Is there a java web framework that uses Java’s security manager to achieve fine-grained security?

2020-08-03 • Java

In standard webapp settings, all code runs with the same permissions It is better to follow the principle of least privilege, and the Java Security Manager ("sandbox") should be implemented theoretically

I imagine a setting in which the code in webapp contains a "front end", its code has the right to perform only the operations allowed to be performed by the logged in user, and a "back end" with higher permissions and enforcement restricts the "front end" code The template and most of the control logic will then become part of the less privileged "front-end" code, limiting the ways in which an attacker may compromise security

Is this done? Is it already part of any common web framework?

Solution

I think kohsuke's stapler framework uses (or can use) Java Security Manager, but I can't find a reference for this at present The stapler framework is great (it is mainly used by Hudson / Jenkins), but its documentation is very incomplete

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Java – when I build an Android project with multiple libraries using ant, my build fails

< <上一篇

Java – how does limit in MySQL query make it possible to cancel flow

下一篇>>

搜索内容

Is there a java web framework that uses Java’s security manager to achieve fine-grained security?

Solution

热门文章