Java file permissions for threads Java file permissions for threads multithreading multithreading

Java file permissions for threads


You could try using java.lang.SecurityManager. See also this question about using a security manager to set different security settings per thread.

You can set a security manager and security policy like this:

jython -Djava.security.manager=securitymanager -Djava.security.policy=policyfile

where securitymanager is the security manager to use and policyfile contains policy specification as described for example here. If you use a policy file as the source for the security policy, here is an example:

grant {  permission java.security.AllPermission;}

Jython will need some permissions to start up including the following:

grant {  permission java.io.FilePermission "${user.home}${/}-", "read, write";  permission java.lang.RuntimePermission "createClassLoader";  permission java.lang.RuntimePermission "getProtectionDomain";};

(this assumes your cachedir is under the current user's HOME directory). This will do something close to what you need allowing read and write access to files under the current user's HOME and disallowing access to all other parts of the filesystem. Here is the outcome (the first open() refers to a file under the current user's HOME directory since this is the current working directory):

>>> f1=open('test.txt', 'r')>>> f2=open('/tmp/test.txt', 'r')Traceback (innermost last):  File "<console>", line 1, in ?java.security.AccessControlException: access denied (java.io.FilePermission /tmp/test.txt read)    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)    at java.security.AccessController.checkPermission(AccessController.java:553)    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)    at java.lang.SecurityManager.checkRead(SecurityManager.java:888)    at java.io.File.exists(File.java:748)    at org.python.core.PyFile._setup(Unknown Source)    at org.python.core.PyFile.file_init(Unknown Source)    at org.python.core.PyFile$1.new_impl(Unknown Source)    at org.python.core.PyType.invoke_new_(Unknown Source)    at org.python.core.PyType.type___call__(Unknown Source)    at org.python.core.PyType.__call__(Unknown Source)    at org.python.core.PyObject.__call__(Unknown Source)    at org.python.pycode._pyx2.f$0(<console>:1)    at org.python.pycode._pyx2.call_function(<console>)    at org.python.core.PyTableCode.call(Unknown Source)    at org.python.core.PyCode.call(Unknown Source)    at org.python.core.Py.runCode(Unknown Source)    at org.python.core.Py.exec(Unknown Source)    at org.python.util.PythonInterpreter.exec(Unknown Source)    at org.python.util.InteractiveInterpreter.runcode(Unknown Source)    at org.python.util.InteractiveInterpreter.runsource(Unknown Source)    at org.python.util.InteractiveInterpreter.runsource(Unknown Source)    at org.python.util.InteractiveConsole.push(Unknown Source)    at org.python.util.InteractiveConsole.interact(Unknown Source)    at org.python.util.jython.main(Unknown Source)java.security.AccessControlException: java.security.AccessControlException: access denied (java.io.FilePermission /tmp/test.txt read)>>> 


With jython 2.5.2 I found these permissions necessary:

permission java.io.FilePermission "${user.dir}${/}path${/}to${/}python${/}-", "read";permission java.util.PropertyPermission "user.dir", "read";permission java.lang.RuntimePermission "accessDeclaredMembers";permission java.lang.RuntimePermission "createClassLoader";permission java.lang.RuntimePermission "getProtectionDomain";

(This should be a comment to the accepted answer, except that a comment won't format legibly.)