« Contributing to... | Main | Update on b83 »

Search

Categories

Links

Referers

Today's Page Hits: 229

Real Java Script

Apr 30 2006, 10:31:25 PM PDT »Java Comments [6]
A. Sundararajan have used JSR 199 to create a scripting engine for Java. It works by compiling the script (a Java program) in memory using the facilities of javax.tools. The scripting engine can be used in any Java program via JSR 223.

Imagine writing s StarOffice macro in Java :-)

Post a Comment:
Comments are closed for this entry.
Comments:

Peter, when is Sun going to permit Java applets to generate and execute verified bytecode on the fly? Why should bytecode generation be the exclusive domain of server side applications? If a custom classloader must give priority to the JSE classes and must run dynamically generated bytecode though the verifier then untrusted applets will remain safe.

Posted by Adam Warner on May 01, 2006 at 07:34 PM PDT #

I'm not really an expert in this area. Why can't you use Java Web Start?

Posted by Peter von der Ahe on May 01, 2006 at 07:46 PM PDT #

Background is here.

With a custom classloader one can transform a byte array representation of bytecode into code. There appears to be no way for UNTRUSTED code to do this. To use Java Web Start to do this the client would have to consent to the running of arbitrary signed code just like with Microsoft ActiveX.

Java is also supposed to be a platform where a client can safely run untrusted code within a sandbox. This untrusted code can be downloaded pregenerated from a foreign host for the JVM to verify but it can't be supplied by the client for verification!

In a roundabout way the client could generate the bytecode to compile, pass it to the foreign host to build a jar file, give the name of the jar file to the client and have the client download the jar file. This should not be necessary.

Sun appears to be far more intent upon removing "scary security dialog" boxes to induce people to run arbitrary code: Goodbye scary security dialog box!.

Posted by Adam Warner on May 01, 2006 at 09:16 PM PDT #

As I mentioned before, you're a bit outside my area. I suggest that you submit an RFE for this.

Posted by Peter von der Ahe on May 01, 2006 at 09:27 PM PDT #

In closing, many thanks for your prompt replies and keeping us informed about your compiler updates.

With some judicious Googling I've discovered this functionality has been in RFE statis since 1996: ClassLoader should allow applet defined classes:

"Applets should be able to define classes from byte arrays, just as they are able to download classes from untrusted web sites. This should be trivial to implement--just skip the downloading step. All the same security checks should be made on the byte code."

Without this any scripting language that generates JVM bytecode is a second class citizen. "It works by compiling the script (a Java program) in memory" doesn't actually work.

Posted by Adam Warner on May 01, 2006 at 10:32 PM PDT #

Peter, FWIW, BeanShell has offered this for years, not to mention StarOffice already supports it. ;)

Posted by Bob Lee on August 28, 2006 at 10:25 PM PDT #

Java is a trademark of Sun Microsystems, Inc.
Copyright © 2006,2007 Peter von der Ahé