Suppose I'm writing some environment which execute clients code (Java). Clients send jar with manifest information. Environment creates some class instance from jar (suppose instance of Runnable) and run it in some thread. But I need guarantee that clients code will not start own threads or create own ExecutorService and so on.
Is there any possibility for security manager to do this level of restricting? And if so, how can I achieve this?
The best way I can think of is to use AspectJ to do some run-time weaving, and if there are any other threads/runnables created then either thrown an error or somehow inform the user that they have a problem.
Then you can implement various security protocols, for example, you may prevent not only threads, but any systems calls, for example, just as you may forbid dynamic queries and just allow prepared statements.
Otherwise you may need to do this type of implementation using the reflector API.
I think you would need to extend SecurityManager and use your own implementation.
This forum: http://forums.sun.com/thread.jspa?threadID=761922 talks about how you might override SecurityManager.checkAccess(ThreadGroup) to prevent thread creation, but it doesn't sound like there is a specific "create thread y/n" permission.