Disable Java reflection for the current thread

前端未结

关注

 3  1662

长发绾君心 2020-11-30 05:40

I need to call some semi-trustworthy Java code and want to disable the ability to use reflection for the duration of that code\'s execution.

try{
   // disa


      
      
        
          3条回答        

        
                    
            
            
                         
                
              
              
                
                   星月不相逢
                                             
                
                
                (楼主)
            
              
              
                2020-11-30 06:21
              

            
            
                        
Well, you can override SecurityManager.checkMemberAccess and give a stricter definition.  However, it doesn't really work like that. What happens for instance if the code defines a finaliser? 

On the clarification: Other APIs use reflection and other APIs. For instance, java.beans, LiveConnect and Rhino. An adversary could from within a script, say, create a new Rhino context without the shutter and thereby bootstrap into the full JRE. With an open system, a blacklist can never be finished. 

In summary: to use the Java security model you need to work with it, not against it.
    
             
                                                        
            
            
              
                
                0
              
                   
                
               讨论(0)
              
                                                  
              
              
                          
             
       
          
              
                                       
     查看其它3个回答


            
                         
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
                              			
        
        
        
          
            
            
              
              
            
    


                                 
              
            
                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复