Best sandboxed expression language for JVM

I want an expression language that runs on the JVM and includes support for

• math expressions, including operator priority
• string expressions, like substring, etc
• supports named functions
  • this allows me to decorate and control exactly who and what functions can be executed.
• read/write variables that are "typeless" / allow type conversion in a controlled manner.
• does not allow arbitary java scriptlets.
  • it should not be possible to include constructs like new Somec开发者_JAVA百科lass()
  • cannot execute arbitrary static or otherwise method
• does not allow any OGNL like expressions.
• I only want to functions I map to be available.
• support for control constructs like if this then that is for the moment optional.
• must be embeddable.

This previous stackoverflow question is similar, but:

• does not really answer "how" or "what" as does the above,
• allows java object expressions, throwing an exception from a SecurityManager to stop method execution, which is nasty and wrong.
• java object like expressions should be an error at parse time.

jexel seem to be closest possible match, but License is a bit horrible (GPL/Commercial).

If you only want the scripts to output text, then Apache Velocity fit's your constraints quite well. It runs in an environment where it only has access to the objects you give it, but can do things like basic math.

The Apache license is a bit friendlier than GPL too.