Java - "safe" scripting

Does anyone know of any scripting for the Java platform that can be forcefully restricted to a provided function set (preferably absolutely no functions unless provided)? I've experimented with several JSR223 compatible languages, but have been able to compromise security in all cases.

What my system currently does:

Load the requested script from the filesystem.
Create a context to run the script with
Run the script in the new context

Even if a security manager is properly configured, what would stop malicious script content from accessing (or worse -- mutating) fields from objects that it otherwise shouldn't have access to? This could potentially cause a bit of damage if a mistake is made or if a script is intentionally tailored for malicious behavior.

Solution

I guess that I'll get this up and try to break it. Perhaps it'll stand up to the test.

http://riven8192.blogspot.com/2010/07/java-rhino-fine-grained-classshutter.html

Parsing time strings like "1h 30min"
Spring Boot control target JAR file name
JavaFx sorting visualiser
Does Java compiler understand two returns?
Java: Compile inter-related classes
What is the correct syntax for creating a HashMap in Java?
Programmatically change log level in Log4j2
Having trouble using a loop to find a user-input character from a text file in Java (Solved)
How to return 404 response status in Spring Boot @ResponseBody - method return type is Response?
How to use GWT 2.1 Data Presentation Widgets
List of Java class file format major version numbers?
UnsatisfiedDependencyException: Error creating bean with name
Configure Selenium Nodes without a JSON file
How can we extract values from URL when redirect to a Android app?
GregorianCalendar returns wrong DAY_OF_WEEK in Java
how to implement an idl-to-java compiler
Prevent launching multiple instances of a java application by locking a file is not working
Unable to execute Arquillian test
ClassCastException in Production Build after Login in Android App
Page through an array
How to remove JRE entries from Windows registry?
Chosing a suitable table size for a Hash
How to set "value" to input web element using selenium?
How to verify 'Open xdg-open popup' in Chrome via Selenium Webdriver?
Java Generics: Who is right, javac or Eclipse compile?
Where are the preferred argument conversions for overloaded methods documented (if at all)?
How do I compile my Java source files?
How to prevent Spring Boot/Hibernate from converting entity column names from PascalCase to snake_case?
How add JAVA_OPTS variable to wildfly by kubernetes yaml file?
Read a Environment Variable in Java with Websphere