Reputation: 2169
Is it possible to prevent JVM from accessing specific URLs?
I have a java application, which when starts, I'd like to make sure it can't access given URL ( either via DNS or IP ).
So far, JVM security policy looks like almost a perfect fit, I can start java application with security manager and a custom policy file.
java -Djava.security.manager *
The problem is that I don't see how to create a blacklist in the policy file, I only see ability to add whitelist.
Ideally, I'd like to add
permission java.security.AllPermission;
and blacklist for example
permission java.net.SocketPermission "8.8.8.8:53", "connect";
but I don't see how to create negative permission, or blacklist in policy file
P.S. I can't use iptables, since JVM is running in unprivileged docker container https://serverfault.com/questions/342357/block-an-ip-on-linux-without-the-use-of-iptables
Upvotes: 0
Views: 347
Answers (1)
Reputation: 2169
Instead of using security policy, I should change to use java security manager, and override
public void checkConnect(String host, int port);
public void checkConnect(String host, int port, Object context);
https://docs.oracle.com/javase/7/docs/technotes/guides/security/smPortGuide.html
By not overriding other methods, I will allow all other methods to be allowed, and in this method, based on the String host, I implement small logic to approve or deny the connection.
Upvotes: 1
Related Questions
- Can i make a Java Servlet unaccessible from outside?
- Filtering URLs to allow only the ones that are publicly visible
- Restricting Access to Java Servlet
- Prevent File Access via URL in Java Servlet Webapp
- Preventing URI navigation
- How do I prevent direct access of a jsp through a url?
- Forbidding Java URL from fetching local files?
- restrict url access in JSP
- Java EE : Prevent application URL hacking
- Prevent user from browsing internet