Mastering Java Dynamic Scripts: Implementation, Security, and Classloader Tricks

In platform‑level Java systems, dynamic scripting is an indispensable component. This article presents a Java dynamic script implementation, highlights key techniques, and discusses class name conflicts, lifecycle, and security considerations.

Function Description

Similar to JavaScript's eval(), the goal is to accept a snippet of Java code and execute it on the server. Pre‑scripts customize input parameters, while post‑scripts further process query results.

Why Use Java Scripts?

Groovy has drawbacks: syntax differences, dynamic typing, and the need for an additional 6.2 MB jar.

Java offers low learning cost for Alibaba engineers, interface constraints for uniform scripts, and real‑time compilation with error feedback.

Implementation Approach

Code Project : dynamic‑script.zip

--dynamic-script
------advance-discuss // deep discussion of script dynamics
------code-javac // compile and load Java classes programmatically
------command-javac // command‑line compilation demo
------facade // facade interface package

Design

Define an interface (e.g., Animal) and let users implement it (e.g., Cat). The system loads the user class and uses Java polymorphism to invoke methods.

Command‑Line Compilation

cd 项目根目录
mvn install
# compile Cat.java
javac -cp .:/path/to/facade‑1.0.jar Cat.java
java -cp .:/path/to/facade‑1.0.jar Cat
# Output: I'm Cat Main

Programmatic Compilation

// class name
String className = "Cat";
String projectPath = PathUtil.getAppHomePath();
String facadeJarPath = ".:" + projectPath + "/facade/target/facade-1.0.jar";
Iterable<? extends JavaFileObject> compilationUnits = new ArrayList<JavaFileObject>() {{
  add(new JavaSourceFromString(className, getJavaCode()));
}};
List<String> options = new ArrayList<>();
options.add("-classpath");
options.add(facadeJarPath);
JavaCompiler javaCompiler = ToolProvider.getSystemJavaCompiler();
StandardJavaFileManager standardJavaFileManager = javaCompiler.getStandardFileManager(null, null, null);
ScriptFileManager scriptFileManager = new ScriptFileManager(standardJavaFileManager);
StringWriter errorStringWriter = new StringWriter();
boolean ok = javaCompiler.getTask(errorStringWriter, scriptFileManager, diagnostic -> {
  if (diagnostic.getKind() == Diagnostic.Kind.ERROR) {
    errorStringWriter.append(diagnostic.toString());
  }
}, options, null, compilationUnits).call();
if (!ok) {
  throw new RuntimeException("Compile Error:" + errorStringWriter.toString());
}
Map<String, byte[]> allBuffers = scriptFileManager.getAllBuffers();
byte[] catBytes = allBuffers.get(className);
FsClassLoader fsClassLoader = new FsClassLoader(className, catBytes);
Class<?> catClass = fsClassLoader.findClass(className);
Object obj = catClass.newInstance();
if (obj instanceof Animal) {
  ((Animal) obj).hello("Moss");
}
// Output: Hello,Moss! I am Cat.

In‑Depth Discussion

ClassLoader Scope

The JVM uses a parent‑delegation model. A class is uniquely identified by (ClassLoader, fully‑qualified name). Loading Cat with a custom loader while Animal is loaded by another can cause ClassNotFoundException. Setting the thread context ClassLoader to the same parent resolves this.

ClassLoader animalClassLoader = Animal.class.getClassLoader();
Thread.currentThread().setContextClassLoader(animalClassLoader);
FsClassLoader fsClassLoader = new FsClassLoader(animalClassLoader, className, catBytes);

Class Name Conflicts

When loading multiple classes with identical names, append a random suffix or use distinct ClassLoaders to avoid collisions.

Class Lifecycle

Dynamic classes must be garbage‑collected to prevent memory leaks. A class is eligible for GC when its instances are collected, its ClassLoader is collected, and no strong references to the Class object remain. Custom ClassLoaders enable this; ensure they are scoped locally.

Security

Running user‑provided scripts is risky. Implement a whitelist/blacklist mechanism. Only allow safe packages such as java.lang, java.util, com.alibaba.fastjson, and primitive array types. Block dangerous classes like java.lang.Thread and reflection APIs.

public static Set<String> getDependencies(InputStream is) throws Exception {
  ClassFile cf = new ClassFile(new DataInputStream(is));
  ConstPool constPool = cf.getConstPool();
  Set<String> set = new HashSet<>();
  for (int i = 1, size = constPool.getSize(); i < size; i++) {
    if (constPool.getTag(i) == ConstPool.CONST_Class) {
      set.add(constPool.getClassInfo(i));
    } else if (constPool.getTag(i) == ConstPool.CONST_NameAndType) {
      int descriptorIndex = constPool.getNameAndTypeDescriptor(i);
      String desc = constPool.getUtf8Info(descriptorIndex);
      for (int p = 0; p < desc.length(); p++) {
        if (desc.charAt(p) == 'L') {
          set.add(desc.substring(++p, desc.indexOf(';', p)).replace('/', '.'));
        }
      }
    }
  }
  return set;
}

Thread Isolation

Execute scripts in separate threads with time‑outs and memory limits; kill the thread if it exceeds thresholds.

Caching

If the script source hasn't changed, reuse the compiled class (lazy loading). When the source changes, discard the old class and recompile.

Eager Loading

Critical scripts can be pre‑loaded at system startup to avoid latency during the first request.

Conclusion

The discussed techniques form a foundation for safe, efficient Java dynamic scripting in platform services. Continuous refinement and community feedback are encouraged.