wood burning stoves 2.0*
The moose likes Security and the fly likes Enabling a security manager for a single jar Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Enabling a security manager for a single jar" Watch "Enabling a security manager for a single jar" New topic

Enabling a security manager for a single jar

Dave Koontz

Joined: Jun 10, 2005
Posts: 3
I have a signed applet that serves as a front-loader that will load code from a user provided jar. My applet is signed as it needs to interface with native libraries, but I want the user provided jar to be sandboxed. I looked at the Security Manager and it seems you can apply restrictions to a particular package although I will have no control over their naming so that doesn't work. This document (http://java.sun.com/developer/TechTips/2000/tt0926.html) indicated that it was possible, though difficult, to get information about the source of certain classes via the URLClassLoader which I assume would be used when loading my applet files. My biggest question is, can a Security Manager installed by my signed applet restrict the permissions for code loaded from an unsinged (or signed with a different certificate) jar file, and if so, where would I look for information on this?

David Koontz
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 41124
It's possible to use a SecurityManager for just those classes that are loaded by a particular ClassLoader. See this article (written by, ahem, yours truly) for how that works in a desktop app.

A problem could be that the Applet JVM installs a SecurityManager already; I'm not sure if it's possible to set a different one (even though the applet is signed and should have all the permissions). But a quick test will tell you for sure.

Ping & DNS - my free Android networking tools app
wood burning stoves
subject: Enabling a security manager for a single jar
Similar Threads
write java.io.file using applet?
Applet referencing an executable jar file!
Applets - 1.2 (again)
saving a file on local PC