When embedding a JavaScript interpreter (Rhino) into a Java application (to be able to script that application), how would one go about restricting the Java packages that are available to scripts? For example, only "java.lang.*" should be accessible.
+5
A:
A method for blocking access to certain packages and classes (including through reflection) in Rhino is described here. The important interface is ClassShutter which provides access control for Rhino's LiveConnect support.
Dave Ray
2009-04-07 01:48:45
Ironically, the link to codeutopia.net about blocking access is returning 403 Forbidden for me
Nathan Voxland
2009-04-07 05:37:00