Preventing System.exit calls

When developing containers that run code written by other developers it is prudent to safe-guard against System.exit calls. If a developer inadvertently calls System.exit and deploys their code to be run by your container, it brings down the container process completely. This can be controlled using the checkExit function call in SecurityManager.

According to the reference for SecurityManager checkExit:

This method is invoked for the current security manager by the exit method of class Runtime. A status of 0 indicates success; other values indicate various errors.

Thus any call to exit invokes this method and we just have to throw an exception if we do not want the processing to continue further. We define our SecurityManager as below:

public class StopExitSecurityManager extends SecurityManager
    {
        private SecurityManager _prevMgr = System.getSecurityManager();

        public void checkPermission(Permission perm)
        {
        }

        public void checkExit(int status)
        {
            super.checkExit(status);
            throw new ExitTrappedException(); //This throws an exception if an exit is called.
        }

        public SecurityManager getPreviousMgr() { return _prevMgr; }
    }

Now, we can provide a ease of use CodeControl class as below:

public class CodeControl
{
    public CodeControl()
    {
        super();
    }

    public void disableSystemExit()
    {
        SecurityManager securityManager = new StopExitSecurityManager();
        System.setSecurityManager(securityManager) ;
    }    public void enableSystemExit()
    {
        SecurityManager mgr = System.getSecurityManager();
        if ((mgr != null) && (mgr instanceof StopExitSecurityManager))
        {
            StopExitSecurityManager smgr = (StopExitSecurityManager)mgr;
            System.setSecurityManager(smgr.getPreviousMgr());
        }
        else
            System.setSecurityManager(null);
    }
}

CodeControl can now be used as below:

CodeControl control = new CodeControl();
try
{
    control.disableSystemExit();
    //invoke the methods and other classes that are not allowed to call System.exit.
    Object ret = invokeExecute(_method, runWith, parms);
}
finally
{
    //finally enable exit
    control.enableSystemExit();
}

This will prevent the methods called within the disable and enable calls to call System.exit, but allow your code to call it without a problem.
 

Reference: Preventing System.exit calls from our JCG partner Raji Sankar at the Reflections blog.
Related Whitepaper:

Bulletproof Java Code: A Practical Strategy for Developing Functional, Reliable, and Secure Java Code

Use Java? If you do, you know that Java software can be used to drive application logic of Web services or Web applications. Perhaps you use it for desktop applications? Or, embedded devices? Whatever your use of Java code, functional errors are the enemy!

To combat this enemy, your team might already perform functional testing. Even so, you're taking significant risks if you have not yet implemented a comprehensive team-wide quality management strategy. Such a strategy alleviates reliability, security, and performance problems to ensure that your code is free of functionality errors.Read this article to learn about this simple four-step strategy that is proven to make Java code more reliable, more secure, and easier to maintain.

Get it Now!  

One Response to "Preventing System.exit calls"

  1. Techie Ram says:

    What is ExitTrappedException? where is it defined? Is it imported?

Leave a Reply


three + = 6



Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use | Privacy Policy
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.

Sign up for our Newsletter

20,709 insiders are already enjoying weekly updates and complimentary whitepapers! Join them now to gain exclusive access to the latest news in the Java world, as well as insights about Android, Scala, Groovy and other related technologies.

As an extra bonus, by joining you will get our brand new e-books, published by Java Code Geeks and their JCG partners for your reading pleasure! Enter your info and stay on top of things,

  • Fresh trends
  • Cases and examples
  • Research and insights
  • Two complimentary e-books