Each running JVM has at most one SecurityManager installed.
SecurityManager is a class in the java.lang package. So, you
can subclass this and establish your own security manager using
the System.setSecurityManager() method. Once a manager is installed,
it cannot be replaced. So, once a program has set the security
manager, a SecurityException will be thrown if another attempt
is made. No one can maliciously alter its function by replacing
it.
What it allows you to do:
- allows you to establish a security policy such that you
can trust or restrict the operations of a Java program
- restrict file i/o
- restrict network connections
- restrict access to native code
- restrict launching of other processes
The process:
Tip to create your own SecurityManager class
- When creating your own SecurityManager you normally do not
directly subclass SecurityManager. Instead, most people tend
to create a NullSecurityManager that extends SecurityManager
but opens access to everything. Then, you subclass this manager
overriding the checks you wish to restrict.
- Go to java.sun.com for more tips. (e.g. go here)