Capsule Secure

A caplet that sandboxes a capsule through a Java security policies resource determined at runtime by the capsule.security.policy property (the pathname is relative to the capsule JAR's root).

This caplet is experimental, and should not yet be relied upon to provide full security

Usage

The Gradle-style dependency you need to embed in your Capsule JAR, which you can generate with the tool you prefer (f.e. with plain Maven/Gradle as in Photon and capsule-gui-demo or higher-level Capsule build plugins), is co.paralleluniverse:capsule-secure:0.1.0. Also include the caplet class in your Capsule manifest, for example:

    Caplets: MavenCapsule SecureCapsule

capsule-secure can also be run as a wrapper capsule without embedding it:

$ java -Dcapsule.log=verbose -Dcapsule.security.policy=sec.policy -jar capsule-secure-0.1.0.jar my-capsule.jar my-capsule-arg1 ...

It can be both run against (or embedded in) plain (e.g. "fat") capsules and Maven-based ones.

Security Notes

• Some basic permissions enabling the usage of maven-capsule at present are always granted, specifically reading the CAPSULE_REPOS and CAPSULE_LOCAL_REPO environment variables as well as connecting to Maven Central (https://repo1.maven.org/).

License

Copyright (c) 2014-2015, Parallel Universe Software Co. and Contributors. All rights reserved.

This program and the accompanying materials are licensed under the terms
of the Eclipse Public License v1.0 as published by the Eclipse Foundation.

    http://www.eclipse.org/legal/epl-v10.html