...
In addition, a complementary policy is to create a secure sandbox using a security manager (ENV30-J. Create a secure sandbox using a Security Manager). This approach is akin to the one discussed in the first compliant solution of IDS12-J. Prevent XML external entity attacks. The application should not allow the script to execute arbitrary commands such as querying the local file system. The two-argument form of doPrivileged() can be used to lower privileges when the application must operate with higher privileges but the scripting engine must not. The RestrictedAccessControlContext strips the permissions granted in the default policy file and add its own (when required) while creating the protection domain. Refer to the guideline SEC00-J. Follow the principle of least privilege for more details on the two-argument form.
...