Run JEXL expressions in a sandbox implemented with JexlUberspect

SandboxedJEXL.java

void runJexl(String jexlExpr) {
    JexlUberspect sandbox = new JexlUberspectSandbox();
    JexlEngine jexl = new JexlBuilder().uberspect(sandbox).create();
    JexlExpression expression = jexl.createExpression(jexlExpr);
    JexlContext context = new MapContext();
    expression.evaluate(context);
}

private static class JexlUberspectSandbox implements JexlUberspect {

    private final List<String> allowedClasses =
            Arrays.asList("java.lang.Math", "java.util.Random");

    private final JexlUberspect uberspect = new JexlBuilder().create().getUberspect();

    private void checkAccess(String className) {
        if (!allowedClasses.contains(className)) {
            throw new AccessControlException("Not allowed");
        }
    }
  
    @Override
    public JexlMethod getMethod(Object obj, String method, Object... args) {
        checkAccess(obj.getClass().getCanonicalName());
        return uberspect.getMethod(obj, method, args);
    }
  
    // Implement other methods from JexlUberspect
    // Don't forget to call checkAccess() method