I know this forum will not be appropriate one for this kind of question but still i will be really interested how jboss handles this kind of thing.
We have product which is runing inside a servlet container (tomcat/jetty).This product allows the user to attach external java code which defines application logic.
This java class runs inside same jvm as our server is running.What i would like to prevent is execution of any malicious code ( ex infinite loop) which would bring entire sever down.
First is it possible to prevent this kind of thing .If so what will be design strategy for this
Thanks a lot
You can only enforce that which can be validated using a security manager and permission check. Java does not have sufficient notion of thread resources or permission checks that would allow you to stop a thread that exceeds some cpu usage or memory usage threshold.