Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / May 2004

Tip: Looking for answers? Try searching our database.

Security for threads, a sandbox

Thread view: 
Enable EMail AlertsStart New Thread
Nicke - 05 May 2004 12:47 GMT
Hi all,

I am working on an application where user are allowed to submit their
own classes, given that they implement a specific interface which I
provide.

I will execute the provided classes in a separate thread which I
create.

Due to obvious reasons, I need to run the thread with a very strict
securitymanager, a kind of sandbox. However, I do not want to restrict
the main thread's securitymanager, so System.setSecurityManager is not
an option.

My qyestion is, how can I apply a custom securityManager to specific
threads? I have been browsing the java api-documentation, but I cannot
get a grasp of the full picture.

Any help is highly appreciated!!!

Regards
Niklas Grünbaum
Reply to this Message
Rogan Dawes - 05 May 2004 13:01 GMT
> Hi all,
>
[quoted text clipped - 18 lines]
> Regards
> Niklas Grünbaum

From the docs for SecurityManager (1.4.2):

 Note that the checkPermission method with just a single permission
argument always performs security checks within the context of the
currently executing thread. Sometimes a security check that should be
made within a given context will actually need to be done from within a
different context (for example, from within a worker thread). The
getSecurityContext method and the checkPermission  method that includes
a context argument are provided for this situation. The
getSecurityContext method returns a "snapshot" of the current calling
context. (The default implementation returns an AccessControlContext
object.) A sample call is the following:

   Object context = null;
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) context = sm.getSecurityContext();

The checkPermission method that takes a context object in addition to a
permission makes access decisions based on that context, rather than on
that of the current execution thread. Code within a different context
can thus call that method, passing the permission and the
previously-saved context object. A sample call, using the
SecurityManager sm obtained as in the previous example, is the following:

   if (sm != null) sm.checkPermission(permission, context);

Perhaps you can code your SecurityManager to differentiate based on the
context that it is in?

Good luck!

Rogan
Signature

Rogan Dawes

*ALL* messages to discard@dawes.za.net will be dropped, and added
to my blacklist. Please respond to "nntp AT dawes DOT za DOT net"

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.