occlum/demos/java

Use Java with Occlum

This project demonstrates how Occlum enables unmodified Java programs running in SGX enclaves.

About JDK

Both the unmodified OpenJDK 11, which is imported from Alpine Linux, and the Alibaba Dragonwell, which is a downstream version of OpenJDK, are supported now. We have already installed OpenJDK and Dragonwell while building the Docker image, the OpenJDK is installed at /opt/occlum/toolchains/jvm/java-11-openjdk, and the Dragonwell is installed at /opt/occlum/toolchains/jvm/java-11-alibaba-dragonwell.

Our demos use Dragonwell as the default JDK, you are free to change to OpenJDK by setting the JAVA_HOME to point to the installation directory of OpenJDK and copying it into Occlum instance.

Demo: Hello World

We provide a "Hello World" demo to show how to run a simple Java program inside SGX enclaves. The demo code can be found here.

How to Run

Step 1: Compile the source code with occlum-javac

occlum-javac ./hello_world/Main.java

When completed, the resulting file can be found at ./hello_world/Main.class.

Step 2: Start JVM to run the hello world program

./run_java_on_occlum.sh hello

Demo: Web application with Spring Boot

We also choose a Java web application that using WebSocket with Spring Boot. The demo code can be found here.

How to Run

Step 1: Download the demo code and build a Fat JAR file with Maven

./download_and_build_web_app.sh

When completed, the resulting Fat JAR file can be found at ./gs-messaging-stomp-websocket/complete/target/gs-messaging-stomp-websocket-0.1.0.jar.

Step 2: Start JVM to run the JAR file on Occlum

./run_java_on_occlum.sh web_app

The web application should now start to listen on port 8080 and serve requests.

Step 3: To check whether it works, run

curl http://localhost:8080

in another terminal.

It is recommended to access the web application in a Web browser. You have to manually map port 8080 of the Docker container to a port on the host OS. Check out how to use the -p argument of docker run command.