Hi,
You are right; you have to install a SecurityManager. But it is a large topic, and it is important to understand the details, since a missing detail can compromise the security. Here's a very brief summary:
The sandboxing works via a permission mechanism. Permissions can be defined by extending the Permission class. There are many predefined permissions (for File i/o, Network i/o, etc).
Whenever, a critical function needs to be executed, the function asks the security manager whether the calling context has the necessary permission. For example, if you call File.delete(), that function will call SecurityManager.checkDelete(). This function will check that all code on the current stack has been granted the permission to delete that file.
Now, how do you give different permissions to different parts of your code (for example, scripts)? The class loader which loads a class, has to specify the source (location) of the class, i.e. from which jar file, or URL it was loaded. Based on this source field, and the security policy in place, the permission are granted / denied.
We have implemented this in
gngr. You can have a look at
LocalSecurityPolicy and the
Window class, to get an idea.
Feel free to ask more questions.