Sandboxing script task

robi_m — Thu, 06 Mar 2014 11:35:28 GMT

Spring app with Activiti engine embedded runs server-side. I need to secure (sandbox) user-defined scripts deployed on demand. The only Activiti-related doc I found describes how to limit ScriptTask's Spring beans visibility (=white list) but this is obviously not enough - e.g. a malicious user can

Re: Sandboxing script task

frederikherema1 — Mon, 10 Mar 2014 09:53:22 GMT

You'll need to see what's possible in the JSR-223 spec for sandboxing. Activiti leverages that spec to execute scripts. Take a look at the org.activiti.engine.impl.scripting.ScriptingEngines class. You can create a subclass of this and plug it in using the processEngineConfiguration. This subclass can do additional set-up of the script-bindings or any funny stuff you want to do. If this is not sufficient, you can rip out all functionality and return a customised (sandboxed) version of ScriptEngine and Bindings.

topic Re: Sandboxing script task in Alfresco Archive

Sandboxing script task

Re: Sandboxing script task