groovy is integrated with the Java security model. Groovy scripts can be compiled and executed in the presence of a SecurityManager and a Policy that dictates what permissions are granted to the script.</p> <p>In a typical java environment, permissions are granted to code according to its <strong>codeSource</strong>. A codeSource consists of a <strong>codebase</strong> (essentially, the URL the code was loaded from by the class loader) and optionally the certificates used to verify the code (when it is obtained from a signed jar file). Since groovy can produce java .class files which can be loaded by existing secure class loaders (e.g. URLClassLoader), the traditional mechanisms can be used to enforce security policies without doing anything special. Setting up and running java security can be a little tricky, so consider the following resources for more information:</p> <ul> <li><a href="http://java.sun.com/docs/books/tutorial/security1.2/">Java Security Tutorial</a></li> <li><a href="http://java.sun.com/docs/books/tutorial/security1.2/tour2/index.html">Java Application Security</a></li> <li><a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html">Permissions in the Java 2 SDK</a></li> <li><a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/index.html">Java 1.4 Security</a></li> <li><a href="http://www.oreilly.com/catalog/javasec2/" title="http://www.oreilly.com/catalog/javasec2/">Java Security, 2nd Edition – O'Reilly</a></li> </ul> <p>The last of these is a book which covers the Java security model in detail.</p> <p>In a typical groovy environment, there are additional considerations – often groovy scripts are loaded dynamically from some filesystem and translated <em>on the fly</em> into java class files. In other cases, groovy scripts may be entered via an interactive shell, or retrieved from a database for dynamic translation.</p> <h2>Filesystem based Groovy scripts</h2> <p>In the case where the script is read from the filesystem, groovy uses a custom class loader <a href="http://groovy.codehaus.org/gapi/groovy/lang/GroovyClassLoader.html">GroovyClassLoader</a> that searches the CLASSPATH for .groovy files and gives them a codeSource constructed from a codebase built from the source file URL. This class loader also supports signed .jar files containing .groovy scripts so that both codebase and certificates can be used to verify the source code. Once the groovy scripts are loaded as classes, they behave just like java classes with respect to security.</p> <h2>Non-URL based Groovy scripts</h2> <p>In the case where the script has no URL, there is not necessarily any definitive way for groovy to associate an appropriate codeSource with the script. In these cases, groovy allows a codebase to be specified for the script that is being compiled (by specifying a <a href="http://groovy.codehaus.org/gapi/groovy/lang/GroovyCodeSource.html">GroovyCodeSource</a>), subject to the caller having permission to specify that specific codebase. This codebase takes the form of a URL, but need not refer to a physical file location.<br /> To illustrate this more clearly, consider the case where some server system is responsible for fetching and loading scripts that will be executed on behalf of a client. Assume that the server is trusted (i.e. it has permission to do anything) while the client belongs to a class of restricted clients that only (for example) have permission to access the normally resricted property "file.encoding". For this simple example, assume that the security Policy in effect has been specified by the following policy file:</p> <table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> grant codeBase "file:${server.home}/classes/-" { permission java.security.AllPermission; }; grant codeBase "file:/serverCodeBase/restrictedClient" { permission java.util.PropertyPermission "file.encoding", "read"; }; </pre></td></tr></table> <p>The groovy script to be executed on behalf of the client is:</p> <table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> //Do some work... then access the file.encoding property: fileEncoding = System.getProperty("file.encoding"); </pre></td></tr></table> <p>When the client calls the server and passes this script for execution, the server can evaluate it, specifying a specific codebase:</p> <table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> new GroovyShell().evaluate(new GroovyCodeSource(clientscriptStr, "RestrictedScript", "/serverCodeBase/restrictedClient") </pre></td></tr></table> <p>In order for the server to be able to create a GroovyCodeSource with a specific codeBase, it must be granted permission by the Policy. The specific permission required is a <a href="http://groovy.codehaus.org/gapi/groovy/security/GroovyCodeSourcePermission.html">GroovyCodeSourcePermission</a>, which the server has by implication (the policy file grant of java.security.AllPermission). The net effect of this is to compile the client script with the codeBase "/serverCodeBase/restrictedClient", and execute the compiled script. When executed, the policy file grant(s) for the codeBase "/serverCodeBase/restrictedClient" will be in effect.</p> <h2>Additional information</h2> <p>For more information, check out the security test cases in the groovy source code distribution. These tests specify a custom policy file groovy.policy, which is located in the security directory under the groovy-core CVS module. The class SecurityTestSupport (located at src/test/groovy/security) activates this policy by specifying it in the system property "java.security.policy". Examining this policy file along with the test cases should detail the concepts discussed here.</p> <p>Note that in a typical application environment, the policy would be located and activated either by using the default lookup mechanism (policy.url.<n> setting in JAVA_HOME/jre/lib/security/java.security) or as a VM argument: -Djava.security.policy=/my/policy/file. </p> <h3>Related external articles</h3> <ul> <li><a href="http://chrismoos.com/2010/03/24/groovy-scripts-and-jvm-security/">Groovy scripts and JVM Security</a></li> </ul>
Please type the word appearing in the picture.
Attachments
Labels
Location
Watch this page
< Edit
Preview >
Loading…
Save
Cancel
Next hint
search
attachments
weblink
advanced