public class SecureSM
extends java.lang.SecurityManager
There are a few major problems that require custom SecurityManager logic to fix:
exitVM permission is implicitly granted to all code by the default
Policy implementation. For a server app, this is not wanted. modifyThread/modifyThreadGroup. Applications
are encouraged to override the logic here to implement a stricter policy.
modifyThread is abused by its shutdown checks. This means
a thread must have modifyThread to even terminate its own pool, leaving
system threads unprotected.
exitVM calls, and provides a whitelist where calls
from exit are allowed.
Additionally it enforces threadgroup security with the following rules:
modifyThread and modifyThreadGroup are required for any thread access
checks: with these permissions, access is granted as long as the thread group is
the same or an ancestor (sourceGroup.parentOf(targetGroup) == true).
ThreadPermission can violate
threadgroup security rules.
If java security debugging (java.security.debug) is enabled, and this SecurityManager
is installed, it will emit additional debugging information when threadgroup access checks fail.
SecurityManager.checkAccess(Thread),
SecurityManager.checkAccess(ThreadGroup),
http://cs.oswego.edu/pipermail/concurrency-interest/2009-August/006508.html| Constructor | Description |
|---|---|
SecureSM() |
Creates a new security manager where no packages can exit nor halt the virtual machine.
|
SecureSM(java.lang.String[] classesThatCanExit) |
Creates a new security manager with the specified list of regular expressions as the those that class names will be tested against to
check whether or not a class can exit or halt the virtual machine.
|
| Modifier and Type | Method | Description |
|---|---|---|
void |
checkAccess(java.lang.Thread t) |
|
void |
checkAccess(java.lang.ThreadGroup g) |
|
void |
checkExit(int status) |
|
protected void |
checkThreadAccess(java.lang.Thread t) |
|
protected void |
checkThreadGroupAccess(java.lang.ThreadGroup g) |
|
static SecureSM |
createTestSecureSM() |
Creates a new security manager with a standard set of test packages being the only packages that can exit or halt the virtual
machine.
|
protected void |
innerCheckExit(int status) |
The "Uwe Schindler" algorithm.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitcheckAccept, checkAwtEventQueueAccess, checkConnect, checkConnect, checkCreateClassLoader, checkDelete, checkExec, checkLink, checkListen, checkMemberAccess, checkMulticast, checkMulticast, checkPackageAccess, checkPackageDefinition, checkPermission, checkPermission, checkPrintJobAccess, checkPropertiesAccess, checkPropertyAccess, checkRead, checkRead, checkRead, checkSecurityAccess, checkSetFactory, checkSystemClipboardAccess, checkTopLevelWindow, checkWrite, checkWrite, getClassContext, getSecurityContext, getThreadGrouppublic SecureSM()
public SecureSM(java.lang.String[] classesThatCanExit)
classesThatCanExit - the list of classes that can exit or halt the virtual machinepublic static SecureSM createTestSecureSM()
org.apache.maven.surefire.booter.com.carrotsearch.ant.tasks.junit4.org.eclipse.internal.junit.runner.com.intellij.rt.execution.junit.public void checkAccess(java.lang.Thread t)
checkAccess in class java.lang.SecurityManagerpublic void checkAccess(java.lang.ThreadGroup g)
checkAccess in class java.lang.SecurityManagerprotected void checkThreadAccess(java.lang.Thread t)
protected void checkThreadGroupAccess(java.lang.ThreadGroup g)
public void checkExit(int status)
checkExit in class java.lang.SecurityManagerprotected void innerCheckExit(int status)
status - the exit status