Java Security Manager

A Java class that allows applications to implement a security policy.

Usually, the JavaSecurityManager becomes visible when it denies access to a resource like local files:

java.security.AccessControlException: access denied (java.io.FilePermission /foo.xml read) 
   at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
   at java.security.AccessController.checkPermission(AccessController.java:401)
   at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
   at java.lang.SecurityManager.checkRead(SecurityManager.java:863)
   at java.io.File.exists(File.java:678)
   at com.badguys.BadCode$BadThread.run(BadCode.java:32)

However, the most common example can be seen with Java applets which are prevented from:

• accessing the file system
• making network connections (for the most part)
• creating new processes
• creating class loaders

If there is a security manager in place, the following operations will be checked:

• Accept a socket connection from a specified host and port number
• Modify a thread (change its priority, stop it, and so on)
• Open a socket connection to a specified host and port number
• Create a new class loader
• Delete a specified file
• Create a new process
• Cause the application to exit
• Load a dynamic library that contains native methods
• Wait for a connection on a specified local port number
• Load a class from a specified package (used by class loaders)
• Add a new class to a specified package (used by class loaders)
• Access or modify system properties
• Access a specified system property
• Read from a specified file
• Write to a specified file

Java applications, by default, won't use a security manager unless a policy file has been specified at the time of application launch. To specify a java policy read up on the following syntax:

java -Djava.security.manager -Djava.security.policy=someURL SomeApp

The system policy file is by default located at java.home/lib/security/java.policy

see more at: http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html

An attempt to implement something similar in the RubyLanguage is being made in the SecuredRuby project.

Is there something similar in Smalltalk?

contributors: AnonymousDonors, EricHerman