Restricted access to Java classes
Nashorn script engine allows to access Java classes from the script code. For security reasons it is best to disable that possibility or restrict Java class access to a subset of Java classes.
Configure access to Java classes
In order to restrict access to certain Java classes set the property EXTENSION_ENGINE_SECURITY_CLASSES_ALLOWED_TO_USE
.
Note: By default this property is not set which makes the Java classes access not possible at all. We recommend using that setting due to security reasons.
Following example makes classes ConfigService and ScriptBuilder accessible form the script code.
EXTENSION_ENGINE_SECURITY_CLASSES_ALLOWED_TO_USE="com.onegini.extensionengine.service.ConfigService,com.onegini.extensionengine.model.ScriptBuilder"