Prevent accessing Unix files through JVM ( any code running in application server JVM)

Is there any way that we can prevent accessing Unix files through JVM ( any code running in application server JVM).

One solution is to do it at the unix user level.

Is there any other way we configure locat开发者_运维百科ions somewhere?

Isn't this what the Java Security Policy framework is for ? You can run any Java process with a configured Security policy configuration, which allows you to do all sorts of things like turning off access to paths (all paths even).

e.g. http://download.oracle.com/javase/1.5.0/docs/guide/security/permissions.html#FilePermission

(obviously later JDK's will have this in their docs too, this one just came up in Google..).

by default the JRE will run with an open ticket security policy.