I built a large JAVA web application using SPRING & MongoDB, In some scenarios, I want to allow my users to upload their own code, and the application will run it later on when necessary. I called this operation "Plugin framework", the plugin is the user's code of course which I prefer to be in NodeJS for now.
There is any recommended / known architecture for that purpose? I've read about pf4j and senecajs, but they quite different from my needs.
Thanks!
You loose complete control over code running on node. The uploaded code can access network, files, database, you name it. That is not a good plan.
I suggest to work with the embedded JS module in Java, called rhino. Here, you define which environment the code can access.
You find samples of using the scripting in Java here http://docs.oracle.com/javase/7/docs/technotes/guides/scripting/programmer_guide/index.html for jdk7, the Javadocs https://docs.oracle.com/javase/8/docs/api/javax/script/ScriptEngine.html and here some info on Java8 changes http://www.oracle.com/technetwork/articles/java/jf14-nashorn-2126515.html
UPDATE:
On the comment below, you state that you think you are safe, if the code runs on the other server. Actually, the problem is still the same. Just it won't hit your application's server but the JS code server.
My advice stands. Implement a JS execution service using the built-in Javascript engine (Rhino or Nashorn) and restrict the running JS to a sandbox, you control the script's reach out of the box through carefully implemented env-access methods. It is actually pretty easy to get started, no more complicated than implementing a remote javascript implementation engine on top of node...
