| Contents | Package | Class | Tree | Deprecated | Index | Help | |||
| PREV | NEXT | SHOW LISTS | HIDE LISTS | ||
java.lang.Object
|
+----java.lang.SecurityManager
|
+----com.orbs.pub.app.agent.vaft.security.UntrustedSecurityManager
A generic SecurityManager implementation to host untrusted code loaded over a network. "Untrusted" code is defined as any class that was loaded using a ClassLoader instead of being read in directly from the local classpath.
Implement by including the following as the very first line of the main ( ) method of your application:
System.setSecurityManager ( new HostSecurityManager ( ) );
Each of the 29 "check" methods of the standard Java 1.1.5 superclass SecurityManager are overridden to just call the reject_untrusted ( ) method. This method simply throws a SecurityException if the superclass method inClassLoader ( ) returns true.
To my knowledge, the only four possible "hostile" actions remaining that untrusted code could still perform on the host when using this implementation of SecurityManager are
Preventing untrusted code from reading from and writing to the standard console could be accomplished by replacing the default IO streams with customized classes that would throw a SecurityException. See System.setErr ( err ), System.setIn ( in ), and System.setOut ( out ).
If the standard console IO stream blocking were implemented, untrusted code would have no method of communication except by calling the methods of other objects within the virtual machine. Further communication (sockets, etc.) to the outside could then be optionally permitted by trusted classes. See SecurityManager.inCheck, SecurityManager.getInCheck ( ), and SecurityManager.getSecurityContext ( ).
| Fields inherited from class java.lang.SecurityManager |
| inCheck |
| Constructor Summary | |
| UntrustedSecurityManager()
|
|
| Methods inherited from class java.lang.Object |
| clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
public UntrustedSecurityManager()
| Method Detail |
protected void reject_untrusted()
if ( inClassLoader ( ) ) throw new SecurityException ( "untrusted" );
public void checkAccept(java.lang.String host,
int port)
public void checkAccess(java.lang.Thread t)
public void checkAccess(java.lang.ThreadGroup g)
public void checkAwtEventQueueAccess()
public void checkConnect(java.lang.String host,
int port)
public void checkConnect(java.lang.String host,
int port,
java.lang.Object context)
public void checkCreateClassLoader()
public void checkDelete(java.lang.String file)
public void checkExec(java.lang.String cmd)
public void checkExit(int status)
public void checkLink(java.lang.String libname)
public void checkListen(int port)
public void checkMemberAccess(java.lang.Class clazz,
int which)
public void checkMulticast(java.net.InetAddress maddr)
public void checkMulticast(java.net.InetAddress maddr,
byte ttl)
public void checkPackageAccess(java.lang.String pkg)
public void checkPackageDefinition(java.lang.String pkg)
public void checkPrintJobAccess()
public void checkPropertiesAccess()
public void checkPropertyAccess(java.lang.String key)
public void checkRead(java.io.FileDescriptor fd)
public void checkRead(java.lang.String file)
public void checkRead(java.lang.String file,
java.lang.Object context)
public void checkSecurityAccess(java.lang.String action)
public void checkSetFactory()
public void checkSystemClipboardAccess()
public boolean checkTopLevelWindow(java.lang.Object window)
public void checkWrite(java.io.FileDescriptor fd)
public void checkWrite(java.lang.String file)
| Contents | Package | Class | Tree | Deprecated | Index | Help |
Virtual Anarchy of Free Traders |
||
| PREV | NEXT | SHOW LISTS | HIDE LISTS | ||