开发者

security problem with Java ScriptEngine

开发者 https://www.devze.com 2022-12-14 02:40 出处:网络
I just started to use the Java Scri开发者_运维技巧ptEngine to do little extensions to my Application then i noticed that i can import all the java classes in the script and use them without restrictio

I just started to use the Java Scri开发者_运维技巧ptEngine to do little extensions to my Application then i noticed that i can import all the java classes in the script and use them without restrictions. Is there a way to specify what classes a script can use? I dont want them to do things like java.lang.System.exit(1);


Well, you seem to need to learn about the Java SecurityManager. That's a pretty large topic, you might want to read up on it and then post a more specific question if you have trouble making it work for you.


Use the Java Security Manager. Refer this answer for an example.


I solved this by putting "importPackage = null" on the top of all scripts, it seems to work but Im not sure if this hack can be avoided.

0

精彩评论

暂无评论...
验证码 换一张
取 消