I am creating an application that runs downloaded Java code, and I would like to be able to specify exactly which built-in Java classes the code can access. I imagine this involves using a ClassLoader and SecurityManager, but what I've found on google has not been helpful.
How do I create a class whitelist for user code in Java?
3.4k Views Asked by Dan At
1
There are 1 best solutions below
Related Questions in JAVA
- I need the BIRT.war that is compatible with Java 17 and Tomcat 10
- Creating global Class holder
- No method found for class java.lang.String in Kafka
- Issue edit a jtable with a pictures
- getting error when trying to launch kotlin jar file that use supabase "java.lang.NoClassDefFoundError"
- Does the && (logical AND) operator have a higher precedence than || (logical OR) operator in Java?
- Mixed color rendering in a JTable
- HTTPS configuration in Spring Boot, server returning timeout
- How to use Layout to create textfields which dont increase in size?
- Function for making the code wait in javafx
- How to create beans of the same class for multiple template parameters in Spring
- How could you print a specific String from an array with the values of an array from a double array on the same line, using iteration to print all?
- org.telegram.telegrambots.meta.exceptions.TelegramApiException: Bot token and username can't be empty
- Accessing Secret Variables in Classic Pipelines through Java app in Azure DevOps
- Postgres && statement Error in Mybatis Mapper?
Related Questions in WHITELIST
- How are white-listed domains actually enforced by some of the big API providers?
- Deny DynamoDB Access if IP address not on allow list
- Modify android WebView and create whitelist
- Is it Secure to Authenticate Solely Based on Spring Security's hasIpAddress Configuration?
- I need to add Woocommerce to my whitelist to allow access to woo mobile app
- Better way to allow only specific paths in Apache
- Issue with Vimeo whitelisting (domain specified security) in mobile app implementation
- Whitelist local server in google chrome
- Whitelisting an IP address for sms notification with an AWS application Load Balancer
- Ip is whitelisted but still getting error to connecting MongoDB
- traefik ingress is not showing the clientAddr external IP when externalTrafficPolicy set to Local
- Java Spring Framework Is there a way to only allow the application to make network requests to specific urls
- Discover External IP Range for Firebase Functions (Google Cloud Functions) by region?
- Tesseract whitelist is not accepting special characters
- How do I block a path in traefik?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I think that in your case you should create your custom class loader or use UrlClassLoader configured to load classes from specified URLs. Note that file in file system can be interpreted as URL to, so do not worry.
If for example you have 2 jar files foo.jar and bar.jar. foo.jar is permitted, bar.jar is restricted for the part of your application. Just add to the class loader's path the first jar only. The second will be invisible.
If you wish to throw SecurityException when forbidden classes are accessed yo have to implement your own class loader. It could be a composite of 2 URL class loaders: one with foo.jar, other with bar.jar in a classpath. The second class loader should override method loadClass and throw security exception every time the class is successfully loaded. Although I do not see serious benefits of this solution.