Hi, we have a Java application and would like to run untrusted code using the built in Javascript interpreter (javax.script.*)
However by default the interpreter allows access to any java class. For example "java.lang.System.exit(0)
" in the script will shutdown the JVM. I believe this is called "Live Connect", see Sun's "Java Scripting Programmer's Guide" for more details.
I would like to somehow turn off the ability for the script to access Java classes, i.e. I only want the script to be able to access objects that I specifically inject in using the eval()
or put()
methods on ScriptEngine
.
I have found some documentation on how to achieve this with older standalone version of the interpreter (Rhino), for example see http://codeutopia.net/blog/2009/01/02/sandboxing-rhino-in-java/
However this approach is not possible in JDK 1.6 without using sun internal classes, as the ClassShutter etc is all setup internally and cannot be overridden with public methods.
I am hoping there is a simple way around this that does not require jumping through complex hoops using a custom SecurityManager, ClassLoader, etc. but have not been able to find anything.
You would expect with the frequency of security bulletins surrounding Javascript in different applications, there would be a simple flag to disable Live Connect!