Rhino: restrict Java packages that can be accessed from JavaScript

Question

When embedding a JavaScript interpreter (Rhino) into a Java application (to be able to script that application), how would one go about restricting the Java packages that are available to scripts? For example, only "java.lang.*" should be accessible.

Answer 1

A method for blocking access to certain packages and classes (including through reflection) in Rhino is described here. The important interface is ClassShutter which provides access control for Rhino's LiveConnect support.

Answer 2

how about just saying:

java = undefined; com = undefined; Packages = undefined;

in an initial script which is loaded first.