neermahajan@hathway.com wrote:
I am evaluating the use of a scripting language for my java app so that users can extend my app using scripts. Jython is a good alternative. But unlike Rhino (see ClassShutter) I couldn’t find anything in Jython that would allow me to block a few (internal public) classes to the scripting language.
  
Although I was intrigued by Gil's suggestion (I need to look into that corner of Jython sometime), I would approach this problem a different way.

Since Jython allows essentially the same access as any other Java code, I think you should be looking at solutions in the Java space. You can achieve this kind of isolation by writing a ClassLoader which restricts access to only the classes you choose. Then use that ClassLoader to load the interpreter and your Jython code will inherit the resctrictions.

It is fairly tricky to make this work, but the result is bulletproof in the sense that the classes you want to hide would be completely invisible from the Jython side. I've used this approach to build sandboxes for running foreign code which has access only to a few shared interfaces. I think for your application you would need something like the following:

public class HidingClassLoader extends ClassLoader {
    public HidingClassLoader(ClassLoader parent) {
       super(parent);
    }
   
    /*
     Note that you need to override loadClass instead of findClass, because otherwise the
     normal search scheme would look at the parent loader first.
     */
    protected Class loadClass(String name) {
       if (name.startsWith("com.foo.secretstuff."))
          throw new ClassNotFoundException(name);

       return getParent().loadClass(name);
    }
}

...

ClassLoader loader = new HidingClassLoader(getClass().getClassLoader());
Class interpClass = loader.loadClass("org.python.util.PythonInterpreter");
PythonInterprter interp = (PythonInterpreter) interpClass.newInstance();

interp.exec("import com.foo.secretstuff.DiskEraser");  // should throw ClassNotFoundException

[Note, I haven't even compiled this, much less tried it, so YMMV]

Here are a couple of links on writing ClassLoaders:
Good luck,

 - moss
-- 
terma | software labs

Moss Prescott