views:

52

answers:

1

Is there any way for a SecurityManager in Java to selectively grant ReflectPermission("suppressAccessChecks") depending on the details of what setAccessible() is being called on? I don't see any way for this to be done.

For some sandboxed code, it would be very useful (such as for running various dynamic JVM languages) to allow the setAccessible() reflection API to be called, but only when setAccessible() is called on a method/field of a class that originates in the sandboxed code.

Does anyone have any alternative suggestions other than selective granting of ReflectPermission("suppressAccessChecks") if this isn't possible? Perhaps it would be safe to grant in all cases if SecurityManager.checkMemberAccess() is sufficiently restrictive?

A: 

FWI: Since setAccessible seems only to have a valid use-case with serialization, I would think you might often get away with simply denying it outright.

That said, I am interested in how one does this sort of thing in general because I too have to write a security manager to block dynamically loaded code from doing things that our application container code needs to be able to do.

Software Monkey
Unfortunately, some dynamic JVM lanauges are unfortunately fairly setAccessible-happy, calling it even for public methods they don't need to call it for. Plus there are use cases like that serialization you mention, or some modes of operation of dependency injection frameworks, that would preferred to not be needlessly blocking.
Alex Schultz
Hmmm. Not aware of those other use cases - I have long thought that setAccessible is the biggest security screw up Sun ever made with Java.
Software Monkey