wood burning stoves 2.0*
The moose likes Java in General and the fly likes Question on ClassLoader Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Question on ClassLoader " Watch "Question on ClassLoader " New topic
Author

Question on ClassLoader

Robert Paris
Ranch Hand

Joined: Jul 28, 2002
Posts: 585
Is it possible to create security policies that are applied by ClassLoader? What I mean is, imagine I have an application Main that starts a whole bunch of other applications. It allows them to all run in the same JVM, and manages them. To make sure they're all completely invisible to each other, it creates each app in its own classloader (is this a guarantee? I can control the top level classloader, but can they create a classloader than can somehow look into other classloaders, or get classes from the JVM? - that's a separate question, sorry). So I have something like this:
----------Main App -------------...n
| |
|----| |----|
ClassLoader1 ClassLoader2
| |
App1 App2
What I'd like to do is simulate the following:
java -Djava.security.manage -Djava.security.policy=pol1.policy App1
java -Djava.security.manage -Djava.security.policy=pol2.policy App2
(along with all the java.security.auth, etc)
Is it possible to do that? Would I have to create my own Securitymanager implementation? Or just a policy implementation? Or is it at the AccessController? What would I need to do to be able to set security policies for each classloader? (And any class instantiated directly/indirectly by a class loaded by that classloader. What are the implications if someone calls: System.getSystemClassLoader()? Do I have to keep that permission from them?)
Thanks!
karl koch
Ranch Hand

Joined: May 25, 2001
Posts: 388
hi
i think you can apply different policies if they are loaded from different codebases.
put the classes of your app in different directories/jars/servers and then you should be able to apply different rules to them.
k
Robert Paris
Ranch Hand

Joined: Jul 28, 2002
Posts: 585
Well, but that's not quite what I was thinking of. Remember that it's what is on the stack that matters, not just what the code-base of one thing is. So I want to completely isolate each one so that I guarantee that the only protectiondomains on the stack are what's under that classloader and anything created via those classes.
Robert Paris
Ranch Hand

Joined: Jul 28, 2002
Posts: 585
I'm working on this and will post when I figure it out. In the meantime if anyone can shorten my search...
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
Sooo... will the Principal-based security introduced with JAAS do it?
- Peter
Robert Paris
Ranch Hand

Joined: Jul 28, 2002
Posts: 585
no, because I want truly isolated and where it's a full Java 2 security solution in that isolated context. In other words, each context would have its own security manager. So, if one context didn't want it to be principal based, it wouldn't be.
 
 
subject: Question on ClassLoader
 
Similar Threads
MDB @PostConstruct error
ok new question...
JBoss in Action: different class loaders for each web application
Custom Policy, Security Manager? Best approaches?
Giving each webapp its own context root