问题
I would like to dynamically load a set of jars or classes (i.e. plugins loaded at runtime). At the same time, I would like to restrict what these plugins are able to do in the JVM. For a test case, I would like to restrict them to pretty much everything (right now I'm just allowing one System.getProperty value to be read).
I am currently using a security policy file, but I'm having difficulty specifying a policy for one folder or package in my codeBase, but not another.
Here is how my policy looks now:
grant codeBase "file:/home/max/programming/java/plugin/plugins/" {
permission java.util.PropertyPermission "java.version", "read";
};
grant codeBase "file:/home/max/programming/java/plugin/api/" {
permission java.security.AllPermission;
};
Where (for testing purposes), all files in the plugins package and folder are restricted, but the classes in the api folder are not. Is this possible? Do I have to create a custom class loader? Is there a better way to go about doing this?
Thanks.
回答1:
This answer solved my problems: Sandbox against malicious code in a Java application
来源:https://stackoverflow.com/questions/2626981/restricting-dynamically-loaded-classes-and-jars-based-on-a-security-policy