Privileged module idea

Alan Snyder javalists at cbfiddle.com
Sun Oct 16 21:05:28 UTC 2016 

I find this idea appealing because it places the burden of special declarations on a small number of developers (the framework developers) who can reasonably be expected to acquire the necessary expertise, rather than on the many developers of clients of the frameworks who have better things to do than to master a complex module system.

I also believe that the developers building or configuring applications should be able to do whatever they want, even at the risk of shooting themselves in the foot in a variety of ways. The need for emergency workarounds is not going away.

The security issue, I would imagine, is to make sure that the power given to builders and configurers is not accessible to rogue code at runtime. This gets back to the question (was it ever answered?) of identifying the security threats that the module system is trying to prevent. I have this intuitive fear that with the current module system Java will get much more complex but not actually more secure.

  Alan





> On Oct 14, 2016, at 2:39 AM, Oliver Gierke <ogierke at pivotal.io> wrote:
> 
> Hi,
> 
> I like the idea. Especially the aspect that it allows you to identify which of the modules have privileged access at runtime.
> 
> Also I guess it might even allow only certain modules of e.g. Spring to actually require that access, i.e. only the ones that perform bean instantiation etc. Not sure about the breadth of that effect but at first glance it sounds like it might be worthwhile fleshing out the details of your suggestion (how do modules declare they want to be privileged ones? etc.)
> 
> Cheers,
> Ollie
> 
>> Am 14.10.2016 um 04:27 schrieb Nikita Lipsky <nlipsky at excelsior-usa.com>:
>> 
>> Hi all,
>> 
>> 
>> 
>> Recently I have described an idea of "privileged module" --
>> http://mail.openjdk.java.net/pipermail/jigsaw-dev/2016-October/009636.ht
>> ml
>> <http://mail.openjdk.java.net/pipermail/jigsaw-dev/2016-October/009636.h
>> tml>  :
>> 
>> 
>> 
>> "privileged module" may reflect on any unexported (and exported) type of
>> other resolved modules of a layer that it belongs to.
>> 
>> DI/JPA frameworks are subjects for "privileged modules".
>> 
>> 
>> 
>> "Privileged module" moves responsibility of weakened strong
>> encapsulation from user modules (via weak module or dynamic export
>> concepts) to framework modules.
>> 
>> 
>> 
>> I would greatly appreciate if someone could give me any feedback on it.
>> 
>> 
>> 
>> Regards,
>> 
>> Nikita
>> 
>> 
> 
> --
> /**
> * @author Oliver Gierke - Senior Software Engineer
> *
> * @param email ogierke at pivotal.io
> * @param phone +49-151-50465477
> * @param fax   +49-351-418898439
> * @param skype einsdreizehn
> * @see http://www.olivergierke.de
> */
>

More information about the jigsaw-dev mailing list