I just started to use the Java ScriptEngine to do little extensions to my Application then i noticed that i can import all the java classes in the script and use them without restrictions. Is there a way to specify what classes a script can use? I dont want them to do things like java.lang.System.exit(1);
Asked
Active
Viewed 3,145 times
10
lucidd
- 587
- 7
- 14
3 Answers
2
Well, you seem to need to learn about the Java SecurityManager. That's a pretty large topic, you might want to read up on it and then post a more specific question if you have trouble making it work for you.
bmargulies
- 97,814
- 39
- 186
- 310
-
1SecuritiyManager sounds good i will look at it. Do you have any hints for me where to start on this big topic? – lucidd Dec 10 '09 at 13:18
-
SecurityManager is now deprecated in Java 17 (https://openjdk.org/jeps/411). What do we do? – Daniel Darabos Aug 19 '22 at 10:21
1
Use the Java Security Manager. Refer this answer for an example.
Community
- 1
- 1
instantsetsuna
- 9,183
- 8
- 25
- 28
1
I solved this by putting "importPackage = null" on the top of all scripts, it seems to work but Im not sure if this hack can be avoided.
tamat
- 226
- 1
- 8
-
-
1In this case it is still possible to do something like this: `java.lang.System.exit(1);`. Program will exit. – Клаус Шварц Aug 26 '17 at 05:40