greggwon at cox.net
Thu Apr 6 13:24:50 UTC 2017
> On Apr 6, 2017, at 2:07 AM, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> On 05/04/2017 20:53, Reto Merz wrote:
>>>> To be honest, we don't see a lot of security manager
>>>> usage on the server side these days.
>> I'm really surprised about that. How can a app server or servlet container
>> like JBoss Tomcat etc guarantee that System.exit does not shut down the JVM?
> AFAIK the app servers have to provide a way to run with a security manager but I don't know how many app server run it by default.
> The System.exit example is a good example that has come up a few times. There is at least one IDE that used to run with a SM so that it could block plugins from calling System.exit. That use case is one that probably needs a specific API.
SecurityManager provides exactly the API because you can just not give that permission to the jar.
SecurityManager needs to be used more, and that means that it needs to be fixed. Even the low level JVM operations can be driven by SecurityManager operations that are just as efficient (complexity) as these command line options.
More information about the jigsaw-dev