I am writing a container framework that can dynamically deploy a Jar file containing user developed classes in the container, and then using a web interface execute certain classes from the Jar file.
Everything else is well set, including the validations. However, a requirement is to only allow access to certain JDK and other library classes from the user developed class. Clearly, this is due to the fact that the container will need an assurance that someone (intentionally or otherwise) ends up running a piece of Java code that results in a "bad" behavior.
Generally, I find stuff on Google on almost all topics. In this case, I just could not :(
see Can i deny access to a jvm class by configuring java.policy file?
it suggests using a custom classloader