Stack Overflow
Stack Overflow

Questions tagged [securitymanager]

A security manager is an object that defines a security policy for an application. This policy specifies actions that are unsafe or sensitive. Any actions not allowed by the security policy cause a SecurityException to be thrown. An application can also query its security manager to discover which actions are allowed.

213 questions
36
votes
4 answers

Preventing System.exit() from API

I am using a third party library that does a System.exit() if it encounters exceptions. I am using the APIs from a jar. Is there anyway that I can prevent the System.exit() call because it causes my application to shutdown? I cannot decompile and…
Swaranga Sarma
  • 12,215
  • 19
  • 54
  • 87
34
votes
3 answers

Java security: Sandboxing plugins loaded via URLClassLoader

Question summary: How do I modify the code below so that untrusted, dynamically-loaded code runs in a security sandbox while the rest of the application remains unrestricted? Why doesn't URLClassLoader just handle it like it says it does? EDIT:…
Robert J. Walker
  • 8,942
  • 5
  • 40
  • 63
29
votes
6 answers

Java: no security manager: RMI class loader disabled

Hi I have RMI application and now I try to invoke some methods at server from my client. I have following code: public static void main(final String[] args) { try { //Setting the security manager System.setSecurityManager(new…
Xorty
  • 16,617
  • 21
  • 99
  • 150
22
votes
1 answer

Limiting file access in Java

Problem: In my Java application (not an applet) I wish to limit certain file operations to all classes except a list/group/package of classes that should not be restricted. Specifically, I would like to limit... File reads File writes File…
obfuscation
  • 1,023
  • 2
  • 16
  • 22
21
votes
3 answers

Disable Java reflection for the current thread

I need to call some semi-trustworthy Java code and want to disable the ability to use reflection for the duration of that code's execution. try{ // disable reflection somehow someObject.method(); } finally{ // enable reflection…
Thilo
  • 241,635
  • 91
  • 474
  • 626
17
votes
4 answers

How to sanely configure security policy in Tomcat 6

I'm using Tomcat 6.0.24, as packaged for Ubuntu Karmic. The default security policy of Ubuntu's Tomcat package is pretty stringent, but appears straightforward. In /var/lib/tomcat6/conf/policy.d, there are a variety of files that establish default…
cemerick
  • 5,876
  • 5
  • 27
  • 49
16
votes
2 answers

Why can't I shutdown my own ExecutorService under a SecurityManager?

Under the default security manager, if I create an ExecutorService (ThreadPoolExecutor in this case), I cannot shut it down, shutdown() just calls checkPermission("modifyThread") and thus immediately dies: import java.util.concurrent.*; class A { …
L̲̳o̲̳̳n̲̳̳g̲̳̳p̲̳o̲̳̳k̲̳̳e̲̳̳
  • 11,768
  • 4
  • 44
  • 53
13
votes
2 answers

Which permission to set, to avoid error with Security-Manager with https-URLS?

In a software for a customer we have to read given URLs to parse their content. Also the customer needs to activate Tomcat-Security-Manager to let Java-Policies control what the program does. Now, with reading URLs the exception…
Mnementh
  • 47,129
  • 42
  • 140
  • 198
13
votes
2 answers

why java security manager doesn't forbid neither creating new Thread() nor starting it?

do you happen to know explanation why java security manager doesn't forbid creating new threads or starting them? new FileWriter is under security manager, but neither new Thread(), nor threadInstance.start() isn't uneder security manager, and are…
bastiat
  • 1,335
  • 2
  • 13
  • 29
12
votes
2 answers

Enable the Java SecurityManager with AllPermission

I'm trying to get myself familiar with the SecurityManager but even this simple scenario fails. When I run the following from inside my IDE or from command line I get the following exception; access denied ("java.util.PropertyPermission" "java.home"…
Karussell
  • 16,303
  • 14
  • 88
  • 188
12
votes
3 answers

Java Security Manager - What does it check?

This article about Java security says: Code in the Java library consults the Security Manager whenever a dangerous operation is about to be attempted. So, what does this exactly mean? Say, if I've implemented my own securitymanager and enabled…
RubyDosa
  • 637
  • 2
  • 7
  • 15
12
votes
1 answer

java.security vs javax.security

I'm a little confused with how Java (6+) distributes its security framework. On one hand, you have the following packages (and their respective subpackages & types): java.security.* javax.security.* And on the other hand you have…
IAmYourFaja
  • 50,141
  • 159
  • 435
  • 728
12
votes
3 answers

mockito vs sealed packages

I'm working on a project with heavy security constraints. A requirement is to seal our jars. Since we sealed jars, a lot of our junit-tests failed with the following error : java.lang.SecurityException: sealing violation: package…
Syrdek
  • 123
  • 4
11
votes
3 answers

prohibit the call to System.exit

I'm trying to prohibit the call to System.exit(int); in some jars. These jars will be developed by external teams and loaded by our "container" application . My first reflex is to use the java security…
kiki
  • 231
  • 3
  • 11
11
votes
3 answers

Java Security Manager completely disable reflection

I've been reading quite a lot of questions on Stackoverflow about this question but couldn't quit find a solution or answer for my problem. If there is already one I would be grateful if somebody would give a hint ... My problem/question is if it…
Bruno
  • 849
  • 9
  • 29
1
2 3
14 15