Low level hooks in JDK for instrumentation of permission checks.
Peter Firmstone
peter.firmstone at zeus.net.au
Sun Jun 13 10:34:32 UTC 2021
Thanks Alan,
I've been thinking that it may be preferable to have hooks that allowed
us to inject our own permission checks, rather than retaining existing
permission checks.
An implementation can override Guard::check without requiring a provider
mechanism.
The other advantage is the ability to customize Permission
implementations, such as allowing address ranges in a SocketPermission
implementation and not consulting DNS to resolve host names.
Cheers,
Peter.
On 10/06/2021 11:55 pm, Alan Bateman wrote:
> On 10/06/2021 07:40, Peter Firmstone wrote:
>>
>> Just a quick question, would it be possible that some JFR hooks might
>> also be useable for an authorisation layer?
>>
>>
> JFR events can't be used to intercept/veto operations, assuming that
> is what you are asking. However, it might be that JFR events are
> monitored as part of some overall security approach that takes into
> account events recorded for health, performance, or troubleshooting
> purposes.
>
> -Alan
--
Regards,
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.
More information about the security-dev
mailing list