Examples with ClassPermission org.elasticsearch.script.ClassPermission used on opensource projects

Example 1 with ClassPermission

use of org.elasticsearch.script.ClassPermission in project elasticsearch by elastic.

the class ExpressionScriptEngineService method compile.

@Override
public Object compile(String scriptName, String scriptSource, Map<String, String> params) {
    // classloader created here
    final SecurityManager sm = System.getSecurityManager();
    SpecialPermission.check();
    return AccessController.doPrivileged(new PrivilegedAction<Expression>() {

        @Override
        public Expression run() {
            try {
                // snapshot our context here, we check on behalf of the expression
                AccessControlContext engineContext = AccessController.getContext();
                ClassLoader loader = getClass().getClassLoader();
                if (sm != null) {
                    loader = new ClassLoader(loader) {

                        @Override
                        protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
                            try {
                                engineContext.checkPermission(new ClassPermission(name));
                            } catch (SecurityException e) {
                                throw new ClassNotFoundException(name, e);
                            }
                            return super.loadClass(name, resolve);
                        }
                    };
                }
                // NOTE: validation is delayed to allow runtime vars, and we don't have access to per index stuff here
                return JavascriptCompiler.compile(scriptSource, JavascriptCompiler.DEFAULT_FUNCTIONS, loader);
            } catch (ParseException e) {
                throw convertToScriptException("compile error", scriptSource, scriptSource, e);
            }
        }
    });
}