Set different permissions for the user and for the java application

I am writing a graphical java (javaFX) application which is a kind of shell over the operating system. I am currently using Java 8 (JDK corretto 8.402), Debian 12 and Xfce. The problem is that my Java application executes many commands and scripts with sudo. These commands are written in sudoers as NOPASSWD. It turns out that the user will be able to run all these commands with sudo without password, which is not safe. Roughly speaking, I need to make it so that when the PC is turned on, the user is automatically logged in and the application is automatically started. Everything should be secure, the user should have very limited permissions and should not be able to execute commands that a Java application can execute. I am not very good at Linux, so I would like to hear your suggestions. * I have tried making another user. So there is root, user1 and guest. The idea was to have the session as guest and the application run as user1. * In

/etc/lightdm/lightdm.conf

I configured autologin for guest and in the

-session-settings

application I configured an autorun script to run the java application as another user like this:

-shell
    sudo -S -u user1 java -jar /path/to/my.jar

I want this to run without requiring a password, but then

/usr/bin/java

needs to be added to sudoers as NOPASSWD. And then it turns out that the guest user can run any Java application with sudo and do whatever he wants through it.