Java Security manager per thread

Question

I want to run a specific thread-class in a restricted sandbox, while the rest of the application can run unrestricted.

Is it possible to attach a security manager for a specific thread-class only?

--

EDIT: Using Peter's hint, I created the following variable, inside my custom security manager:

private static ThreadLocal<Boolean> isChatbot = new InheritableThreadLocal<Boolean>() {
  @Override protected synchronized Boolean initialValue() {
    boolean value = (Thread.currentThread() instanceof ChatBot);
    return value;
  }
  @Override protected synchronized Boolean childValue(Boolean parentValue) {
    boolean value = (Thread.currentThread() instanceof ChatBot || parentValue);
    return value;
  }
};

ChatBot is my specific class of threads which I want to run restricted. So in initialValue I give the value 'true' to all ChatBot threads, and in childValue I also give the value 'true' to all childs spawned by a ChatBot thread.

Strangely, this doesn't work. I put a breakpoint inside childValue, and I saw that the execution never gets there, so child threads get a value of 'false'.

What am I doing wrong?

score 1 · Accepted Answer · answered Jul 19 '11 at 09:26

1

You can create a security manager which only checks one thread (or every thread with an InheritableThreadLocal) The benefit of using an InheritableThreadLocal is that any spawned thread will also be checked.

answered Jul 19 '11 at 09:26

Peter Lawrey

525,659
79
751
1,130

2

I've wirrten a blog post containing details of what a per-thread SecurityManager would look like: http://alphaloop.blogspot.com/2014/08/a-per-thread-java-security-manager.html – alphaloop Jan 07 '17 at 00:26

Java Security manager per thread

1 Answers1

Linked