Capsule Secure
A caplet that sandboxes a capsule through a Java security policies resource determined at runtime by the capsule.security.policy
property (the pathname is relative to the capsule JAR's root).
This caplet is experimental, and should not yet be relied upon to provide full security
Usage
The Gradle-style dependency you need to embed in your Capsule JAR, which you can generate with the tool you prefer (f.e. with plain Maven/Gradle as in Photon and capsule-gui-demo
or higher-level Capsule build plugins), is co.paralleluniverse:capsule-secure:0.1.0
. Also include the caplet class in your Capsule manifest, for example:
Caplets: MavenCapsule SecureCapsule
capsule-secure
can also be run as a wrapper capsule without embedding it:
$ java -Dcapsule.log=verbose -Dcapsule.security.policy=sec.policy -jar capsule-secure-0.1.0.jar my-capsule.jar my-capsule-arg1 ...
It can be both run against (or embedded in) plain (e.g. "fat") capsules and Maven-based ones.
Security Notes
- Some basic permissions enabling the usage of
maven-capsule
at present are always granted, specifically reading theCAPSULE_REPOS
andCAPSULE_LOCAL_REPO
environment variables as well as connecting to Maven Central (https://repo1.maven.org/).
License
Copyright (c) 2014-2015, Parallel Universe Software Co. and Contributors. All rights reserved.
This program and the accompanying materials are licensed under the terms
of the Eclipse Public License v1.0 as published by the Eclipse Foundation.
http://www.eclipse.org/legal/epl-v10.html