Restricted access to Java classes¶
The Nashorn script engine allows accessing Java classes from the script code. For security reasons it is best to disable that possibility or restrict Java class access to a subset of Java classes.
Configure access to Java classes¶
In order to restrict access to certain Java classes/packages set the property
Note: By default, this property is not set which means no Java classes are accessible. We recommend being strict about the classes you wish to allow due to security concerns.
The following example makes the class
java.io.ByteArrayInputStream explicitly accessible and any classes from the
java.lang package such as
Classes or packages should be comma separated. Attempting to use only a
* is not a valid configuration. You must specify a base level package first and can
then use the
* such as