Does anyone know how a white-list class access approach similar to Google App Engine can be implemented?

I am writing a container framework that can dynamically deploy a Jar file containing user developed classes in the container, and then using a web interface execute certain classes from the Jar file.

Everything else is well set, including the validations. However, a requirement is 开发者_如何学Cto only allow access to certain JDK and other library classes from the user developed class. Clearly, this is due to the fact that the container will need an assurance that someone (intentionally or otherwise) ends up running a piece of Java code that results in a "bad" behavior.

Generally, I find stuff on Google on almost all topics. In this case, I just could not :(

see Can i deny access to a jvm class by configuring java.policy file?

it suggests using a custom classloader

Note that a custom classloader is not enough against a malicious person - he/she can access a parent classloader and load the restricted classes through it. In addition to a custom classloader, you should set a security manager and revoke the getClassLoader permission (and, perhaps, some other permissions too).