问题
I have an application that loads plugins (plain jar files) and runs code from them. The plugins are loaded using an URLClassLoader. I would like to prevent those plugings from accessing files and other resources, while retaining all permissions for my own code.
Here are the two features by which plugin code is distinct from my own application and its libraries: 1) It is loaded by a URLClassLoader created for this purpose. 2) Its jar files are copied to a specific directory, from which the URLClassLoader takes them.
But I don't see how I can use either feature to formulate a policy rule. The classloader can't be used at all in a policy rule (understandable, it's created at runtime). The directory can be used to grant specific permissions but not to take them away. There doesn't seem to be a syntax for "code from anywhere EXCEPT this directory" either.
Are there any other options?
回答1:
Subclass URLClassLoader. Add back in the security bits you miss out from not using URLClassLoader.newInstance. Override URLClassLoader.getPermissions(CodeSource) to return appropriate permissions.
It's probably best if the parent class loader just has the common types the plugin [statically] uses. The main application should be loaded from a different child class loader. Implementation classes can also be hidden by the package.access security property.
来源:https://stackoverflow.com/questions/5578501/java-security-policy-granting-access-depending-on-classloader