
Servlet Sandbox (Beta)
Documentation / Sandbox Functionality
Java Server is a dynamically configurable and dynamically extensible Web
Server. Servlets are used to extend the Web Server, similar
to the way that Applets extend a Web Browser. Java Server will provide
a controlled execution environment, a Servlet Sandbox analagous
to the Applet Sandbox used by Web Browsers to control applets.
Use of the upcoming code signing facility will allow a new level
of policy flexibility to be granted to the web site adminstrator.
A new mode of operation will be supported, so that
servlets will come in four flavors:
- Java Server-Internal Servlets ...
Some parts of Java Server itself are implemented using servlets, which
are granted full access since they are trusted as much as Java Server itself.
- Local Servlets ...
Java Server may be configured with local servlets.
Local servlets are normally granted full access, just as if they
were Java Server-internal servlets.
- Signed Network Servlets ...
All network servlets execute in the servlet sandbox.
If the servlet was signed by one of a set of signers who are trusted
by the website administrator, the sandbox allows full access. (It can
access the file system, remote hosts, and so on.)
Servlets which were signed, but not by entities trusted by the
website administrator, will be treated like unsigned network servlets.
- Unsigned Network Servlets ...
Unsigned network servlets will be constrained by the sandbox so
that they execute without privilege to access the file system, network
and so on.
In the future, the control granted by the sandbox should be made
even more flexible.
Specifically, an ACL associated with a given web server will define
what basic privileges are extended to which signers, and ACL
entries used to control access to web resources will be appropriately
applied to requests coming through servlets.
For example, on a given host the web server operating on port 80
might use a different ACL than one running on port 8080, and if
the host uses multihoming, each web server on port 80 could have
a different ACL.
Servlet Sandbox Functionality
The servlet sandbox
will protect access to Java Server resources such as these:
- Files, including
- Web pages served by Java Server
- Data used to operate each servlet
- Other files on the file system
- Runtime state, including
- Threads controlled by other servlets
- Security context of other servlets
- Private Keys used to authenticate this server
- Administrative state, including
- Users and groups
- ACL entries (including ones controlling the sandbox!)
- Network Servers
- Other resources controlled by SecurityManager objects
Top
java-server-feedback@java.sun.com