Eagerly waiting for a patch which implements this :)
2014/1/15 Alexander Klimetschek <[email protected]> > On 15.01.2014, at 01:34, Carsten Ziegeler <[email protected]> wrote: > > > I think, that's already solved by the SecurityManager concept - so let's > > not reinvent the wheel > > One solution would be to add a new interface to use that only gives access > to the allowed methods. For example, say you only want to allow > System.currentTimeMillis(), you'd add a new interface MySystem which has > this method. And deny access to java.lang.System but allow MySystem in the > package importing. > > Of course that won't work with existing code that makes use of > java.lang.System. But it would be a clean way... > > The difference of the security manager is that it will allow access to the > class/method, but then do a security check if that caller is allowed > (looking at the passed context) and throw an exception if not. > > This naturally makes it a lot more difficult to implement, since the code > itself has to set permissions, do the checks and handle exceptions. > > Not giving access in the first place is a lot cleaner and simpler. > > Cheers, > Alex -- Carsten Ziegeler [email protected]
