Java Reference
In-Depth Information
// Cannot set security manager, log appropriately
}
Compliant Solution (Custom Security Manager)
This compliant solution demonstrates how to instantiate a custom
Security-Manager
class called
CustomSecurityManager
by invoking its constructor with a password; this
custom security manager is then installed as the active security manager.
char password[] = /* initialize */
try {
System.setSecurityManager(
new CustomSecurityManager("password here")
);
} catch (SecurityException se) {
// Cannot set security manager, log appropriately
}
After this code executes, APIs that perform security checks will use the custom secur-
itymanager.Asnotedearlier,customsecuritymanagersshouldbeinstalledonlywhenthe
default security manager lacks the required functionality.
Applicability
Java security fundamentally depends on the existence of a security manager. In its ab-
sence, sensitive actions can execute without restriction.
Programmatic detection of the presence or absence of a
SecurityManager
at runtime
is straightforward. Static analysis can address the presence or absence of code that would
attempt to install a
SecurityManager
if the code were executed. Checking whether the
SecurityManager
isinstalled early enough,whether itspecifies thedesired properties, or
whether it is guaranteed to be installed may be possible in some special cases, but is gen-
erally undecidable.
Invocationofthe
setSecurityManager()
methodmaybeomittedincontrolledenvir-
onments in which it is known that a global-default security manager is
always
installed
from the command line. This is difficult to enforce, and can result in vulnerabilities if the
environment is incorrectly configured.