Skip to main content

Introducing jGuard: Capability-Based Security for the Modern JVM

· 4 min read
Dr. Nicholas Knize
Dr. Nicholas Knize
Co-founder & CTO

Today we are excited to announce the open-source release of jGuard, a capability-based security framework for the modern JVM. We built jGuard to solve a real problem we faced at Lucenia, and we are releasing it to the community because we believe every Java developer deserves a modern answer to JVM-level security.

The Problem: Java's Security Gap

If you have been following Java's evolution, you know that the Security Manager was deprecated in JDK 17 and is being removed entirely in JDK 24. For years, the Security Manager provided a way to sandbox untrusted code, restricting access to the filesystem, network, native libraries, and more.

Its removal leaves a significant gap. How do you safely execute plugins, extensions, or user-provided scripts in your JVM application? How do you enforce least-privilege access in a multi-tenant environment? How do you protect your search engine from malicious custom scoring scripts?

That last question is exactly why we built jGuard.

Why We Built jGuard

At Lucenia, security is not optional, it is foundational. Our enterprise search platform executes custom scripts for scoring, filtering, and transforming data. These scripts need access to certain resources but absolutely cannot be allowed to read arbitrary files, open network connections, or load native code.

When we saw the Security Manager deprecation on the horizon, we had a choice: accept reduced security guarantees or build something better. We chose to build.

jGuard is the result, a modern, capability-based security framework designed from the ground up for JDK 21 and later.

How jGuard Works

Unlike the Security Manager's ambient authority model (where permissions were implicitly inherited), jGuard operates on explicit capabilities. The core principles are simple:

  • Deny by default: Operations fail unless explicitly authorized
  • Modules as principals: JPMS module identity forms the security foundation
  • No ambient authority: Code cannot inherit access implicitly
  • Transparent enforcement: All access decisions are auditable

Declarative Policies

Security policies are defined in a simple declarative format (module-info.jguard) inspired by module-info.java:

security module com.example.plugin {
    entitle com.example.plugin.http.. to network.outbound;
    entitle com.example.plugin.io..   to fs.read(data, "models/**");
    entitle module                    to fs.read(config, "**");
}

Policies compile to deterministic metadata that can be reviewed, versioned, and audited. The Gradle plugin handles compilation automatically during your build, and you can even hot-reload policy changes in production without restarting the JVM.

Flexible Deployment

jGuard supports multiple execution modes:

  • Strict: Full enforcement for production
  • Permissive: Log violations but allow execution (for development)
  • Audit: Detailed logging for security reviews

External policies can override embedded ones at deployment time, letting you restrict overly permissive third-party libraries without rebuilding them.

While we built jGuard for Lucenia, its applications extend far beyond search engines:

  • Plugin systems: Safely execute third-party extensions
  • ML/AI workloads: Isolate model execution from system resources
  • Multi-tenant platforms: Enforce tenant boundaries at the JVM level
  • Embedded scripting: Run user-provided code with confidence

Open Source, Open Community

We are releasing jGuard under the Apache 2.0 license because we believe security tooling should be transparent, auditable, and community-driven. The Java ecosystem gave us the foundation to build Lucenia and this is our way of giving back.

We have designed jGuard to be easy to use and flexible but we are just getting started. This is a Day 1 release, and we want the community to help shape where it goes next. Your use cases, your feedback, your contributions will define the project's direction.

Get started today:

Whether you are building a plugin system, securing a multi-tenant platform, or just curious about JVM security, we would love to hear from you. Open an issue, submit a PR, or just say hello. Let's build this together.

The Security Manager is gone. jGuard is here.