Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 20 of 20

Thread: Java Security Implementation for Plugin Supported Architecture

  1. #1
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Java Security Implementation for Plugin Supported Architecture

    I am designing a plugin-supported architecture I will begin to use in more of my desktop applications.

    I have successfully created a system that uses java.net.URLClassLoader and java.util.ServiceLoader to load in the classes (and initiate the plugin using the specified class in META-INF/services/binary_package_name_of_api_plugin_interface_here).

    Now I need to be able to implement security measures to prohibit plugin software from executing I/O operations outside of a certain delegated area (sandbox) as well as not being allowed to access the network, except maybe for a few predefined pages/IPs.

    I have failed to really understand the java.security package framework up until this point. Actually, I still don't understand it.

    I would rather implement this security without the use of separate files (like the .policy or whatever), but if you can explain to me how that works, I would be happy to consider it.

    Mainly, I'm asking where to start. What should I be subclassing/creating? Should I start with SecurityManager? BasicPermission? AccessControl or AccessControlContext?

    Any help would be appreciated. Thanks for your time!

    ADDITIONAL: a code snippet from the PluginManager class

    [CODE]
            //Uses the pre-defined URLClassLoader 'loader' to load classes.  ServiceLoader finds the class implementing Plugin.
    	public void loadPlugins() {
    		if(path.length > 0) {
    			ServiceLoader<Plugin> plugins = ServiceLoader.load(Plugin.class, loader);
    			Iterator<Plugin> it = plugins.iterator();
    			while(it.hasNext()) {
    				Plugin p = (Plugin) it.next();
    				p.init();
    				Interface.request(p.getName() + " "+p.getVersion()+" by: "+p.getAuthor());
    			}
    		}
    	}
    [/CODE]
    Last edited by bgroenks96; November 20th, 2011 at 11:09 PM. Reason: added code snippets


  2. #2
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,110
    Thanks
    65
    Thanked 2,717 Times in 2,667 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Here's a small starting point, maybe:
    I have a small app that uses a Security Manger to prevent the programs it executes from doing a System.exit(0)
    It uses this call to set the Security manager:
    System.setSecurityManager(new MySecurityManager());

  3. #3
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Ok. So you can set your own security manager, which I am assuming is a subclass of SecurityManager, but how do you set permissions for it?

    Do you override checkPermission(...) so that it throws an exception under your terms or do you actually set a Permissions object?

  4. #4
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,110
    Thanks
    65
    Thanked 2,717 Times in 2,667 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    I extended SecurityManager and overrode the checkExit() method for my application.
    It throws an exception:
    throw new SecurityException("ExecuteJava - ignoring exit!");

  5. #5
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Ah ok I see. But how do you know it isn't your code calling for the exit? Do you name your threads or something like that?

  6. #6
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,110
    Thanks
    65
    Thanked 2,717 Times in 2,667 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Write the code, execute it and see what happens. See what values are available that will tell you what you want to know.

  7. #7
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    The only parameter is the exit code. I don't understand how that tells me what I wanted to know...

    I made the subclass, overrode the checkExit(int) method and called System.exit(0) from another class. I put a println in the overridden checkExit() method and it printed the exit value. That's it.

  8. #8
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,110
    Thanks
    65
    Thanked 2,717 Times in 2,667 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    What if your code uses a "secret" exit code?

  9. #9
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    I checked Sun's source code. Their implementation of checkExit(int) calls checkPermission(new RuntimePermission("exitVM."+status))

  10. #10
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Quote Originally Posted by Norm View Post
    What if your code uses a "secret" exit code?
    Ah ok I see what you're saying. But... isn't that bad practice since the exit code reports to the underlying OS if the exit was normal or not?

  11. #11
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,110
    Thanks
    65
    Thanked 2,717 Times in 2,667 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Can the checkExit method change the value being issued by the master app?

  12. #12
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Aha! Good idea!

    But... say you do want to use the actual java security Permissions classes... how do you use them? I can't find a list of property values anywhere in the documentation.

    If your application is open source, secret codes won't do you much good unless you're randomly generating them.

  13. #13
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,110
    Thanks
    65
    Thanked 2,717 Times in 2,667 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    My app is for my use. It's for executing a number of my other apps on a single JVM. All the other apps exit with 0 so no problem. I wanted to be able to execute any of my apps with this one program without any mods to them.

  14. #14
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Sun's source code in Runtime's exit method:

        public void exit(int status) {
            SecurityManager security = System.getSecurityManager();
            if (security != null) {
                security.checkExit(status);
            }
            Shutdown.exit(status);
        }

    That means whether the SecurityManager changes the exit status is irrelevant. The original call will be used either way, unless you override Runtime, which wouldn't work because the JVM constructs its own Runtime object.

  15. #15
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,110
    Thanks
    65
    Thanked 2,717 Times in 2,667 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    It's no problem for my code.

  16. #16
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Ok.

    Have you ever worked with the Java security framework much before? I just can't make sense of the policies and such...

  17. #17
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,110
    Thanks
    65
    Thanked 2,717 Times in 2,667 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    No, I don't think I have.
    Other that changes to the .java.policy file.

  18. #18
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    I'm starting to feel like its going to be really difficult to figure out how to handle what I need using the policy files.

    I might just design my own encrypted policy file using the ideas you stated here.

    Secret exit code and such can just go in the encrypted policy file. Read it... check it in the manager... that might work.

  19. #19
    Super Moderator Norm's Avatar
    Join Date
    May 2010
    Location
    Eastern Florida
    Posts
    25,110
    Thanks
    65
    Thanked 2,717 Times in 2,667 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Can the program generate a random "secret" exit code on start up instead of hardcoding it?

  20. #20
    Member
    Join Date
    Jun 2011
    Posts
    182
    My Mood
    Where
    Thanks
    15
    Thanked 8 Times in 8 Posts

    Default Re: Java Security Implementation for Plugin Supported Architecture

    Yes that is possible. I've been trying to use the a method where I override the SecurityManager methods I want to restrict and then just put code in each one that says if the current thread is a member of the PluginThreads ThreadGroup, block the action. This worked.... up until I started adding more overrides. Then I started having problems with Sun's internal code throwing SecurityExceptions when doing something as simple as displaying a window...

Similar Threads

  1. how to develop small plugin for browser using java?
    By vijay_p in forum Java Theory & Questions
    Replies: 5
    Last Post: November 19th, 2011, 04:12 AM
  2. Script to clear Java plugin Cache..
    By Einstein in forum AWT / Java Swing
    Replies: 3
    Last Post: October 9th, 2011, 11:44 AM
  3. Java Architecture help !!
    By java4 in forum Java Theory & Questions
    Replies: 1
    Last Post: September 20th, 2010, 01:11 PM
  4. IllegalArgumentException: Pan not supported
    By rtumatt in forum File I/O & Other I/O Streams
    Replies: 2
    Last Post: June 13th, 2010, 01:00 PM
  5. cross platform architecture in Java/J2ee
    By softwarebuzz in forum Web Frameworks
    Replies: 1
    Last Post: January 9th, 2010, 02:43 PM

Tags for this Thread