Stack Overflow
Stack Overflow

Questions tagged [securitymanager]

A security manager is an object that defines a security policy for an application. This policy specifies actions that are unsafe or sensitive. Any actions not allowed by the security policy cause a SecurityException to be thrown. An application can also query its security manager to discover which actions are allowed.

218 questions
2
votes
1 answer

Java SecurityManager to prevent .. directory usage

I want to forbid a spring webapp (running in tomcat) from using any file paths that include ".." in them. Obviously the first place to do this is at the points where user information is sanitized before being used in file paths. However, there are…
HappyEngineer
  • 4,017
  • 9
  • 46
  • 60
2
votes
1 answer

Liferay 6.2: ClassNotFoundException: javax.faces.webapp.FacesServlet when PACL is enabled

I develop a portlet application which enables the security manager in liferay-plugin-package.properties: security-manager-enabled=true When the application starts, we get the stacktrace below in liferay 6.2 EE and 6.2.1 CE logs (Tomcat 7 bundle).…
Dominique
  • 4,272
  • 1
  • 16
  • 21
2
votes
2 answers

Allow System.exit only for certain classes

We are having a Java 1.7 application, that supports plugins, which customers can program in Java. We want to restrict the plugins however from calling System.exit. We can do this via a SecurityManager. However, in the core application there are rare…
Benni
  • 357
  • 6
  • 18
2
votes
1 answer

How to allow JRE to access itself?

So, I setup a custom Policy and enabled the SecurityManager and decided that I don't need any file permissions for my app. But if I try to open a URL with the https protocol, I get this error: access: access denied ("java.io.FilePermission"…
HRJ
  • 17,079
  • 11
  • 56
  • 80
2
votes
0 answers

How do I get additional information from ReflectPermission?

I would like to know the exact field or method that a class tries to access via reflection. As far as I know, the JVM asks for a ReflectPermission when a class tries to access non public fields or methods.
SirWindfield
  • 117
  • 2
  • 8
2
votes
1 answer

How to grant file read/write permission in a Security Manager policy file for variable parent directories

I'm learning to use Security Manager, and I'm getting this error when I run my unit tests: Exception in thread "main" java.security.AccessControlException: access denied ("java.io.FilePermission"…
GridDragon
  • 2,857
  • 2
  • 33
  • 41
2
votes
1 answer

Why does this seemingly equivalent SecurityManager code cause spurious exceptions?

This question is a follow-up to my previous question about unusual exceptions generated by a custom security manager. At a high level, I am interested in building an application that runs trusted code alongside untrusted code. My initial idea was to…
templatetypedef
  • 362,284
  • 104
  • 897
  • 1,065
2
votes
1 answer

Granting script under a SecurityManager to access system properties

I want to allow scripts in a sandbox to access system properties but I get AccessControlExceptions. Here is the code: import static org.junit.Assert.*; import java.security.AccessControlContext; import java.security.AccessController; import…
Aaron Digulla
  • 321,842
  • 108
  • 597
  • 820
2
votes
1 answer

Sandbox JPanel within JFrame

I have a JFrame with a JPanel in it. I'm loading some untrusted 3rd party code that needs to add some components to my JPanel. How can I sandbox my JPanel such that to make it impossible for the 3rd party components to access resources outside the…
Flavio
  • 846
  • 1
  • 9
  • 21
2
votes
1 answer

tomcat6 jsf2 security manager - IllegalStateException: javax.faces.application.ApplicationFactory

my trouble is IllegalStateException: Application was not properly initialized at startup, could not find Factory: javax.faces.application.ApplicationFactory this is my configuration catalina.policy grant codeBase "http://192.168.0.22:8080/test3/-"…
Levy Glez
  • 21
  • 1
2
votes
1 answer

Generate custom classes from within a security sandbox (e.g., applet)

I'd like to be able to generate and load custom classes within an (unsigned) applet. Generating them I can deal with, but I'm battling with the applet SecurityManager that doesn't seem to want me to load them. Here's a visual overview; as you can…
Boann
  • 48,794
  • 16
  • 117
  • 146
2
votes
1 answer

Porting Desktop App to Applet Sandbox

I've got an old Swing desktop application that I want to convert into an applet, and replace all the file IO with web service calls. I'm struggling to find a comprehensive list of specific things that applets are and are not allowed to do. I…
DeejUK
  • 12,891
  • 19
  • 89
  • 169
2
votes
1 answer

How to run Akka Future using given SecurityManager?

For an open-source multiplayer programming game written in Scala that loads players' bot code via a plug-in system from .jar files, I'd like to prevent the code of the bots from doing harm on the server system by running them under a restrictive…
Scalatron
  • 43
  • 4
1
vote
1 answer

Java SecurityManager - setting custom policy file

is there a way to create a custom policy file for the Java SecurityManager that is located wherever I want it to be? If it is, how would I do that, and how would I bind the SecurityManager to that file programmatially, that is not via the command…
deimos1988
  • 5,896
  • 7
  • 41
  • 57
1
vote
1 answer

Setting the Java SecurityManager for one method only

I have a method A which might look like following: public double A{ if (secM == null) { secM = new SecurityManager(); System.setSecurityManager(secM); } //do something and return a double } The problem is that once the…
deimos1988
  • 5,896
  • 7
  • 41
  • 57
1 2 3
14 15