users@javaee-spec.java.net

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

From: Jason T. Greene <jason.greene_at_redhat.com>
Date: Fri, 09 Mar 2012 00:29:11 -0600

On 2/10/12 4:01 PM, Bill Shannon wrote:
> ***** Unless there are objections, we intend to make this
> ***** requirement explicit in the EE 7 spec.

Agreed.

> ***** Would you support a requirement to be able to run
> ***** applications with a restricted set of permissions?

Yes.

>
>
> We think it's especially likely that a Java EE cloud product
> will use a security manager to maintain control over the
> operational environment. Remember, our target is PaaS, not
> Middleware over IaaS:
> http://blogs.oracle.com/rezashafii/entry/paas_is_not_middleware_over
>
> In a true PaaS environment, application permissions are likely
> to be restricted to only what's needed. In such an environment,
> it may be useful to know if the application needs any permissions
> beyond the minimum that the platform spec guarantees.
>
> Something we've been considering for quite some time is to provide
> a way for an application to include a list of these additional
> permissions it needs. The platform implementation could then
> evaluate these permissions and ensure that the application is
> granted what it needs, or reject deployment of the application.
>
> ***** Would you support including such a capability in Java EE?

IMO I think sandboxing at the process level is really the only safe way
to do this. As the JVM stands today, a security policy will fall short
of PAAS environment's complete needs. There is simply no way to limit
heap and cpu usage, so you already have to do this at the OS level. That
said, I don't see a problem with another layer of protection based on this.

As to application developer producing a list of desired perms, it's hard
for me to see how this is particularly useful. I guess the aim is simply
to fail fast as opposed to after it's running for awhile?

>
> Other than the first item above, we're not sure how many of these
> items we can address for EE 7, but we wanted to see if there was
> support in principle for these items before we moved forward.
>
> Let us know what you think.


-- 
Jason T. Greene
JBoss AS Lead / EAP Platform Architect
JBoss, a division of Red Hat