Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In the case where the script is read from the filesystem, groovy uses a custom class loader linkGroovyClassLoaderGroovyClassLoader1http://groovy.codehaus.org/apidocs/groovy/lang/GroovyClassLoader.html that searches the CLASSPATH for .groovy files and gives them a codeSource constructed from a codebase built from the source file URL. This class loader also supports signed .jar files containing .groovy scripts so that both codebase and certificates can be used to verify the source code. Once the groovy scripts are loaded as classes, they behave just like java classes with respect to security.

...

In the case where the script has no URL, there is not necessarily any definitive way for groovy to associate an appropriate codeSource with the script. In these cases, groovy allows a codebase to be specified for the script that is being compiled (by specifying a linkGroovyCodeSourceGroovyCodeSource1http://groovy.codehaus.org/apidocs/groovy/lang/GroovyCodeSource.html), subject to the caller having permission to specify that specific codebase. This codebase takes the form of a URL, but need not refer to a physical file location.
To illustrate this more clearly, consider the case where some server system is responsible for fetching and loading scripts that will be executed on behalf of a client. Assume that the server is trusted (i.e. it has permission to do anything) while the client belongs to a class of restricted clients that only (for example) have permission to access the normally resricted property "file.encoding". For this simple example, assume that the security Policy in effect has been specified by the following policy file:

...

When the client calls the server and passes this script for execution, the server can evaluate it, specifying a specific codebase:

Code Block
	new GroovyShell().evaluate(new GroovyCodeSource(clientscriptStr, "RestrictedScript", "/serverCodeBase/restrictedClient")

In order for the server to be able to create a GroovyCodeSource with a specific codeBase, it must be granted permission by the Policy. The specific permission required is a linkGroovyCodeSourcePermissionGroovyCodeSourcePermission1http://groovy.codehaus.org/apidocs/groovy/security/GroovyCodeSourcePermission.html, which the server has by implication (the policy file grant of java.security.AllPermission). The net effect of this is to compile the client script with the codeBase "/serverCodeBase/restrictedClient", and execute the compiled script. When executed, the policy file grant(s) for the codeBase "/serverCodeBase/restrictedClient" will be in effect.

...