Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [platform-core-dev] Bug 29007: Classloading enhancements for "endorsed" libraries
Thanks for your answer. I mostly agree with your points, but still think this feature is very important. Read bellow... 

John_Arthorne@xxxxxxxxxx wrote:


Igor,
I would like to discourage you from taking this route. A fundamental rule of class loading is that the primordial class loader (the default or system loader) is given the first chance to load classes. This
It's correct. But we are not living in the ideal world. Sun has included some third-party libraries into JRE. These libraries have its own life. New versions, new functionality, some API's are not finalized and changing from version to version.
prevents spoofing of critical classes such as SecurityManager, ClassLoader (which handles byte code verification), etc. If we added this, I believe it would be impossible to have any form of security in Eclipse. Although this isn't an issue for most desktop apps, it would 

Depends on how it is implemented.
1) disable this completely for any controlled ClassLoader
2) fine-grained control - I dont't want to replace all Java, only specific extensions ;)
probably be an issue for things like the update manager which allows code on a website to hook into Eclipse. This is one of the reasons why
Update Manager doesn't have anything like that now. If you care about the future, then
a) (simplest way) disabling these extensions would solve any security problems; b) the primary point of security is that you can't create own ClassLoader in unsafe code - ClassLoader should be safe/secure by its own, and ClassLoader itself is a core component created by the core platform - it has full control over security.
It could be made so that only ClassLoader of (trusted) plugin which declares extension allow override something (and of course it should never override classes from java.* packages).
I agree that secure classloading with override mechanism should be very carefully thought, but it isn't impossible!
Sun introduced the endorsed standards override mechanism: to allow overriding certain non-core packages in a controlled way. Here is a
Actually "controlled" here is no more controlled that could be done through the overloading discussed above.
reference for more background reading on the java security model, and the required class loader algorithm:
I remember from earlier readings that Sun doesn't recommend changing the highest priority of system ClassLoader, but it conflicts with idea of plugin versioning... overloading is the only way to solve it :( I don't like to go against recommendations too, and I don't like people use it when unneeded, but it is the only "handly" or "friendly" way...
While I recognize the problems you point out with the override mechanism (we have similar problems due to our use of xerces), I don't think re-implementing the override mechanism in Eclipse is the best answer.
The best answer would be not to include third-party code in base system... But it is SUN fault that we should find a ways for workarounds.
Perhaps you could explore bundling a pre-configured JRE with your application, writing an install program that configures the override mechanism in the JRE, or even porting your application to use the W3C APIs bundled with the JDK?
It's too unmaintainable way... and simply unacceptable for small plugin providers, especially opensource developers... large products like WSAD could accept bundling a pre-configured JRE since it contains "all in one" tools, actually not all, but quite enough, but it still brings it to possible interoperability problems with third-party plugins!
I, and I'm sure many others want to write some plugins, setup update-site and allow users to just point their Eclipse Update Manager to proper URL, accept license, and get all working! independent what JVM version users are using. Currently this possible only for users of 1.3 VM. Users of 1.4 VM should make additional steps to get it working (not good). And what if I like to use two plugins. One only works with Xalan 2.2.1, while other only with Xalan 2.0.0? Wait when the second updates his version to use latest Xalan? What if it newer happens? While both plugins still work together without any problems in 1.3 VM they cannot be used together in 1.4 VM!!! This is not a good evolution!

Back to the top