Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/313.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Nashorn ClassFilter仅筛选Java.type()?_Java_Nashorn - Fatal编程技术网
Fatal编程技术网
  • java/
  • Nashorn ClassFilter仅筛选Java.type()?

Nashorn ClassFilter仅筛选Java.type()?

java

Nashorn ClassFilter仅筛选Java.type()?,java,nashorn,Java,Nashorn,我有以下两个代码测试 第一个:JavaTypeTest(),它按预期阻止对java.io.File的访问 第二个:JavaMethodGetFileTest(),它在返回java.io.File对象时不阻止访问,因此绕过了过滤器 当使用Java.type()时,它不应该阻止任何东西吗?或者是否有一种特定的方法可以将对象添加到引擎中 预期产出: JavaTypeTest success: true JavaMethodGetFileTest success: true 实际产量: JavaTyp

我有以下两个代码测试

第一个:JavaTypeTest(),它按预期阻止对java.io.File的访问

第二个:JavaMethodGetFileTest(),它在返回java.io.File对象时不阻止访问,因此绕过了过滤器

当使用Java.type()时,它不应该阻止任何东西吗?或者是否有一种特定的方法可以将对象添加到引擎中

预期产出:

JavaTypeTest success: true
JavaMethodGetFileTest success: true
实际产量:

JavaTypeTest success: true
Z:\eclipse ws\NashornTests\.
JavaMethodGetFileTest success: false
这背后的原因是我想要一个代理类,它只允许返回允许对象的方法,但有一个getInstance()方法返回disAllowedObject,这样我就可以访问代理中包含的实例,而不必向Nashorn公开它

public class NashornTest
{
    class NashornClassFilter implements ClassFilter
    {
        public NashornClassFilter()
        {
        }

        @Override
        public boolean exposeToScripts(String clazz)
        {
            if (clazz.equals("java.io.File")) return false;
            return true;
        }
    }

    public static class AllowedClass
    {
        public AllowedClass()
        {
        }

        public File disallowedMethod()
        {
            return new File(".");
        }
    }

    public static void main(String[] args)
    {
        NashornScriptEngineFactory factory = new NashornScriptEngineFactory();

        NashornClassFilter filter = new NashornTest().new NashornClassFilter();
        NashornScriptEngine engine = (NashornScriptEngine) factory.getScriptEngine(filter);

        NashornClassFilter filter1 = new NashornTest().new NashornClassFilter();
        NashornScriptEngine engine1 = (NashornScriptEngine) factory.getScriptEngine(filter1);

        System.out.println("JavaTypeTest success: " + JavaTypeTest(engine));
        System.out.println("JavaMethodGetFileTest success: " + JavaMethodGetFileTest(engine1));

    }

    public static boolean JavaTypeTest(NashornScriptEngine engine)
    {
        try
        {
            engine.eval(
                "function wrapper(){ "
                + "Java.type('java.io.File');"
                + "}");
            ((Invocable) engine).invokeFunction("wrapper");
        }
        catch (RuntimeException e)
        {
            if(e.getCause() instanceof ClassNotFoundException) return true;
            e.printStackTrace();
        }
        catch(Exception e)
        {
            e.printStackTrace();
        }
        return false;
    }

    public static boolean JavaMethodGetFileTest(NashornScriptEngine engine)
    {
        try
        {
            engine.put("allowed", new AllowedClass());
            engine.eval(
                "function wrapper(){ "
                        + "var file = allowed.disallowedMethod();"
                        + "print(file.getAbsolutePath());"
                        + "}");
            ((Invocable) engine).invokeFunction("wrapper");
        }
        catch(RuntimeException e)
        {
            if(e.getCause() instanceof ClassNotFoundException) return true;
            e.printStackTrace();
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
        return false;
    }
}