Workstation application server programming protection via classloader policy based visibility control

摘要

Provided is a method for providing Java modularity class loader protection by controlling the visibility of WebSphere, service provider, library and utility code interfaces. Interface access authorization is checked once, during module and class loading to effectively protect vulnerable programming interfaces, eliminating permission checking during execution. Code in a WebSphere Application server (WAS) computing environment is categorized into a finite number of sets in which one permission type is assigned to each set and the code in each set runs at the same privilege zone. Each set exposes programming interfaces to provide functional service and code in a particular set can only access code in the same or a lower security zone set. Also provided is a technique for explicitly providing to specific modules in lower security zones access to modules or designated interfaces of modules in higher security zones.