java expression language that can't access 'unsafe' java methods

I am working on a project where I will let users submit small 'scripts' to the server, and I will execute those scripts. There are many scripting languages which can be embedded into a Java program, such as mvel, ognl, uel, clojure, rhino javascript, etc., but, as far as I can tell, they all allow script writer to call Java constructors, static methods, etc. I don't want my users to be able to call anything which I don't provide them (usually through some sort of context object). Most of their scripts will be arithmetic and logical expressions, in some cases they will need to traverse object properties (getters/setters) or contents of a Map. I just don't want them to escape the sandbox I provide them. Any suggestions?
Looks like Java's JSP language (UEL) can do it. In order to access Java's static methods, they have to be aliased in an xml file--and I don't think non-static methods can be accessed. I can't confirm this since I can't get glassfish's UEL to work yet.

以上就是java expression language that can't access 'unsafe' java methods的详细内容,更多请关注web前端其它相关文章!

赞(0) 打赏
未经允许不得转载:web前端首页 » JavaScript 答疑

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

前端开发相关广告投放 更专业 更精准