You are viewing a plain text version of this content. The canonical link for it is here.

Posted to phoenix-dev@avalon.apache.org by "Pomfret, Nick (SQ)" <po...@bp.com> on 2002/11/29 11:25:37 UTC

security policy question

We are trying to prevent a 3rd party jar file from calling System.exit in
our Phoenix application.


In order to achieve this, we tried modifying the policy grants in
environment.xml in order to generate some security exceptions.  We were
unable to stop all permissions being grated to our application.  For
example:

<policy>
        <grant code-base="sar:SAR-INF/lib/*">
            <permission class="java.io.FilePermission"
                    target="${app.home}/*"
                    actions="read,write" />
        </grant>
</policy>

This allowed sockets to be created, something I would have though would only
be possible if SocketPermission was granted.

How do I revoke permissions (RuntimePermission in particular) for a
particular jar file?

Nick Pomfret

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>