I am trying to reproduce an API for executing Java (like ideone.com has), but so far I'm having a lot of difficulties running Java sandboxed (SELinux sandbox doesn't work). I've heard about the Se...

Please don't post an answer saying "you shouldn't do this." I don't plan to use this in production code, but only for some hacking fun. In answering this question, I wanted to run some arbitrary u...

A recent question on SO lead me to an older answer about the Java Security Manager. My question about this line in that answer: The security manager impacts performances though, and it is rarely...

How to enforce reflection security by not allow the Method, Field, Constructor object to call setAccessible(true) ? SecurityPolicy File or something else? Normally for stand-alone Java application...

I'm trying to prohibit the call to System.exit(int); in some jars. These jars will be developed by external teams and loaded by our "container" application . My first reflex is to use the java se...

Context I am writing a Java system where code is executed in very strict sandboxes. A query (consisting of one or more classes) should only be allowed access to exactly one folder (and subfolders ...

permission java.net.SocketPermission "192.168.1.1:31337", "connect, accept, resolve"; What does the following permission allow? Is my Application allowed to accept connections only from 192.168.1...

I don't want to modify anything in my java home directory, however, I am afraid that sometimes my default java.policy file may be too permissive. Is there a way for me to use a specified policy fil...

I was hoping that someone can help me with the following: My understanding about java stack introspection (maybe a bit oversimplified here) is that a process generates a stack frame that is then a...

I'm trying to load a class via an URLClassLoader (well, it neither works with an normal class loader) and want them to not have any permission. Therefore, i created my own security manager, which ...

Question summary: How do I modify the code below so that untrusted, dynamically-loaded code runs in a security sandbox while the rest of the application remains unrestricted? Why doesn't URLClassLo...

I wanted to create a very restrictive security manager, so I extended SecurityManager and overridden all the custom checkXXX methods. But then I found out that my security manager is useless, beca...

I want to run a specific thread-class in a restricted sandbox, while the rest of the application can run unrestricted. Is it possible to attach a security manager for a specific thread-class only?...

Problem: In my Java application (not an applet) I wish to limit certain file operations to all classes except a list/group/package of classes that should not be restricted. Specifically, I would l...

Under the default security manager, if I create an ExecutorService (ThreadPoolExecutor in this case), I cannot shut it down, shutdown() just calls checkPermission("modifyThread") and thus immediate...

This article about Java security says: Code in the Java library consults the Security Manager whenever a dangerous operation is about to be attempted. So, what does this exactly mean? Say, i...

Currently I'm trying to write the Sandbox for running untrusted Java code. The idea is to isolate Java application from accessing file system or network sockets. The solution I have at the moment i...

I need to call some semi-trustworthy Java code and want to disable the ability to use reflection for the duration of that code's execution. try{ // disable reflection somehow someObject.method(...

I'm using Tomcat 6.0.24, as packaged for Ubuntu Karmic. The default security policy of Ubuntu's Tomcat package is pretty stringent, but appears straightforward. In /var/lib/tomcat6/conf/policy.d, t...

Is it sufficient to secure a Java web application with the rights of the user that is running the application server process or is it reasonable also to use SecurityManager with a suitable policy f...