RFE simplify usage of patched module [by Robert Scholte, from jdk-dev]

Simone Bordet simone.bordet at gmail.com
Wed Feb 5 07:57:32 UTC 2020


Hi Robert,

On Wed, Feb 5, 2020 at 8:38 AM Robert Scholte <rfscholte at apache.org> wrote:
>
> Hi Simone,
>
> I understand your concern, but the patched module descriptor doesn't have to (or should not) replace the --patch-module option. This proposal is about the additional options you now need to put on the commandline, but which already fit in the module descriptor.

I understand it does not replace --patch-module.
I understand it adds the additional "requires", "opens", etc.

But how do you stop a library that uses Jetty to ship a jar containing
a patched module file that exports and opens things in Jetty that the
Jetty authors did not want to export or open, without users knowing
it?

jetty-client.jar -> contains legit module-info.class
library.jar -> contains patched descriptor that patches jetty-client
app.jar -> my application with a legit module-info.class

java --module-path jetty-client.jar:library.jar:app.jar --module
app/com.app.Main

With this command line, does the Java runtime parse and enable the
patched descriptor contained in library.jar, opening up jetty-client?
If not, how would you enable it in Maven?

Am I missing something?

Thanks!

-- 
Simone Bordet
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz


More information about the jigsaw-dev mailing list