开发者

Restricting dynamically loaded classes and jars based on a security policy

问答 作者:

I would like to dynamically load a set of jars or classes (i.e. plugins loaded at runtime). At the same time, I would like to restrict what these plugins are able to do in the JVM. For a test case, I would like to restrict them to pretty much everything (right now I'm just allowing one System.getProperty value to be read).

I am currently using a security policy file, but I'm having difficulty specifying a policy for one folder or package in my codeBase, but not another.

Here is how my policy looks now:

开发者_运维知识库 
grant codeBase "file:/home/max/programming/java/plugin/plugins/" {
    permission java.util.PropertyPermission "java.version", "read";
};
grant codeBase "file:/home/max/programming/java/plugin/api/" {
    permission java.security.AllPermission;
};

Where (for testing purposes), all files in the plugins package and folder are restricted, but the classes in the api folder are not. Is this possible? Do I have to create a custom class loader? Is there a better way to go about doing this?

Thanks.

This answer solved my problems: Sandbox against malicious code in a Java application

继续阅读:security

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9