问题
When embedding a JavaScript interpreter (Rhino) into a Java application (to be able to script that application), how would one go about restricting the Java packages that are available to scripts? For example, only "java.lang.*" should be accessible.
回答1:
A method for blocking access to certain packages and classes (including through reflection) in Rhino is described here. The important interface is ClassShutter which provides access control for Rhino's LiveConnect support.
回答2:
how about just saying:
java = undefined; com = undefined; Packages = undefined;
in an initial script which is loaded first.
来源:https://stackoverflow.com/questions/723886/rhino-restrict-java-packages-that-can-be-accessed-from-javascript