Hello Alex
As long as reflection is still permitted I think you could get around
most (all?) of these restrictions.
I'm pretty sure this can only be solved properly on VM level
(SecurityManager).
Cheers
Lars
On 15.01.2014 23:53, Alexander Klimetschek wrote:
On 15.01.2014, at 01:34, Carsten Ziegeler <cziege...@apache.org> wrote:
I think, that's already solved by the SecurityManager concept - so let's
not reinvent the wheel
One solution would be to add a new interface to use that only gives access to
the allowed methods. For example, say you only want to allow
System.currentTimeMillis(), you'd add a new interface MySystem which has this
method. And deny access to java.lang.System but allow MySystem in the package
importing.
Of course that won't work with existing code that makes use of
java.lang.System. But it would be a clean way...
The difference of the security manager is that it will allow access to the
class/method, but then do a security check if that caller is allowed (looking
at the passed context) and throw an exception if not.
This naturally makes it a lot more difficult to implement, since the code
itself has to set permissions, do the checks and handle exceptions.
Not giving access in the first place is a lot cleaner and simpler.
Cheers,
Alex.
