Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sandboxing script task

robi_m
Champ in-the-making
Champ in-the-making

‎03-06-2014 06:35 AM

Spring app with Activiti engine embedded runs server-side. I need to secure (sandbox) user-defined scripts deployed on demand. The only Activiti-related doc I found describes how to limit ScriptTask's Spring beans visibility (=white list) but this is obviously not enough - e.g. a malicious user can just import Java io and read sensitive info etc., etc.

Thoughts?
Labels:
0 Kudos
1 REPLY 1

frederikherema1
Star Contributor
Star Contributor

‎03-10-2014 05:53 AM

You'll need to see what's possible in the JSR-223 spec for sandboxing. Activiti leverages that spec to execute scripts. Take a look at the org.activiti.engine.impl.scripting.ScriptingEngines class. You can create a subclass of this and plug it in using the processEngineConfiguration. This subclass can do additional set-up of the script-bindings or any funny stuff you want to do. If this is not sufficient, you can rip out all functionality and return a customised (sandboxed) version of ScriptEngine and Bindings.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2026 Khoros, LLC