hey does anyone know an efficient way to write policies without using policy files
i have a server which must run user program which will be located on the server
the server must have full permissions but the user code have none
also (and painfully) the user code must be run in the same virtual machine of the server i.e the code is ran by calling userApp.main (shivers)
any help would be appreciated
You could write your own SecurityManager which has it own rules, or gets them in a different way.
Then you could make a PrivelegedAction, which invokes the user app.
Then you could give differend rights to that PrivelegedAction.
Or you could run the user apps whit a custom AccessController.
Both wil take a lot of care to make it safe, but it sound like a great project.
thanks, had looked into all that stuff, decided against it instead, its an absolute nightmare to do most of that stuff
ends up i had to run the user code in a new vm as i could not redirect System.in / out without having various user requests to run their code overlapping
so i run the user code in their own directory, and use a basic policy file that only allows them whatever permissions the question allows for, so i just specify the Running directort as the codebase and add my ProgramRunner to the classpath, which uses reflection, form a parent directory.
this protect is used to test first years in a computing course btw, suppose i could have mentioned that earlier, the security is to ensure that they behave : )
