When embedding a JavaScript interpreter (Rhino) into a Java application (to be able to script that application), how would one go about restricting the Java packages that are available to scripts? For example, only "java.lang.*" should be accessible.
A method for blocking access to certain packages and classes (including through reflection) in Rhino is described here. The important interface is ClassShutter which provides access control for Rhino's LiveConnect support.