On 15.01.2014, at 01:34, Carsten Ziegeler <[email protected]> wrote:
> I think, that's already solved by the SecurityManager concept - so let's > not reinvent the wheel One solution would be to add a new interface to use that only gives access to the allowed methods. For example, say you only want to allow System.currentTimeMillis(), you'd add a new interface MySystem which has this method. And deny access to java.lang.System but allow MySystem in the package importing. Of course that won't work with existing code that makes use of java.lang.System. But it would be a clean way... The difference of the security manager is that it will allow access to the class/method, but then do a security check if that caller is allowed (looking at the passed context) and throw an exception if not. This naturally makes it a lot more difficult to implement, since the code itself has to set permissions, do the checks and handle exceptions. Not giving access in the first place is a lot cleaner and simpler. Cheers, Alex
