Ask HN: Safely execute user-provided Java code?

Hi HN,<p>I&#x27;m developing a multiplayer, physics-based simulation game each player has to provide the code for an agent whose goal is to survive in the given environment and eventually reproduce to ensure its survival. The simulation is shared among all players and runs on the server, written in Java, while it is streamed to a web front-end (looks like this https:&#x2F;&#x2F;imgur.com&#x2F;a&#x2F;ZBl6SAu).<p>For these reasons, I need to accept code from users that has to be run in the same process as the one running the simulation. The code is not completely arbitrary:<p>* The user has to define a well-specified set of methods like update (what to do at every simulation step), beginContact (what to do when colliding with another object), etc... * I want to only allow access to a limited set of Java features; I&#x27;ve read that a SecurityManager can be used to only allow access to a subset of packages, but I&#x27;m not sure if this is compatible with running in the same process.<p>Is there a way to do this safely? There are a lot of exploits that I&#x27;m not sure it&#x27;s possible and I&#x27;d like to hear opinions on how to eventually set this up.