One of the issue with SecurityManager is that you can not change it to restrict the rights of some code in a given context.
Imagine you want to restrict a "zone" of your application to some limited Permission because the code will be implemented by some third party.
We should have to define a RestrictedSecurityManager that will act as the SecurityManager of the ThreadGroup.
This class should be final (no extends allowed).
There should be a way to give this manager a PermissionCollection (the new restricted list of permission granted).
For implementation of the checkPermission method, this new manager will first test checkPermission on the previous SecurityManager (the "parent"). If it throw an exception, this will forward the exception to the caller. If no exception is raised, then the permission will be checked agains the PermissionCollection given at the manager creation.
As a consequences:
- it will not be possible to give more premission that the parent is already holding,
- it will provide easy way to finegrain multitier application permissions,
- Application Provider should gain a tremendous security level.
On of the direct application of that is that webstart descriptor when requiring the "unlimited" permission should define the list of permission required in order to actually got it. This will help developper into identifying the permission required and this will help users in making sure what are the real permission used. As a consequence we could get back with a kind of "threat-o-meter" for "unlimited" permision application.
Please give your toughts on that.