How do I create a Java sandbox?

You are looking for a security manager. You can restrict the permissions of an application by specifying a policy.


  • Defining and registering your own security manager will allow you to limit what the code does - see oracle documentation for SecurityManager.

  • Also, consider creating a separate mechanism for loading the code - i.e. you could write or instantiate another Classloader to load the code from a special place. You might have a convention for loading the code - for example from a special directory or from a specially formatted zip file (as WAR files and JAR files). If you're writing a classloader it puts you in the position of having to do work to get the code loaded. This means that if you see something (or some dependency) you want to reject you can simply fail to load the code. http://java.sun.com/javase/6/docs/api/java/lang/ClassLoader.html

Tags:

Plugins

Java

Security

Sandbox

Recent Posts