public final class GraalSDK extends Object
tutorial
for more details.
By default all the GraalVM engines
(named GraalVM:something
)
run in a very restricted, secure sandbox:
private static finalHostAccess
SANDBOX =HostAccess
.newBuilder(). allowPublicAccess(true). allowArrayAccess(true). allowListAccess(true). allowAllImplementations(true). denyAccess(Class
.class). denyAccess(Method
.class). denyAccess(Field
.class). denyAccess(Proxy
.class). denyAccess(Object
.class, false). build();
The languages cannot access local files, ports, etc. They can access public
fields and public methods of objects passed into their scripts (but not
those methods exposed by base Object
class). The scripts can access
elements of Java arrays and List
elements. Methods of a
functional interfaces are callable by the
scripts.
For some languages such restrictions are too tight. They
need to gain wider access. This can be done by setting allowAllAccess
attribute to true
:
// FastR currently needs access to native libraries: finalScriptEngineManager
manager =Scripting
.newBuilder().allowAllAccess(true).build();ScriptEngine
rEngine = manager.getEngineByMimeType("application/x-r");
Once enabled, the HostAccess.ALL
and allowAllAccess(true)
is then used to construct the engine's environment.
As a consequence of packaging the GraalVM APIs, it is possible to request this module and gain access to
org.graalvm.polyglot
package directly. Consult Context
and Engine
classes as a starting points when
accessing the Graal SDK directly. Preferably use only if the
NetBeans Scripting
API wrapper isn't good enough.