Class Sandbox

java.lang.Object

org.codehaus.commons.compiler.Sandbox

public final class Sandbox
extends Object

Executes a PrivilegedAction or PrivilegedExceptionAction in a context with restricted permissions. This is useful for executing "untrusted" code, e.g. user-provided expressions or scripts that were compiled with JANINO.

Code example:

    Permissions noPermissions = new Permissions();
    Sandbox sandbox = new Sandbox(noPermissions);
    sandbox.confine(new PrivilegedExceptionAction<Object>() {
        @Override public Object run() throws Exception { new java.io.File("xxx").delete(); return null; }
    });

See Also:

• ORACLE: Java Essentials: The Security Manager

Field Summary

Fields

Modifier and Type	Field	Description
private final AccessControlContext	accessControlContext

Constructor Summary

Constructors

Constructor	Description
Sandbox(PermissionCollection permissions)

Method Summary

Modifier and Type	Method	Description
<R> R	confine(PrivilegedAction<R> action)	Runs the given action, confined by the permissions configured through the constructor.
<R> R	confine(PrivilegedExceptionAction<R> action)

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

accessControlContext

private final AccessControlContext accessControlContext

Constructor Details

Sandbox

public Sandbox(PermissionCollection permissions)

Parameters:

permissions - Will be applied on later calls to confine(PrivilegedAction) and confine(PrivilegedExceptionAction)

Method Details

confine

public <R> R confine(PrivilegedAction<R> action)

Runs the given action, confined by the permissions configured through the constructor.

Returns:

The value returned by the action

confine

public <R> R confine(PrivilegedExceptionAction<R> action)
              throws Exception

Throws:

Exception