Java Security manager per thread_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-21 02:03 出处：网络

I want to run a specific thread-class in a restricted sandbox, while the rest of the application can run unrestricted.

Is it possible to attach a security manager for a specific thread-class only?

EDIT: Using Peter's hint, I created the following variable, inside my custom security manager:

private static ThreadLocal<Boolean> isChatbot = new InheritableThreadLocal<Boolean>() {
  @Override protected synchronized Boolean initialValue() {
    boolean value = (Thread.currentThread() instanceof ChatBot);
    return value;
  }
  @Override protected synchronized Boolean childValue(Boolean parentValue) {
    boolean value = (Thread.currentThread() instanceof ChatBot || parentValue);
    return value;
  }
};

ChatBot is my specific class of threads which I want to run restricted. So in开发者_运维技巧 initialValue I give the value 'true' to all ChatBot threads, and in childValue I also give the value 'true' to all childs spawned by a ChatBot thread.

Strangely, this doesn't work. I put a breakpoint inside childValue, and I saw that the execution never gets there, so child threads get a value of 'false'.

What am I doing wrong?

You can create a security manager which only checks one thread (or every thread with an InheritableThreadLocal) The benefit of using an InheritableThreadLocal is that any spawned thread will also be checked.