Java Server

Servlet Sandbox (Beta)


Documentation / Sandbox Functionality

Goal

Java Server is a dynamically configurable and dynamically extensible Web Server. Servlets are used to extend the Web Server, similar to the way that Applets extend a Web Browser. Java Server will provide a controlled execution environment, a Servlet Sandbox analagous to the Applet Sandbox used by Web Browsers to control applets.

Use of the upcoming code signing facility will allow a new level of policy flexibility to be granted to the web site adminstrator. A new mode of operation will be supported, so that servlets will come in four flavors:

In the future, the control granted by the sandbox should be made even more flexible. Specifically, an ACL associated with a given web server will define what basic privileges are extended to which signers, and ACL entries used to control access to web resources will be appropriately applied to requests coming through servlets. For example, on a given host the web server operating on port 80 might use a different ACL than one running on port 8080, and if the host uses multihoming, each web server on port 80 could have a different ACL.

Servlet Sandbox Functionality

The servlet sandbox will protect access to Java Server resources such as these:

  1. Files, including
  2. Runtime state, including
  3. Administrative state, including
  4. Network Servers
  5. Other resources controlled by SecurityManager objects

Top
java-server-feedback@java.sun.com