SecurityManager like facility in Groovy to deny usage of certain classes during parsing phase

I am wondering how one can attack the problem of denying *.groovy files the ability to reference and make use of certain classes that i pick. One approach is of course to install a security manager and classloader to block attempts toload or execute certain methods on certain classes eg java.io.File. This however of course from what i can imagine not affect interpretted mode as no class is ever gene开发者_开发知识库ratd or loaded by the classloader.

Ideally i would like the equivalent of class verifying but for groovy files during the parsing phase and similar evaluations are executed.

Any pointers would be appreciated.

Not sure, but I believe the SecureASTCustomizer might help you (Groovy 1.8)

There is a blog post by Cedric Champeau which shows how it is used. Basically, you can set up a blacklist or whitelist of classes, imports, operators, etc that a script is allowed to use. Or indeed you can set more complex rules (see the examples on the blog post about debying variable names that start with a caps char, or denying the use of System.exit)

Also have a look at the java-sandbox library: http://blog.datenwerke.net/2013/06/sandboxing-groovy-with-java-sandbox.html