I need to run a java application (not an applet or JNLP, but a full blown application in the JRE) and need some restrictions on:
-
File System – The app could only access 1 folder to read & write (this would be a fixed path for the app’s reference like / )
-
Ports – The app could only access several local ports. (eg could only access port 8080 / 3306 only)
Is there a way to do this? I have searched through Java Security & Policies but came nothing close to a solution.
I am considering to write a container to run this app or changing / overriding the classes (in case of OpenJDK). Is this ok?
This is for an open source project that we are about to start, Appreciate some good advice from the wise StackExchange community.
regards
First and most basic, run the java application with a user who has the minimum permissions required for the app to do its work.
Secondly, set the java
SecurityManagerand configure it.