Stack Overflow
Stack Overflow

Questions tagged [securitymanager]

A security manager is an object that defines a security policy for an application. This policy specifies actions that are unsafe or sensitive. Any actions not allowed by the security policy cause a SecurityException to be thrown. An application can also query its security manager to discover which actions are allowed.

218 questions
11
votes
3 answers

prohibit the call to System.exit

I'm trying to prohibit the call to System.exit(int); in some jars. These jars will be developed by external teams and loaded by our "container" application . My first reflex is to use the java security…
kiki
  • 241
  • 4
  • 11
10
votes
4 answers

Java sandbox. Using SecurityManager to redirect I/O access

Currently I'm trying to write the Sandbox for running untrusted Java code. The idea is to isolate Java application from accessing file system or network sockets. The solution I have at the moment is rewritten SecurityManager, that forbids any access…
Sevich
  • 220
  • 2
  • 7
10
votes
1 answer

Why does my custom SecurityManager cause exceptions the 16th time I create an object with Constructor.newInstance?

I am currently working on developing a small Java application in which trusted code must be run alongside untrusted code. To accomplish this, I have installed a custom SecurityManager that throws SecurityExceptions any time a permission is…
templatetypedef
  • 362,284
  • 104
  • 897
  • 1,065
9
votes
3 answers

What's the performance penalty, if any, of using a SecurityManager

Is there a performance penalty when using a SecurityManager? I need the following: public class ExitHelper { public ExitHelper() { System.setSecurityManager(new ExitMonitorSecurityManager()); } private static class…
Cedric Martin
  • 5,945
  • 4
  • 34
  • 66
9
votes
3 answers

Is there a way to execute unsafe code (disable security manager) in Java?

Please don't post an answer saying "you shouldn't do this." I don't plan to use this in production code, but only for some hacking fun. In answering this question, I wanted to run some arbitrary unsafe Java code for fun. The code in question…
Andrew Mao
  • 35,740
  • 23
  • 143
  • 224
8
votes
1 answer

Replacement for Security Manager checkMemberAccess()

The Java Security Manager method checkMemberAccess() had a parameter that contained the class that Reflection was being called on. This method was deprecated, with a description saying to use checkPermission() instead. There are no parameters in…
Strikegently
  • 2,251
  • 20
  • 23
8
votes
3 answers

Is there a way for a SecurityManager in java to selectively grant ReflectPermission("suppressAccessChecks")?

Is there any way for a SecurityManager in Java to selectively grant ReflectPermission("suppressAccessChecks") depending on the details of what setAccessible() is being called on? I don't see any way for this to be done. For some sandboxed code, it…
Alex Schultz
  • 81
  • 1
  • 2
8
votes
1 answer

Reflection Security

How to enforce reflection security by not allow the Method, Field, Constructor object to call setAccessible(true) ? SecurityPolicy File or something else? Normally for stand-alone Java applications there is no SecurityManager registered. I using…
nicholas
  • 2,581
  • 14
  • 66
  • 104
8
votes
3 answers

Should I use Security Manager in Java web applications?

Is it sufficient to secure a Java web application with the rights of the user that is running the application server process or is it reasonable also to use SecurityManager with a suitable policy file? I have used to do the former and not the…
Kaitsu
  • 4,094
  • 3
  • 30
  • 37
7
votes
2 answers

What is the best way to execute sandboxed Java code?

I am trying to reproduce an API for executing Java (like ideone.com has), but so far I'm having a lot of difficulties running Java sandboxed (SELinux sandbox doesn't work). I've heard about the SecurityManager, but I'm trying to figure out what's…
Ron Reiter
  • 3,852
  • 3
  • 30
  • 34
7
votes
1 answer

Running Java Security Manager without the default java.policy file

I don't want to modify anything in my java home directory, however, I am afraid that sometimes my default java.policy file may be too permissive. Is there a way for me to use a specified policy file as the only policy file when I run java with the…
math4tots
  • 8,540
  • 14
  • 58
  • 95
6
votes
1 answer

Java Stack Introspection

I was hoping that someone can help me with the following: My understanding about java stack introspection (maybe a bit oversimplified here) is that a process generates a stack frame that is then added to the stack. Now when the process needs to make…
mixkat
  • 3,883
  • 10
  • 40
  • 58
6
votes
1 answer

Tomcat 9.0 with security manager reports access denied on Windows

I started my Tomcat 9.0 on Windows 10 with: -Djava.security.manager -Djava.security.policy==C:\Program Files\Apache Software Foundation\Tomcat 9.0\conf\catalina.policy -Djava.security.debug=access,failure using a Connector of type…
PowerStat
  • 3,757
  • 8
  • 32
  • 57
6
votes
1 answer

Would a blank Java security policy file be the most restrictive?

I am creating an application that allows users to execute uploaded Java files. I am trying to restrict what they can do with a Security Manager. Would a blank policy file be the most restrictive, not allowing them to do as much as possible? Would…
Greg
  • 1,225
  • 3
  • 16
  • 35
6
votes
3 answers

Tomcat console log to a file

Im using Apache Tomcat 7. When I'm running Tomcat with security manager and with the -Djava.security.debug parameter I'm getting so much of text in console. I can't read the text in console. So I need the console log into some file. How can I…
Hariprasath
  • 828
  • 4
  • 15
  • 41
1
2
3
14 15