¿Es posible tener un firewall alrededor de las aplicaciones?

I want to host a game called Minecraft and let people upload their own Java JAR.
Now I want to restrict them to a certain port range.
As running all JVM's in virtual boxes is overkill we just stack them, but how do I prevent a user of using the default port?
Maybe something with javaagent in startup line?

Would this be a good sample code?

// invoke the jar with a URLClassLoader

preguntado el 01 de febrero de 12 a las 14:02

No entiendo el Cerrar votes as fuera de contexto - looks like a valid question to me with SecurityManager being one of the possible answers... -

@Voters: This is no off-topic. Programmatically restricting the app's port-trange is a perfectly on-topic question. -

3 Respuestas

I think you're actually looking for a sandbox and not a firewall. The java gerente de seguridad lets you do things like this through policies.

Respondido 01 Feb 12, 18:02

You should be able to modify the security policy for the JVM to restrict network access. Some info here: http://docs.oracle.com/javase/1.4.2/docs/guide/security/permissions.html#SocketPermission

Respondido 01 Feb 12, 18:02

How could I implement that? Will I have to run a JVM that executes a JAR with those permissions? Some sample code would be great! - BronzeByte

@BronzeByte: Read the whole page (or the start of it, at least) - skaffman

@BronzeByte - you would put the uploaded jar files in a particular folder, and set permissions on that location as the 'codebase'. The policy file already exists in the JVM config somewhere - you just edit it. There is example config and info at the top of the page I linked. - sje397

@BronzeByte - no :) You don't need code. There is already an xml file containing the policy that is part of the JRE configuration, which you just need to edit. - sje397

@sje397 I can't seem to find the file path in any documentations :P - BronzeByte

And what about other security issues like file system access? Looks like you need a VM restricted like an Applet in a browser (Applet Security Managers).

Respondido 01 Feb 12, 18:02

JVM means Java Virtual Machine, now just need to make it not access the host system :) But I already have an application for not touching other files (not tested yet) and I chmod everything well :) - BronzeByte

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.