10

I just started to use the Java ScriptEngine to do little extensions to my Application then i noticed that i can import all the java classes in the script and use them without restrictions. Is there a way to specify what classes a script can use? I dont want them to do things like java.lang.System.exit(1);

Improve this question

3 Answers 3

Reset to default
2

Well, you seem to need to learn about the Java SecurityManager. That's a pretty large topic, you might want to read up on it and then post a more specific question if you have trouble making it work for you.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

SecuritiyManager sounds good i will look at it. Do you have any hints for me where to start on this big topic?
SecurityManager is now deprecated in Java 17 (openjdk.org/jeps/411). What do we do?
1

Use the Java Security Manager. Refer this answer for an example.

Improve this answer

Comments

1

I solved this by putting "importPackage = null" on the top of all scripts, it seems to work but Im not sure if this hack can be avoided.

Improve this answer

2 Comments

looks like this is the easiest way to restrict all importPackage calls
In this case it is still possible to do something like this: java.lang.System.exit(1);. Program will exit.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.