Update Java security policy at runtime?

Question

Is there a legal way to add/remove permissions to Java security policy at runtime?

score 3 · Answer 1 · answered Jun 18 '09 at 10:10

3

Javadoc says that Policy.refresh() for file-based policy would re-read the file. Thus, it is possible to modify system-wide policy at runtime by editing policy file and then calling Policy.refresh()

answered Jun 18 '09 at 10:10

2

You'll find that the permissions have already been copied out of the Policy and into the ProtectionDomains of Classes and ClassLoaders. – Tom Hawtin - tackline Jun 18 '09 at 10:44
2

This was working fine for me when setting the policy through ``System.setProperty("java.security.policy", policyURL)``, then refreshing ``Policy.policy.refresh()`` and afterwards installing the security manager ``System.setSecurityManager(new SecurityManager());``. – TommyMason Feb 10 '12 at 18:45

score 2 · Answer 2 · edited Feb 15 '12 at 05:57

2

From 1.4 dynamic ProtectionDomains can delegate to the Policy. Dynamically removing permissions from code is unlikely to make any sense. The two argument forms of AccessController.doPrivileged might also be useful.

edited Feb 15 '12 at 05:57

Stuart Cook

3,994
25
23

answered Jun 18 '09 at 09:48

Tom Hawtin - tackline

145,806
30
211
305

1

We're developing an OSGi-based framework, which should be long-running and avoid restarts as much as possible. The framework is SAAS, but customer is able to deploy own bundles (plugins) to the system. So, for us it would be nice to modify permissions at runtime. – Jun 18 '09 at 09:58

score 2 · Answer 3 · edited Jun 24 '21 at 10:53

2

It is possible to set custom Policy implementation, using Policy.setPolicy() method.

edited Jun 24 '21 at 10:53

Community

1
1

answered Jun 18 '09 at 11:29

Update Java security policy at runtime?

3 Answers3

Linked