In an application server model, an application server provides access to a variety of applications to users throughout an Enterprise Information System (EIS), essentially the data processing power of an enterprise, as well as to users connecting with the application server from remote locations. Java™, an interpreted language, enables the creation of applications that could be run on a wide variety of platforms. This ability to function across a variety of different client platforms, i.e., platform independence, and Java's relatively easy implementation of network applications has resulted in the use of Java™, as well as other programming languages that provide platform independence, in conjunction with application servers to provide processing power in endeavors as basic as personal web pages to endeavors as complex as large business-to-business enterprise systems.
One key component of application server technology is security. However, conventional security models are designed to provide access to all internal Application Programming Interfaces (APIs) to any installed application. Thus, such conventional security models are capable of securing execution only of trusted applications. Such applications include exclusively trusted code, i.e., code provided by a trusted provider under agreement. Accordingly, conventional approaches are restricted to the use of trusted applications installed on conventional application servers.
What is needed is an improved mechanism for securing execution of other than trusted applications.