I am designing a plugin-supported architecture I will begin to use in more of my desktop applications.
I have successfully created a system that uses java.net.URLClassLoader and java.util.ServiceLoader to load in the classes (and initiate the plugin using the specified class in META-INF/services/binary_package_name_of_api_plugin_interface_here).
Now I need to be able to implement security measures to prohibit plugin software from executing I/O operations outside of a certain delegated area (sandbox) as well as not being allowed to access the network, except maybe for a few predefined pages/IPs.
I have failed to really understand the java.security package framework up until this point. Actually, I still don't understand it.
I would rather implement this security without the use of separate files (like the .policy or whatever), but if you can explain to me how that works, I would be happy to consider it.
Mainly, I'm asking where to start. What should I be subclassing/creating? Should I start with SecurityManager? BasicPermission? AccessControl or AccessControlContext?
Any help would be appreciated. Thanks for your time!
ADDITIONAL: a code snippet from the PluginManager class
[CODE] //Uses the pre-defined URLClassLoader 'loader' to load classes. ServiceLoader finds the class implementing Plugin. public void loadPlugins() { if(path.length > 0) { ServiceLoader<Plugin> plugins = ServiceLoader.load(Plugin.class, loader); Iterator<Plugin> it = plugins.iterator(); while(it.hasNext()) { Plugin p = (Plugin) it.next(); p.init(); Interface.request(p.getName() + " "+p.getVersion()+" by: "+p.getAuthor()); } } } [/CODE]