Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] latest NPN and start.jar

Simone,

A couple of points:
 
1) I don't see how replacing SSL classes with -javaagent creates more or less problems than replacing them with -Xbootclasspath..? In this regard, I see -Xbootclasspath as just some other class replacing agent that is guaranteed to always run before other agents. 

2) Using an agent, we could check the incoming class byte arrays agains hash signatures of well known byte arrays of the classes we are replacing. When a signature is unknown, we can bail out with a System.err.println letting the user know that he's either A) running a "too new" JVM, or B) he's running other agents before the NPN one. This way we can be one hundred percent sure we're not redefining classes when we really shouldn't. The println could even say "you screwd up, please read the documentation at this URL:.." 

Eirik.


On Fri, Sep 13, 2013 at 2:39 PM, Simone Bordet <sbordet@xxxxxxxxxxx> wrote:
Hi,

On Fri, Sep 13, 2013 at 2:21 PM, Eirik Bjørsnøs <eirbjo@xxxxxxxxx> wrote:
> Even without using the Attach API, I'd say using -javaagent is still better
> than -Xbootclasspath. It allows us to move the choice of NPN version to
> runtime, when we actually know what we're running on.
>
> Without an API (or weaving that works) we won't get a future proof solution
> that works behind the firewalls.
>
> Using the agent approach, the message could be
>
>     "make sure you're using the latest available non-boot jar"
>
> instead of the slightly stricter message given today, which is
>
>     "make sure you know exactly which update of the JVM you're using, then
> look up in our documentation which version of NPN-boot you need to go with
> that".
>
> I think the first message is easier to parse and easier to follow.

Absolutely.

The problem with the agent solution is that others may weave the SSL
classes for other reasons (e.g. socket control, etc.) - think of tools
like NewRelic, http://java-monitor.com, or profilers and such.

If we do NPN via weaving, the pointcuts we want to weave may have
changed as a result of someone else's weaving, so we may fail our
weaving.
Likewise, we change the pointcuts and we screw the others.

If we don't do weaving, and we just replace the SSL classes with our
NPN versions, we screw the others that may have woven in changes, that
would be lost.

Sure we can tell that our agent must be the first, but this means
telling users: "read the docs otherwise you screw up".

Current situation is: "read the docs otherwise you screw up" :)

--
Simone Bordet
----
http://cometd.org
http://webtide.com
http://intalio.com
Developer advice, training, services and support
from the Jetty & CometD experts.
Intalio, the modern way to build business applications.
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-dev

Back to the top