I'd like to add scripting functionality to an app that runs in a Java EE container. The javax.script API seems ideal, since I can support multiple languages with one API; the catch is, the scripts may be coming from untrusted sources, so I need to restrict what they can do. Basically, here are my requirements:
- Multiple scripts running at the same time.
- The scripts do not interact with each other.
- The scripts have no access to the JVM or the Java application code.
- The scripts have no access to the underlying platform (file system,开发者_如何学Python etc).
- The scripts have no network access.
If I can allow specific exceptions, that's great, but it's not essential.
Can this be done at all through the Java Scripting API? Can it be done at a lower level by configuring the scripting providers? Is there a better way to accomplish what I want?
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论