How to run an untrusted Java Swing application in a sandbox?

Question

How to run an untrusted Java Swing application in a sandbox?

I found that Java has some security permissions to control access to AWT resources. Is there anything to control what a Swing application can or cannot do, to avoid an untrusted application, to disrupt each other in a multi-application environment?

For instance:

Opening JFrame.
Opening a fully transparent JFrame.
Closing another example of an untrusted JFrame application.
etc.

Update to the question:

Invalid applications are launched from a unique JVM in a separate thread and loaded from a separate classloader. I would like to know how to make sure that none of the above examples of failures can happen.

Also, how to prevent an untrusted application from claiming to be one from another application, distorting its user interface? Any advice is appreciated.

+3

java security swing sandbox

Vincent Jun 08 '11 at 13:45

source share

1 answer

vanza · Accepted Answer · 2011-06-09T06:51:26+0000

I'm not sure what you want to do. AWT has a set of permissions that you can configure when you run the application in the sandbox (see AWTPermission , but they are very limited, and more aimed at preventing applets from doing bad things.

In addition, preventing imitation of another application does not seem impossible to me; if both applications are allowed to create user interface components, what prevents the creation of the same user interface components as others?

, , , , , -; , , , . Java, , - , JVM, , , ( FocusListener ).

How to run an untrusted Java Swing application in a sandbox?

More articles: