VOOZH about

URL: https://www.javacodegeeks.com/2013/11/preventing-system-exit-calls.html

⇱ Preventing System.exit calls

When developing containers that run code written by other developers it is prudent to safe-guard against System.exit calls. If a developer inadvertently calls System.exit and deploys their code to be run by your container, it brings down the container process completely. This can be controlled using the checkExit function call in SecurityManager.

According to the reference for SecurityManager checkExit:

This method is invoked for the current security manager by the exit method of class Runtime. A status of 0 indicates success; other values indicate various errors.

Thus any call to exit invokes this method and we just have to throw an exception if we do not want the processing to continue further. We define our SecurityManager as below:

public class StopExitSecurityManager extends SecurityManager
 {
 private SecurityManager _prevMgr = System.getSecurityManager();

 public void checkPermission(Permission perm)
 {
 }

 public void checkExit(int status)
 {
 super.checkExit(status);
 throw new ExitTrappedException(); //This throws an exception if an exit is called.
 }

 public SecurityManager getPreviousMgr() { return _prevMgr; }
 }

Now, we can provide a ease of use CodeControl class as below:

public class CodeControl
{
 public CodeControl()
 {
 super();
 }

 public void disableSystemExit()
 {
 SecurityManager securityManager = new StopExitSecurityManager();
 System.setSecurityManager(securityManager) ;
 } public void enableSystemExit()
 {
 SecurityManager mgr = System.getSecurityManager();
 if ((mgr != null) && (mgr instanceof StopExitSecurityManager))
 {
 StopExitSecurityManager smgr = (StopExitSecurityManager)mgr;
 System.setSecurityManager(smgr.getPreviousMgr());
 }
 else
 System.setSecurityManager(null);
 }
}

CodeControl can now be used as below:

CodeControl control = new CodeControl();
try
{
 control.disableSystemExit();
 //invoke the methods and other classes that are not allowed to call System.exit.
 Object ret = invokeExecute(_method, runWith, parms);
}
finally
{
 //finally enable exit
 control.enableSystemExit();
}

This will prevent the methods called within the disable and enable calls to call System.exit, but allow your code to call it without a problem.
 

Reference: Preventing System.exit calls from our JCG partner Raji Sankar at the Reflections blog.
Do you want to know how to develop your skillset to become a Java Rockstar?
Subscribe to our newsletter to start Rocking right now!
To get you started we give you our best selling eBooks for FREE!
1. JPA Mini Book
2. JVM Troubleshooting Guide
3. JUnit Tutorial for Unit Testing
4. Java Annotations Tutorial
5. Java Interview Questions
6. Spring Interview Questions
7. Android UI Design
and many more ....
I agree to the Terms and Privacy Policy

Thank you!

We will contact you soon.

πŸ‘ Photo of Raji Sankar
 Raji SankarNovember 27th, 2013Last Updated: November 27th, 2013
2 544 1 minute read

Related Articles

Subscribe

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Techie Ram
11 years ago

What is ExitTrappedException? where is it defined? Is it imported?

0
Reply
10 years ago

Raji,

your StopExitSecurityManager class has a checkPermission method which grants *everything*.

It would be safer to delegate to the previous manager to deal with non-exit permissions and deny exit directly.
A separate checkExit method is not needed.

public void checkPermission(Permission perm) {
final String EXIT_PERMISSION = β€œexitVM”;
if (perm instanceof RuntimePermission) {
if (perm.getName().startsWith(EXIT_PERMISSION)) {
// An exit permission is always denied.
throw new StopExitException();
}
}
if (_prevMgr != null) {
// Any other permission is checked by previous manger.
_prevMgr.checkPermission(perm);
}
}

0
Reply
Back to top button
Close
wpDiscuz