Hey stackoverflow community!
I'm writing a small program. In this program code, written in a Web-Interface, is compiled and run.
Now I want the written code from the web-interface to have just a few permissions, like reading a file in a specific directory, while my own code has all permissions.
I just looked up the SecurityManager and found a way to carry this out by using the codeBase attribute of the Policy-File. My idea was to give my code all permissions so the written code has no permissions.
grant codeBase "file:/PATH/-" {
permission java.security.AllPermission;
};
grant {
};
PATH points to the root directory of my program (with bin/src as subfolder).
It works until i'm invoking javax.tools.JavaCompiler.CompilationTask.call() to compile the given code, although the file has the required permissions:
An exception has occurred in the compiler (1.8.0_05). Please file a bug at the Java Developer Connection (<a href="http://java.sun.com/webapps/bugreport" target="_blank">Report a Bug or Request a Feature</a>) after checking the Bug Parade for duplicates. Include your program and the following diagnostic in your report. Thank you.
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "nonBatchMode" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
at java.lang.System.getProperty(System.java:714)
at com.sun.tools.javac.main.Main.compile(Main.java:445)
at com.sun.tools.javac.api.JavacTaskImpl.doCall(JavacTaskImpl.java:129)
at com.sun.tools.javac.api.JavacTaskImpl.call(JavacTaskImpl.java:138)
.
.
.
I don't want to create a .java- and a .class-file for every typed code. For this reasen I used a ClassLoader with the following URI:
URI.create( "string:///" + className + Kind.CLASS.extension )
Trying to avoid the use of the "signedBy"-attriutes is important because it's difficult to sign .jar-files in Eclipse.
These are my questions:
1) Does anyone have an idea why the compiler throws an AccessControlException, although all needed rights are allowed?
2) Does anyone have an idea how to modify the SecurityManager this way?
3) Is it possible to seperate the included code from my own code at all?
4) Is the SecurityManager the right solution to my problem at all?
Thanks for reading and answering!
