Java Reference
In-Depth Information
[Oracle 2013c]
Java Platform Standard Edition 7 Documentation
[Policy 2010]
“Permission Descriptions and Risks”
20. Create a secure sandbox using a security manager
According to the Java API Class
SecurityManager
documentation [API 2013],
The security manager is a class that allows applications to implement a security
policy. It allows an application to determine, before performing a possibly unsafe or
sensitive operation, what the operation is and whether it is being attempted in a se-
curity context that allows the operation to be performed. The application can allow
or disallow the operation.
A security manager may be associated with any Java code.
The applet security manager denies applets all but the most essential privileges. It is
designedtoprotectagainstinadvertentsystemmodification,informationleakage,anduser
impersonation. The use of security managers is not limited to client-side protection. Web
servers, such as Tomcat and WebSphere, use this facility to isolate trojan servlets and ma-
liciousJavaServerPages(JSP)aswellastoprotectsensitivesystemresourcesfrominad-
vertent access.
Java applications that run from the command line can set a default or custom security
manager using a command-line flag. Alternatively, it is possible to install a security man-
ager programmatically. Installing a security manager programmatically helps create a de-
fault sandbox that allows or denies sensitive actions on the basis of the security policy in
effect.
FromJava2SEPlatformonward,
SecurityManager
isanonabstractclass.Asaresult,
there is no explicit requirement to override its methods. To create and use a security
manager programmatically, the code must have the runtime permissions
createSecur-
ityManager
(to instantiate
SecurityManager
) and
setSecurityManager
(to install it).
These permissions are checked only if a security manager is already installed. This is use-
ful for situations in which a default security manager is in place, such as on a virtual host,
and individual hosts must be denied the requisite permissions for overriding the default
security manager with a custom one.
The security manager is closely tied to the
AccessController
class. The former is
used as a hub for access control, whereas the latter provides the actual implementation of
the access control algorithm. The security manager supports
