I'm talking about sandboxing from the perspective of object capability patterns, where you can contain some actor inside a constrained classloader context and only allow execution through proxies that may be revoked. The JEE model, in theory, allows you to run several web applications without them stepping on each others toes, although I don't know how well implemented that is in practice.
BTW, Docker runs as root, so the virtual machine is where you get additional security: https://github.com/wsargent/docker-cheat-sheet#security On Mon, Sep 17, 2018 at 2:09 AM Alan Bateman <alan.bate...@oracle.com> wrote: > On 16/09/2018 20:37, Will Sargent wrote: > > > The security manager is legacy these days and I think we need to > figure out a plan how to deprecate and eventually bury it. > > I don't know of any research or papers that explicitly say that > SecurityManager is "legacy". I did some research into this a while ago, > and while SecurityManager has some major flaws, I don't know of any other > way to sandbox a Java application. > > Have you looked into native containers? It's easy to find examples of > applications running in a docker container for example. > > -Alan >