Reputation: 222
Running Local Java Application with File System & Port restrictions
I need to run a java application (not an applet or JNLP, but a full blown application in the JRE) and need some restrictions on:
File System - The app could only access 1 folder to read & write (this would be a fixed path for the app's reference like / )
Ports - The app could only access several local ports. (eg could only access port 8080 / 3306 only)
Is there a way to do this? I have searched through Java Security & Policies but came nothing close to a solution.
I am considering to write a container to run this app or changing / overriding the classes (in case of OpenJDK). Is this ok?
This is for an open source project that we are about to start, Appreciate some good advice from the wise StackExchange community.
regards
Upvotes: 1
Views: 316
Answers (2)
Reputation: 3247
SJuan76 has the right answer here. The SecurityManager is the appropriate way to restrict files/directories a java app can access. This tutorial might be a good guide to setting that up.
You can restrict the ports your java app listens on. But restricting ports really requires an OS level firewall to be configured.
Upvotes: 1
Reputation: 24780
First and most basic, run the java application with a user who has the minimum permissions required for the app to do its work.
Secondly, set the java SecurityManager and configure it.
Upvotes: 2
Related Questions
- How to run java code in a restricted sandbox (without network, filesystem access)
- Local File Access via Web-Application
- How to run .exe file of swing application over Local Area Network?
- Java application from local machine to the server
- Forbidding Java URL from fetching local files?
- Running a Java application in a network location
- Prevent accessing Unix files through JVM ( any code running in application server JVM)
- Execute external Java source code on server - limit security and resources?
- Running Java application on server
- How to deploy an application with firewall permissions on Mac?