Hi all, at Syncope we enjoy the power and flexibility of Groovy to allow for runtime definition of classes implementing existing Java interfaces; such classes are then used to extend and customize the Syncope behavior.
The code which creates the Groovy classes is [1]. What if we would like to *not* allow for shell command execution in such classes? Would something like [2] be the right solution? TIA Regards. [1] https://github.com/apache/syncope/blob/2_1_X/core/spring/src/main/java/org/apache/syncope/core/spring/ImplementationManager.java#L187-L200 [2] http://groovy-sandbox.kohsuke.org/
