For Programmers: Free Programming Magazines  


Home > Archive > Java Security > September 2004 > Limit object's access with SecurityManager?









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Limit object's access with SecurityManager?
Michael Maier

2004-09-22, 3:59 am

I'm trying to solve how to code a system where an Java application loads
external classes with class loader. The problem is that those externally
loaded classes can be malicious so i must somehow limit their actions.

Is it valid solution to create a new SecurityManager that "denies
everything" only in the case that there is a class loaded with a certain
classloader in the stack?

Example source from
http://forum.java.sun.com/thread.js...4&thread=457210

public class MySecurityManager {

public MySecurityManager() {}

public void checkRead(String file) {
Class[] c = getClassContext(); // current execution stack

for (int i = 0; i < c.length; i++) {
ClassLoader cl = c[ i ].getClassLoader();
if (cl != null) {
if (cl.getClass().equals(MyClassLoader.class))
throw new SecurityException();
}
}
}
}


Michael Maier
Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com