Security Manager equivalent of the "setuid" bit
I am working on an application where users can upload custom Javscript code, and my server runs this code (using the Rhino Script Engine). Of course I run the custom code under a very strict SecurityManager, to prevent the users from damaging my server. I don't allow any access to sockets, files, etc.
However, I do want to allow them to run some privileged actions in a limited way, for example, an action such as "readFactFromDatabase(a,b,c)" should go to a specific table in the database and read a specific row. This action cannot run under the strict SecurityManager because it uses sockets and files.
I need a mechanism that is similar to the "setuid" bit in Linux - something that allows a thread under some SecurityManager to run specific actions as if it had no SecurityManager.
I hope I explained myself correctly...