Under the default security manager, if I create an ExecutorService (ThreadPoolExecutor in this case), I cannot shut it down, shutdown() just calls checkPermission("modifyThread") and thus immediately dies: import java.util.concurrent.*; class A { public static void main( String[] args) { Thread ct = Thread.currentThread(); ...
I'm trying to secure my application by running the bits of code that deal with user-provided content under a very restrictive SecurityManager. It's AccessController.doPrivileged() turned on its head - normally this is used to provide a block of code with extra permissions but I'm using it to constrain a block of code to a very small san...
Question summary: How do I modify the code below so that untrusted, dynamically-loaded code runs in a security sandbox while the rest of the application remains unrestricted? Why doesn't URLClassLoader just handle it like it says it does? EDIT: Updated to respond to Ani B. EDIT 2: Added updated PluginSecurityManager. My application ha...
Hi there! I'd like to know if there is a way to use multiple security managers in java, and if so, how to specify them a particular .policy file? I've been looking at the java se 6 doc about Security, but couldn't find any answer there... Thanks everyone for help! ...