I'm allowing user supplied ruby code to run in server(java scripting), and since jruby doesn't support safe-levels as in ruby I'm thinking about using java's security manager.
Is this a good decision? Has anyone else implemented this? Are there any good articles/books/resources that introduce me to security manager?
This sounds like a perfectly reasonable decision.
The article Java Scripting and JRuby Examples demonstrates using JRuby with the SecurityManager, so at least one other person was able to successfully implement this configuration.