diff --git a/pom.xml b/pom.xml
index 8210230d..0658b07c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -68,6 +68,7 @@
boot
demo
apm-demo
+ security-plugin
testcase
site
packaging
diff --git a/security-plugin/pom.xml b/security-plugin/pom.xml
new file mode 100644
index 00000000..b78956fb
--- /dev/null
+++ b/security-plugin/pom.xml
@@ -0,0 +1,57 @@
+
+
+ 4.0.0
+
+ com.taobao.arthas
+ arthas-all
+ 4.0.0-SNAPSHOT
+ ../pom.xml
+
+ arthas-security-plugin
+ arthas-security-plugin
+
+
+
+ com.taobao.arthas
+ arthas-agent
+ ${project.version}
+ provided
+
+
+
+ org.slf4j
+ slf4j-api
+ provided
+ true
+
+
+ ch.qos.logback
+ logback-classic
+ provided
+ true
+
+
+ ch.qos.logback
+ logback-core
+ provided
+ true
+
+
+
+
+ security-plugin
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+
+ 1.6
+ 1.6
+ UTF-8
+ true
+
+
+
+
+
+
diff --git a/security-plugin/src/main/java/com/alibaba/arthas/security/plugin/ArthasSecurityManager.java b/security-plugin/src/main/java/com/alibaba/arthas/security/plugin/ArthasSecurityManager.java
new file mode 100644
index 00000000..d8970e0f
--- /dev/null
+++ b/security-plugin/src/main/java/com/alibaba/arthas/security/plugin/ArthasSecurityManager.java
@@ -0,0 +1,243 @@
+package com.alibaba.arthas.security.plugin;
+
+import java.io.FileDescriptor;
+import java.security.Permission;
+
+import com.alibaba.arthas.deps.org.slf4j.Logger;
+
+public class ArthasSecurityManager extends SecurityManager {
+
+ private Logger logger;
+ private SecurityManager delegate;
+
+ public ArthasSecurityManager(SecurityManager securityManager) {
+ this.delegate = securityManager;
+ }
+
+ @Override
+ public void checkPermission(Permission perm) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkPermission, perm: {}", perm);
+ this.delegate.checkPermission(perm);
+ }
+
+ @Override
+ public void checkPermission(Permission perm, Object context) {
+ if (this.delegate == null) {
+ return;
+ }
+
+ logger.info("checkPermission, perm: {}", perm);
+ this.delegate.checkPermission(perm, context);
+ }
+
+ @Override
+ public void checkCreateClassLoader() {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkCreateClassLoader");
+ this.delegate.checkCreateClassLoader();
+ }
+
+ @Override
+ public void checkAccess(Thread t) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkAccess, thread: {}", t);
+ this.delegate.checkAccess(t);
+ }
+
+ @Override
+ public void checkAccess(ThreadGroup g) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkAccess, ThreadGroup: {}", g);
+ this.delegate.checkAccess(g);
+ }
+
+ @Override
+ public void checkExit(int status) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkExit, status: {}", status);
+ this.delegate.checkExit(status);
+ }
+
+ @Override
+ public void checkExec(String cmd) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkExec, cmd: {}", cmd);
+ this.delegate.checkExec(cmd);
+ }
+
+ @Override
+ public void checkLink(String lib) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkLink, checkLink: {}", lib);
+ this.delegate.checkLink(lib);
+ }
+
+ @Override
+ public void checkRead(FileDescriptor fd) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkRead, fd: {}", fd);
+ this.delegate.checkRead(fd);
+ }
+
+ @Override
+ public void checkRead(String file) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkRead, file: {}", file);
+ this.delegate.checkRead(file);
+ }
+
+ @Override
+ public void checkRead(String file, Object context) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkRead, file: {}", file);
+ this.delegate.checkRead(file, context);
+ }
+
+ @Override
+ public void checkWrite(FileDescriptor fd) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkWrite, fd: {}", fd);
+ this.delegate.checkWrite(fd);
+ }
+
+ @Override
+ public void checkWrite(String file) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkWrite, file: {}", file);
+ this.delegate.checkWrite(file);
+ }
+
+ @Override
+ public void checkDelete(String file) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkDelete, file: {}", file);
+ this.delegate.checkDelete(file);
+ }
+
+ @Override
+ public void checkConnect(String host, int port) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkConnect, host: {}, port: {}", host, port);
+ this.delegate.checkConnect(host, port);
+ }
+
+ @Override
+ public void checkConnect(String host, int port, Object context) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkConnect, host: {}, port: {}", host, port);
+ this.delegate.checkConnect(host, port, context);
+ }
+
+ @Override
+ public void checkListen(int port) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkListen, port: {}", port);
+ this.delegate.checkListen(port);
+ }
+
+ @Override
+ public void checkAccept(String host, int port) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkAccept, host: {}, port: {}", host, port);
+ this.delegate.checkAccept(host, port);
+ }
+
+ @Override
+ public void checkPropertiesAccess() {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkPropertiesAccess");
+ this.delegate.checkPropertiesAccess();
+ }
+
+ @Override
+ public void checkPropertyAccess(String key) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkPropertyAccess, key: {}", key);
+ this.delegate.checkPropertyAccess(key);
+ }
+
+ @Override
+ public void checkPrintJobAccess() {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkPrintJobAccess");
+ this.delegate.checkPrintJobAccess();
+ }
+
+ @Override
+ public void checkPackageAccess(String pkg) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkPackageAccess, pkg: {}", pkg);
+ this.delegate.checkPackageAccess(pkg);
+ }
+
+ @Override
+ public void checkPackageDefinition(String pkg) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkPackageDefinition, pkg: {}", pkg);
+ this.delegate.checkPackageDefinition(pkg);
+ }
+
+ @Override
+ public void checkSetFactory() {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkSetFactory");
+ this.delegate.checkSetFactory();
+ }
+
+ @Override
+ public void checkSecurityAccess(String target) {
+ if (this.delegate == null) {
+ return;
+ }
+ logger.info("checkSecurityAccess, target: {}", target);
+ this.delegate.checkSecurityAccess(target);
+ }
+
+}
diff --git a/security-plugin/src/main/java/com/alibaba/arthas/security/plugin/SecurityPluginActivator.java b/security-plugin/src/main/java/com/alibaba/arthas/security/plugin/SecurityPluginActivator.java
new file mode 100644
index 00000000..0bbc601a
--- /dev/null
+++ b/security-plugin/src/main/java/com/alibaba/arthas/security/plugin/SecurityPluginActivator.java
@@ -0,0 +1,39 @@
+package com.alibaba.arthas.security.plugin;
+
+import com.alibaba.arthas.plugin.PluginActivator;
+import com.alibaba.arthas.plugin.PluginContext;
+
+/**
+ * 1. 跟踪所有的 Runtime exec
+ * 获取所有的 servlet 请求的
+ * @author hengyunabc 2019-04-04
+ *
+ */
+public class SecurityPluginActivator implements PluginActivator{
+
+ @Override
+ public boolean enabled(PluginContext context) {
+ return true;
+ }
+
+ @Override
+ public void init(PluginContext context) throws Exception {
+
+ }
+
+ @Override
+ public void start(PluginContext context) throws Exception {
+ SecurityManager securityManager = System.getSecurityManager();
+
+ if(securityManager != null) {
+ securityManager = new ArthasSecurityManager(securityManager);
+ System.setSecurityManager(securityManager);
+ }
+ }
+
+ @Override
+ public void stop(PluginContext context) throws Exception {
+
+ }
+
+}