I am developing a system for loading, processing and supporting plugins in Java applications. One of the features that I feel is absolutely important for this before each of them can be deployed is the ability to create a safe environment in which plugins are limited to what they are allowed to do.
I did not understand how to use program files programmatically without running the -Djava.security.manager argument at startup. So for now.
My next idea was to override all the methods that I was worried about in the SecurityManager in my own subclass of SecurityManager and set limits on how they are executed.
Then the problem arose that the only way to find out who asked for this permission was to check the thread ID. So, I developed a system in which all plug-in threads are located and can ONLY be in the PluginThreads thread group.
It worked ... until it exploded. The problem is that some of the locked objects are internal operations performed by Sun code.
Thus, even the most basic operations, such as opening a window, will fail because my security manager refused access to the Sun code. There is no method around this using my thread verification method, because Sun code runs in the PluginThreads group.
So what I need to know:
1) Is it possible that I could figure out the context in which the call comes from using the current thread?
2) Is there a better way to do this that I don't know about?
3) If this method includes policy files, how do you load them into your code?
4) Is there any other method you can think of to prevent blocking of the Java internal code?
source share