Restricted access to Java classes

Nashorn script engine allows to access Java classes from the script code. For security reasons it is best to disable that possibility or restrict Java class access to a subset of Java classes.

Configure access to Java classes

In order to restrict access to certain Java classes set the property EXTENSION_ENGINE_SECURITY_CLASSES_ALLOWED_TO_USE.

Note: By default this property is not set which makes the Java classes access not possible at all. We recommend using that setting due to security reasons.

Following example makes classes ConfigService and ScriptBuilder accessible form the script code.

EXTENSION_ENGINE_SECURITY_CLASSES_ALLOWED_TO_USE="com.onegini.extensionengine.service.ConfigService,com.onegini.extensionengine.model.ScriptBuilder"