You do have some options in the JVM world. As mentioned, you should still be able to kill threads if you really wanted to, but if you wanted to pivot to JS/LUA, there are still jsh alternatives like rhino in JVM to avoid some of the larger reworks. They are based on their own stack/continuation work of over a decade ago, so not fresh. You may want to look at virtual thread pools through. Since these are green threads and the JVM preempts them aggressively, there may be the abstractions you're able to exploit for your more aggressive culling needs.
I don't know about security manager though. I haven't poked at it for a while, but I wasn't aware that they removed it? Maybe you just need to opt I to the JVM access rule to support it. You can always layer your security with a separate class loader, which can prevent child tenants from even seeing protected classes and statics, which is always good security layering if untrusted is your problem.
I don't know about security manager though. I haven't poked at it for a while, but I wasn't aware that they removed it? Maybe you just need to opt I to the JVM access rule to support it. You can always layer your security with a separate class loader, which can prevent child tenants from even seeing protected classes and statics, which is always good security layering if untrusted is your problem.