1

I encounter this issue when calculating the price for a product but the formula changes nearly every day because of marketing schemes, discounts, taxes...

So I think it would be great if I could write code such as the code below, so that I could change the script at runtime.

public BigDecimal calculate(String script) {
   return (BigDecimal) ScriptEngine.execute(script);
}

Is there any way to implement this using Java?

Improve this question

4 Answers 4

Reset to default
3

Yes: Use the Scripting API.

There are implementations to run scripts written in JavaScript, Groovy, Python and lots of other languages.

[EDIT]

Since it was mentioned in the comments: Be wary of security issues.

There are several options:

  1. You allow end-customers to supply scripts (say in a web form)
  2. You don't allow customers to supply scripts; if a script needs to be changes an administrator or developer must start a specific tool.
  3. You develop a system which only allows to execute "safe" scripts

Option #3 doesn't work (= only works for the most simple cases). There is a mathematical proof that a computer program can never tell what another program can potentially do without actually executing it.

So you can get away with option #3 if you don't allow to call methods (or only a very, very limited set of methods). But most scripting languages allow to access Java classes which means you can eventually get System.exit() or Runtime.exec(). This in turn means you have to write a parser which makes sure that the code doesn't contain something odd.

Which you will have to update every day because the customers will come up with new ... err ... interesting ways to use the feature.

Also chances are that you'll make a mistake - either the parser won't accept valid input or it will let malicious code pass. Given the complexity of the problem, the chance is between 99.9999% and 100%.

Option #1 means no security at all but after the third change, customers will berate you to adopt it. It will work for some time until the first script kiddie comes along and ruins everything. Guess whose fault that will be? The manager who hired his nephew... the kid?

So a human will have to eyeball the scripts, fix all the bugs in them and configure the system to run them. Option #2 will cause all kinds of griefs, too, but it will cause less grief, all things considered.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

This is correct, but it would be good to say one word or another regarding security. I'd rather not run the string "Runtime.exec(\"rm -rf $HOME\");"
Yes sure, I must take care about the security.
I added a bit about security. Take it with a grain of salt.
I would recommend exposing a tiny DSL here with limited power just enough for the purpose instead.
With the recent versions of Xtext comes Xbase which is a DSL that you can extend and which already defines all simple math operations plus function calls. You could write an AST visitor that calculates the result. This way, you would have full control over which functions would be visible to such a script.
1

What language do you want "script" to be in?

One way to do this would be to use Javascript, and use a library like Rhino. This will let you execute some JS and get the output inside your code.

http://www.mozilla.org/rhino/

Improve this answer

Comments

0

Sure, see Mozilla Rhino

Improve this answer

1 Comment

Your answer would be even more helpful if you could quickly summarise what Mozilla Rhino is about. I know that the website does that in its title, but: Imagine there were many answers here such as yours, with only links in it; no explanations at all. Making sense of all these answers would take a lot more time than necessary.
0

You can use beanshell.jar - It is a standalone shell as well, but can easily be used to run uncompiled java code at runtime.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.