Is it possible to force JVM to check that every jar must be signed?

Question

Is it possible to force JVM to check that every JAR that is been loaded on the classloader is signed?

The behavior that I expect is that: if the signature is wrong or jar file is not signed, the JVM crashes, otherwise the program runs smoothly.

Answer 1

This is certainly possible (security is a central tenant of Java's design philosophy, after all), but generally Java handles such issues lazily rather than at JVM startup.

The generally recommended strategy is to install a security manager which will prevent any untrusted code (trust is defined by a policy file associated with the security manager) from accessing the OS or critical parts of the JVM. However such untrusted code can still run in the JVM sandbox, and your application won't crash until the untrusted code attempts to break out of the sandbox. Generally this is viewed as a feature.

If you really do need to verify at runtime that all Jars are signed you can inspect the classpath to get all the Jars being loaded and inspect their contents to verify they are signed. This answer provides example code detailing how to do this.

However the better practice is to avoid even spinning up the JVM with untrusted code in the first place, which is where the jarsigner application comes in. Before adding any Jars to your classpath verify them with jarsigner and you can be confident your JVM is only running trusted code. Once the JVM has started your options are more limited, so the best course of action is to only spin up the JVM once you're confident either in your security policy or the classes being loaded.