Bullet-proof groovy script embedding

Question

I\'m working on a server app that may be extended by user-supplied Groovy scripts. It\'s evident that I want to make sure these scripts run in a very tight sandbox where the

Answer 1

An additional possibility is using Groovy 1.8 compilation customizers on the GroovyShell that runs the embedded scripts. You can pre-import classes and methods, restrict use of the Groovy AST, and pre-apply an AST transformation, such as @ThreadInterrupt, @TimedInterrupt, or @ConditionalInterrupt. Details at:

http://www.jroller.com/melix/entry/customizing_groovy_compilation_process

Answer 2

Also have a look at the java-sandbox project and the accompanying blog post http://blog.datenwerke.net/2013/06/sandboxing-groovy-with-java-sandbox.html.

Answer 3

You should have a look at the project groovy-sandbox from kohsuke. Have also a look to his blog post here on this topic and what is solution is addressing: sandboxing, but performance drawback.