Stack Overflow
Stack Overflow

Questions tagged [securitymanager]

A security manager is an object that defines a security policy for an application. This policy specifies actions that are unsafe or sensitive. Any actions not allowed by the security policy cause a SecurityException to be thrown. An application can also query its security manager to discover which actions are allowed.

218 questions
4
votes
1 answer

NoClassDefFoundError when creating objects under SecurityManager

I'm trying to secure my application by running the bits of code that deal with user-provided content under a very restrictive SecurityManager. It's AccessController.doPrivileged() turned on its head - normally this is used to provide a block of…
bgiles
  • 1,200
  • 11
  • 12
4
votes
2 answers

Java Sandbox API - Denying access in a used class

I struggle a little bit with the java-sandbox API. Consider the following code: Sandkiste.java: import java.util.List; import java.util.concurrent.TimeUnit; import net.datenwerke.sandbox.*; import…
tastyPI
  • 53
  • 5
4
votes
1 answer

Security manager java stop override

If I set a security manager, for example: private static class SecManager extends SecurityManager { ... } With: System.setSecurityManager(new SecManager()); Which permission can I use (or rather prevent), to stop code further down the line setting…
ThePerson
  • 3,048
  • 8
  • 43
  • 69
4
votes
2 answers

how to get permissions information from a java.lang.SecurityManager?

I am doing some debugging in an application (not applet) and have obtained the system's security manager via a call to System.getSecurityManager(). How can I print all configuration information that this SecurityManager was setup with? Looking at…
Marcus Junius Brutus
  • 26,087
  • 41
  • 189
  • 331
4
votes
2 answers

Application Wrapper using Java

Is it possible to implement a wrapper application for other (Java) applications using Java? The purpose is to enforce usage policies for documents independent of the application used to work with a specific document. E.G. I have an encrypted…
bandt
  • 41
  • 1
3
votes
1 answer

access denied ("java.io.FilePermission" "" "read")

I am making a game in Java using the framework pulpcore, I keep getting this error: java.security.AccessControlExecption: access denied ("java.io.FilePermission" "scores.dat" "read") Anyone have any idea how to fix this? I know that it is something…
TechAUmNu
  • 152
  • 1
  • 3
  • 11
3
votes
1 answer

Alternative to SecurityManager for high-risk base function calls

I have a program which dynamically loads and runs class files from disk as well as remote servers. I want to integrate a User Management system which allows me to call a user authentication method before a high-risk function call is allowed, such…
DanSchirripa
  • 31
  • 1
3
votes
0 answers

Is it possible to use SecurityManager to control which classes can write to stdout/stderr?

I'm curious if it's possible to restrict who can write to System.out/System.err using a SecurityManager. Looking at System.java this doesn't appear to be possible out of the box, but perhaps there's another layer I haven't looked at? If it's not…
dimo414
  • 47,227
  • 18
  • 148
  • 244
3
votes
1 answer

ClassNotFoundException issued by URLClassLoader when the Security Manager is enabled

For an experimental project, I am trying to load a class with URLClassLoader with the security manager enabled. Despite the fact that the URL and that the class do exist, the code always fails with a ClassNotFoundException. This behaviour has been…
Corentor
  • 661
  • 1
  • 6
  • 11
3
votes
0 answers

Java SecurityManager grant vs grant codebase

I am investigating java security manager. I see that 'grant' is required attribute for *.policy file and it is global. But how it will behave in case if I add 'grant codeBase' for the same resoure. For example: grant codeBase…
Alex85
  • 135
  • 1
  • 3
  • 10
3
votes
1 answer

How do I use a Custom Provider [keycloak] for OAuth2.0 in Flask-Appbuilder?

I am trying to implement keycloak as a OAuth2.0 provider. I have all the necessary OAUTH_PROVIDER information and I have declared the AUTH_TYPE, AUTH_USER_REGISTRATION, AUTH_USER_REGISTRATION_ROLE (See code below) AUTH_TYPE =…
Brent
  • 177
  • 2
  • 9
3
votes
2 answers

How to detect time of ClassLoading

I have a TrirdParty API that contains a CLass [let's say A]. It has a bizarre static block similar to the following: class A { static { try { System.loadLibrary("libraryName"); } …
Swaranga Sarma
  • 13,055
  • 19
  • 60
  • 93
3
votes
1 answer

Why any file can be read with using java.security.SecurityManager in java?

I just want some files to be read and written in my Java program. So I use java.security.SecurityManager to manage this, but it seems unsatisfactory. The Main.java file is below import java.io.*; import java.util.*; public class Main { static…
islands
  • 43
  • 4
3
votes
1 answer

A java SecurityManager that is identical to NO security manager except for a single check adjustment for System.exit

I am not well versed in java security managers and therefore want to confirm my understanding: I have a java process that randomly stops (shutdown hook runs) even though there is no trace of someone killing it. As a result I decided to install a…
Alexandros
  • 2,097
  • 20
  • 27
3
votes
2 answers

How to create newInstance with enabled SecurityManager in Java

I need to create new instance of a class loaded from untrusted classfile. Now I do the following: classLoader.loadClass(UNSTRUSTED_CLASS).newInstance() The problem is that if I enable security manager it doesn't permit to call newInstance, but if I…
krems
  • 749
  • 6
  • 14
1 2 3
14 15