Right now I am loading classes with a custom Classloader, and then running them. However I want to implement a Security Manager for these classes to prevent them from doing anything malicious.
This includes accessing the filesystem, network, reflection, or running threads. In fact I want to be able whitelist the API they are allowed to access/include/instantiate. Obviously I also want it to be able to access its own files.
The program in question is just a standard Java Program. Not Tomcat, embedded or an applet.