com.croftsoft.core.security.manager
Class UntrustedSecurityManager
java.lang.Object
java.lang.SecurityManager
com.croftsoft.core.security.manager.UntrustedSecurityManager
public class UntrustedSecurityManager
- extends SecurityManager
A generic SecurityManager implementation to host untrusted
code loaded over a network. "Untrusted" code is defined as any
class that was loaded using a ClassLoader instead of being
read in directly from the local classpath.
Implement by including the following as the very first line of the
main ( ) method of your application:
System.setSecurityManager ( new HostSecurityManager ( ) );
Each of the 29 "check" methods of the standard Java 1.1.5 superclass
SecurityManager are overridden to just call the
reject_untrusted ( ) method.
This method simply throws a SecurityException if the
superclass method inClassLoader ( ) returns true.
To my knowledge, the only four possible "hostile" actions remaining
that untrusted code could still perform on the host when using
this implementation of SecurityManager are
- attempting to read from the standard input System.in,
- writing to the console outputs err and out,
- consuming excessive processor time in its single thread, and
- consuming memory until an OutOfMemoryError occurs.
Preventing untrusted code from reading from and writing to the
standard console could be accomplished by replacing the default
IO streams with customized classes that would throw a
SecurityException.
See System.setErr ( err ), System.setIn ( in ), and
System.setOut ( out ).
If the standard console IO stream blocking were implemented,
untrusted code would have no method of communication except by
calling the methods of other objects within the virtual machine.
Further communication (sockets, etc.) to the outside could then be
optionally permitted by trusted classes. See
SecurityManager.inCheck,
SecurityManager.getInCheck ( ), and
SecurityManager.getSecurityContext ( ).
- Version:
- 1999-02-13
- Author:
- David W. Croft
Methods inherited from class java.lang.SecurityManager |
checkPermission, checkPermission, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoader |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
UntrustedSecurityManager
public UntrustedSecurityManager()
reject_untrusted
protected void reject_untrusted()
- Called by all of the "check" methods to foil untrusted code.
if ( inClassLoader ( ) )
throw new SecurityException ( "untrusted" );
checkAccept
public void checkAccept(String host,
int port)
- Overrides:
checkAccept
in class SecurityManager
checkAccess
public void checkAccess(Thread t)
- Overrides:
checkAccess
in class SecurityManager
checkAccess
public void checkAccess(ThreadGroup g)
- Overrides:
checkAccess
in class SecurityManager
checkAwtEventQueueAccess
public void checkAwtEventQueueAccess()
- Overrides:
checkAwtEventQueueAccess
in class SecurityManager
checkConnect
public void checkConnect(String host,
int port)
- Overrides:
checkConnect
in class SecurityManager
checkConnect
public void checkConnect(String host,
int port,
Object context)
- Overrides:
checkConnect
in class SecurityManager
checkCreateClassLoader
public void checkCreateClassLoader()
- Overrides:
checkCreateClassLoader
in class SecurityManager
checkDelete
public void checkDelete(String file)
- Overrides:
checkDelete
in class SecurityManager
checkExec
public void checkExec(String cmd)
- Overrides:
checkExec
in class SecurityManager
checkExit
public void checkExit(int status)
- Overrides:
checkExit
in class SecurityManager
checkLink
public void checkLink(String libname)
- Overrides:
checkLink
in class SecurityManager
checkListen
public void checkListen(int port)
- Overrides:
checkListen
in class SecurityManager
checkMemberAccess
public void checkMemberAccess(Class clazz,
int which)
- Overrides:
checkMemberAccess
in class SecurityManager
checkMulticast
public void checkMulticast(InetAddress maddr)
- Overrides:
checkMulticast
in class SecurityManager
checkMulticast
public void checkMulticast(InetAddress maddr,
byte ttl)
- Overrides:
checkMulticast
in class SecurityManager
checkPackageAccess
public void checkPackageAccess(String pkg)
- Overrides:
checkPackageAccess
in class SecurityManager
checkPackageDefinition
public void checkPackageDefinition(String pkg)
- Overrides:
checkPackageDefinition
in class SecurityManager
checkPrintJobAccess
public void checkPrintJobAccess()
- Overrides:
checkPrintJobAccess
in class SecurityManager
checkPropertiesAccess
public void checkPropertiesAccess()
- Overrides:
checkPropertiesAccess
in class SecurityManager
checkPropertyAccess
public void checkPropertyAccess(String key)
- Overrides:
checkPropertyAccess
in class SecurityManager
checkRead
public void checkRead(FileDescriptor fd)
- Overrides:
checkRead
in class SecurityManager
checkRead
public void checkRead(String file)
- Overrides:
checkRead
in class SecurityManager
checkRead
public void checkRead(String file,
Object context)
- Overrides:
checkRead
in class SecurityManager
checkSecurityAccess
public void checkSecurityAccess(String action)
- Overrides:
checkSecurityAccess
in class SecurityManager
checkSetFactory
public void checkSetFactory()
- Overrides:
checkSetFactory
in class SecurityManager
checkSystemClipboardAccess
public void checkSystemClipboardAccess()
- Overrides:
checkSystemClipboardAccess
in class SecurityManager
checkTopLevelWindow
public boolean checkTopLevelWindow(Object window)
- Overrides:
checkTopLevelWindow
in class SecurityManager
checkWrite
public void checkWrite(FileDescriptor fd)
- Overrides:
checkWrite
in class SecurityManager
checkWrite
public void checkWrite(String file)
- Overrides:
checkWrite
in class SecurityManager
CroftSoft Core Javadoc (2008-09-28 20:58:02)