you're reading...
General, Tips&Tricks

Preventing System.exit calls

When developing containers that run code written by other developers it is prudent to safe-guard against System.exit calls. If a developer inadvertently calls System.exit and deploys their code to be run by your container, it brings down the container process completely. This can be controlled using the checkExit function call in SecurityManager.

According to the reference for SecurityManager checkExit:

This method is invoked for the current security manager by the exit method of class Runtime. A status of 0 indicates success; other values indicate various errors.

Thus any call to exit invokes this method and we just have to throw an exception if we do not want the processing to continue further. We define our SecurityManager as below:

    public class StopExitSecurityManager extends SecurityManager
        private SecurityManager _prevMgr = System.getSecurityManager();

        public void checkPermission(Permission perm)

        public void checkExit(int status)
            throw new ExitTrappedException(); //This throws an exception if an exit is called.

        public SecurityManager getPreviousMgr() { return _prevMgr; }

Now, we can provide a ease of use CodeControl class as below:

public class CodeControl
    public CodeControl()

    public void disableSystemExit()
        SecurityManager securityManager = new StopExitSecurityManager();
        System.setSecurityManager(securityManager) ;
    }    public void enableSystemExit()
        SecurityManager mgr = System.getSecurityManager();
        if ((mgr != null) && (mgr instanceof StopExitSecurityManager))
            StopExitSecurityManager smgr = (StopExitSecurityManager)mgr;

CodeControl can now be used as below:

CodeControl control = new CodeControl();
    //invoke the methods and other classes that are not allowed to call System.exit.
    Object ret = invokeExecute(_method, runWith, parms);
    //finally enable exit

This will prevent the methods called within the disable and enable calls to call System.exit, but allow your code to call it without a problem.



One thought on “Preventing System.exit calls

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: