[External] : Re: How to open a package from a module in the boot layer to a module in another layer?
Ron Pressler
ron.pressler at oracle.com
Tue Jan 14 12:30:39 UTC 2025
> On 14 Jan 2025, at 09:17, Code Ranger <coderanger2025 at outlook.com> wrote:
>
>
> To be honest, I don’t understand what the problem is. I am trying to provide the ability to dynamically add directives to boot-layer modules with the full consent of the application developer, without any restrictions like the mandatory prior use of --add-* parameters (which obviously defeats the whole idea of a dynamic approach). The ModuleLayer.Controller class has only four methods (essentially 1 + 1 + 1 + 1). I refuse to believe that JDK developers, who are clearly highly skilled and experienced programmers, cannot solve this problem.
>
> So, what’s the issue? Do we really want the instructions for adding a plugin in Java to look like this:
>
> 1. Install the plugin.
> 2. Stop the application.
> 3. Add --add-exports ..., --add-opens ....
> 4. Restart the application.
>
> Best regards, CR
What you’re proposing, i.e. a mechanism to grant a specific module the permission to edit the boot layer and, in particular java.base, may be workable in practice, but the problem is that it is probably a very bad idea.
Opening java.base is not only unrecommended but an extreme operation that could be dangerous (even result in undefined behaviour or worse) and is meant as a temporary measure until the underlying issues that require it are fixed. Needing to open or export packages in java.base signifies a problem with the program and is not a normal or healthy mode of operation. The Integrity by Default JEP (https://openjdk.org/jeps/8305968) offers recommendations for how code that, say, serializes java.base classes should work without opening java.base.
Remember that modules are a feature added to allow code that needs to trust certain invariants to do so, and the JDK modules, java.base in particular, need such invariants to ensure their correct operation. A plugin that requires hacking the JDK internals is a problematic plugin, and one that could risk the entire application. The user needs to be aware when such a plugin is used.
If you believe it's okay for the invariants of your core components possibly being compromised by plugins, that’s fine — and you can do what Alex suggested — but the JDK isn’t okay with that. If you insist on opening java.base to all code, that is an extreme, non-standard, and dangerous mode that *should* require extreme measures such as employing an agent — not a standard API.
— Ron
More information about the jigsaw-dev
mailing list