Package org.codehaus.commons.compiler

Class Sandbox

java.lang.Object

org.codehaus.commons.compiler.Sandbox

public final class Sandbox
extends java.lang.Object

Executes a PrivilegedAction or PrivilegedExceptionAction in a context with restricted permissions. This is useful for executing "untrusted" code, e.g. user-provided expressions or scripts that were compiled with JANINO.

Code example:

     Permissions noPermissions = new Permissions();
     Sandbox sandbox = new Sandbox(noPermissions);
     sandbox.confine(new PrivilegedExceptionAction<Object>() {
         @Override public Object run() throws Exception { new java.io.File("xxx").delete(); return null; }
     });
 

See Also:

ORACLE: Java Essentials: The Security Manager

Constructor Summary

Constructors

Constructor	Description
Sandbox(java.security.PermissionCollection permissions)

Method Summary

Modifier and Type	Method	Description
<R> R	confine(java.security.PrivilegedAction<R> action)	Runs the given action, confined by the permissions configured through the constructor.
<R> R	confine(java.security.PrivilegedExceptionAction<R> action)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Sandbox

public Sandbox(java.security.PermissionCollection permissions)

Parameters:

permissions - Will be applied on later calls to confine(PrivilegedAction) and confine(PrivilegedExceptionAction)

Method Detail

confine

public <R> R confine(java.security.PrivilegedAction<R> action)

Runs the given action, confined by the permissions configured through the constructor.

Returns:

The value returned by the action

confine

public <R> R confine(java.security.PrivilegedExceptionAction<R> action)
              throws java.lang.Exception

Throws:

java.lang.Exception