Using WebAssembly in JVM as a safer option to run native code

In this article from InfoQ Benjamin Eckel describes an alternative way to run native code in JVM. He makes a point that current approach with dynamic linking has its issues:

  • native code triggered from JVM can go outside of boundaries JVM has. This may be not only error-prone, but highly dangerous because native code has much broder permissions to interact with system and can be malicious
  • java code no longer can be delivered as a standalone jar, but rather have to be packaged with host specific version of compiled native dependencies or user has to provide such dependencies herself/himself

Another approach to have native library run in java is to port it, but it’s an entire project on its own, because not only requires efforts to implement the same logic in java, but also maintain it in the future. This approach is most of the time not sustainable, especially if native library is well elaborate huge piece of code.

Author suggest to use WebAssembly approach: compiling native source code into wasm module that can be later executed in JVM. This approach has multiple benefits:

  • first and most important is being much more secure. This security level is based on the fact that wasm module is executed within boundaries JVM established and within permissions that are explicitly given to the module, like file system access (particular files), logging, interactions with sockets etc.
  • more and more native library developers provide wasm modules as another compiled target, which is basically a ported version to every environment where such modules can be executed

As far as I understood, this approach still requires us to provide wasm module together with jar or to ask user to provide it instead.

Weekly updates from InfoQ

In this article you can see latest weekly new from InfoQ among which:

  • 6.2.0 release of Spring Framework
  • 8.10 release of Gradle
  • other interesting releases

New Spring release

Spring team released new versions of Spring framework to address multiple issues. Released versions: 6.1.12, 6.0.23, 5.3.39. These versions also address CVE-2024-38809 and CVE-2024-38808. Please be aware of support schedule of Spring framework and make sure you are on track with your version. Here is the source article

New episodes of Bootiful podcast

Here is the link

Spring Office Hours is another podcast you can be interested in. In one of their recent episodes they had Felipe Gutierrez (author of Pro Spring Boot 3 book) as a guest.

AI Observability in Spring

Josh Long gave a brief example on how to enable observability for spring AI libraries.

Updated:

You May Also Enjoy