W3C home > Mailing lists > Public > www-jigsaw@w3.org > January to February 1997

sandbox resources

From: Anselm Baird_Smith <abaird@www43.inria.fr>
Date: Thu, 9 Jan 1997 09:29:29 +0100 (MET)
Message-Id: <199701090829.JAA11824@www43.inria.fr>
To: "S. Alexander Jacobson" <alex@virtual.office.com>
Cc: www-jigsaw@www10.w3.org
S. Alexander Jacobson writes:
 > I have multiple users shareing the same webserver.
 > 
 > I would like to allow users to "put" resources on a server and have those
 > resource run in some type of resticted "sandbox" using the security
 > manager. 
 > 
 > The difficulty is that an application can only have one security manager.
 > I don't want to conflict with other resources that have their own security
 > model.
 > 
 > Are you planning on defining some security manager spec or defining some
 > sandbox model for resources?

Indeed ! As next release of Jigsaw supports remote loading of
servlets, this will defintely be needed. I have been complaining about
SecurityManager conflicts in various forums, with no lack. If nothing
is done at the java level to solve the problem (I think JECF API comes
with somthing along those lines, didn't had time to check), then I
will probably do:

a) A JigsawSecurityInterface
b) A JigsawSecurityImplementation object
c) Provide a default security manager that implements the std part and
   delegate Jigsaw calls to the impl object

Then, if I want to include Aglets within Jigsaw (with their own
securiy manaager), I would probably extend the Aglet security manager
(making it implement JigsawSecurityInterface), and have it delegate
these methods to same impl as above.

Anselm.
BTW: I am still unsure as to wether I will have time to do this before
feb. release, if not, I'll make sure to provide at least a very rough
impl of the current Java security manager
Received on Thursday, 9 January 1997 03:29:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:25 GMT