Skip to main content

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

  • From: "Jason T. Greene" <jason.greene@...>
  • To: jsr342-experts@...
  • Cc: Bill Shannon <bill.shannon@...>
  • Subject: [javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE
  • Date: Fri, 09 Mar 2012 00:29:11 -0600
  • List-id: <jsr342-experts.javaee-spec.java.net>

On 2/10/12 4:01 PM, Bill Shannon wrote:
***** Unless there are objections, we intend to make this
***** requirement explicit in the EE 7 spec.

Agreed.

***** Would you support a requirement to be able to run
***** applications with a restricted set of permissions?

Yes.



We think it's especially likely that a Java EE cloud product
will use a security manager to maintain control over the
operational environment. Remember, our target is PaaS, not
Middleware over IaaS:
http://blogs.oracle.com/rezashafii/entry/paas_is_not_middleware_over

In a true PaaS environment, application permissions are likely
to be restricted to only what's needed. In such an environment,
it may be useful to know if the application needs any permissions
beyond the minimum that the platform spec guarantees.

Something we've been considering for quite some time is to provide
a way for an application to include a list of these additional
permissions it needs. The platform implementation could then
evaluate these permissions and ensure that the application is
granted what it needs, or reject deployment of the application.

***** Would you support including such a capability in Java EE?

IMO I think sandboxing at the process level is really the only safe way to do this. As the JVM stands today, a security policy will fall short of PAAS environment's complete needs. There is simply no way to limit heap and cpu usage, so you already have to do this at the OS level. That said, I don't see a problem with another layer of protection based on this.

As to application developer producing a list of desired perms, it's hard for me to see how this is particularly useful. I guess the aim is simply to fail fast as opposed to after it's running for awhile?


Other than the first item above, we're not sure how many of these
items we can address for EE 7, but we wanted to see if there was
support in principle for these items before we moved forward.

Let us know what you think.


--
Jason T. Greene
JBoss AS Lead / EAP Platform Architect
JBoss, a division of Red Hat


[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

(continued)

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Markus Eisele 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Jevgeni Kabanov 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Jeff Genender 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Florent BENOIT 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/14/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Markus Eisele 03/15/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/16/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Jason T. Greene 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Jevgeni Kabanov 03/09/2012
 
 
Close
loading
Please Confirm
Close