JEP411: Restricting/logging library usages using a SecurityManager

Roel Spilker r.spilker at gmail.com
Thu Apr 15 21:10:30 UTC 2021


Hi all,

So I do get why RMI and Applets are no longer used.

I also agree that the performance and usability of the current
implementation is suboptimal, and that configuring the security manager
through text files is also not that easy.

But on my server application, we use libraries. And I'm very interested on
how they behave.

I would like to log or restrict the following actions:
- Spawning new processes
- Unexpected file access
- Unexpected network traffic

Currently, our application sets a custom written security manager to
restrict or log those aspects.

For example, we would block all XXE attacks by just having our security
manager.

In JEP411 I did not find a way to do those things without a security
manager.

What does the security group think about these use cases? Does it still
make sense to deprecate/remove the entire security manager? Would a
replacement for certain concerns be in order?

Kind regards,

Roel Spilker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210415/52013aef/attachment.htm>


More information about the security-dev mailing list