I'm using Controlled Folder access in Win10 to limit which apps can access the file system.
The problem is however that when trying to add access to a java application, it adds access to the java.exe itself and not to the jar file that is run using java.
For instance, I do want Maven to be able to access my files, because it needs to access pom.xml files and such, but I don't want my minecraft server with 3rd party plugins to access my protected files, because it doesn't need access to anything other than the folder it is running in and it is preferrable not to give too much access to these 3rd party plugins.
My suggestion is to add more granularity and give folder access on an executable jar/main class basis, rather than to the whole java.exe.
This would also fix having to give permission again whenever Java updates.
So java -jar spigot.jar and java org.codehaus.classworlds.Launcher (maven) would have different listings on the "Allow an app through Controlled folder access" page..