1

I was wondering about the possibility to send Java Code to a servlet that the servlet will take and execute it?

For example I would send a chunk of code as String, which will be added and executed. Can anybody think of a way of how I would approach this?

Improve this question
2
  • 2
    Related: stackoverflow.com/questions/2946338/… Commented Feb 21, 2012 at 20:51
  • 1
    Could you explain your use case in more detail, specifically why you're trying to execute a String at runtime? (That's a pretty serious code smell right there...) Commented Feb 21, 2012 at 21:47

2 Answers 2

Reset to default
1

This is certainly possible - you could send the compiled bytecode Base64-encoded, then decode it at the servlet and use a classloader to load it.

Or you could send a jarfile similarly encoded, save it to disk and add it to a custom URLClassLoader.

You may have major security issues if the code is untrusted, though.

See What are the security risks I should guard against when running user-supplied Java code?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

tools.jar from JDK contains classes to compile Java code (used by Ant etc.), you can also use Eclipse compiler, if you want. It is possible, but from security point of view (code injection etc.) it would be disaster ;)

Improve this answer

2 Comments

but from security point of view (code injection etc.) it would be disaster; then why mention it?
Because of belief in freedom of choice ;)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.