We are having a Java 1.7 application, that supports plugins, which customers can program in Java. We want to restrict the plugins however from calling System.exit. We can do this via a SecurityManager. However, in the core application there are rare situation when we want to call System.exit. Is there a way to exclude classes or packages from a SecurityManager?
问问题
602 次
2 回答
3
Similar to Batty's answer except you can disable setting the security manager again and override the checkExit() method. What I would do is allow calls to System.exit() but this should trigger the plugin to stop/unload rather than exit the whole JVM.
You can use a Thread.currentThread().getStackTrace() to work out which code called the System.exit();
于 2014-05-19T16:11:48.880 回答
1
I think you are looking for this :
private static class ExitTrappedException extends SecurityException
{
}
private static void forbidSystemExitCall()
{
final SecurityManager securityManager = new SecurityManager() {
public void checkPermission( Permission permission )
{
if( "exitVM".equals( permission.getName() ) )
{
throw new ExitTrappedException() ;
}
}
} ;
System.setSecurityManager( securityManager ) ;
}
private static void enableSystemExitCall()
{
System.setSecurityManager( null ) ;
}
This is inside your class from which plugin is invoked.
put you plugin call between forbidSystemExitCall and enableSystemExitCall.
于 2014-05-19T15:40:42.500 回答