[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

From: Bill Shannon <>
Date: Fri, 09 Mar 2012 11:25:56 -0800

Markus Eisele wrote on 03/08/12 22:05:
>>>>> ***** Would you support a requirement to be able to run
>>>>> ***** applications with a restricted set of permissions?
> From a PaaS point of view this is a valuable feature. I highly
> recommend to keep an eye on the developer usability for this. To me
> this sounds like we could end up with a couple of different security
> settings for every PaaS vendor and depending on the target platform
> your app (incl. frameworks) will run or not. Can we make an addition,
> that the permissions shouldn't restrict Java EE features as defined in
> the spec? Would that make sense?

Yes, the minimum security permissions should allow all Java EE features
to work. But note that if you consider "writing to files" a Java EE
feature, that might not work. If you consider "creating threads
whenever I want" to be a Java EE feature, that might not work.