Tuesday, April 23, 2013

Mystery: Why does java.lang.Class.forName(“java.security.AccessController”) return null in jrunscript?



Solution: Mozilla Rhino supports a concept called “class shutters” which enable you to block scripts from accessing any class. The JS implementation that comes with the JDK installs one called com.sun.script.javascript.RhinoClassShutter, which blocks access to java.security.AccessController. If you need to call it from JavaScript, you will need to write a class in Java to call it on your behalf. Be aware, that this is done for security reasons, so you need to ensure you understand the security implications before you do so.

No comments:

Post a Comment