Nashorn script security permissions

When you call "eval" method on ScriptEngine passing a String or a Reader, the script is treated as untrusted and so it gets only permissions given to "sandbox" code. This is true for eval ECMAScript builtin function as well. The nashorn script evaluated does not inherit permissions of the calling Java code. This is because nashorn engine receives script whose origin URL is unknown to it!