[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [virgo-dev] Security in Virgo

Hi,

On 22 November 2010 16:09, Glyn Normington <gnormington@xxxxxxxxxx> wrote:
> For the record, we do not recommend the use of "dynamic import *" as it represents unspecified dependencies on arbitrary packages which are not known until class load time. Sorry, but there we are.

Indeed we are also very allergic for dynamic import as well (and
require bundle *ugh*), so we like to keep it as contained as possible
(small bundles that export *no* packages). So far we only need it for
hibernate, wicket and this case (for all we actually restrict it to
certain package hierarchies). As long as java has stuff as
Class.forName and such you never know when stuff breaks at runtime ;)

With these few dynamic imports we get the situation that we are able
to do life upgrades of pieces of domain/services/webservices
(including hibernate mappings, bits of UI). There are some glitches
still, but the principle works. We mainly use it during development at
the moment. But we hope to get to the situation that we can just push
a few bundles out for an update.

For normal (programmer) usage you just have to make sure you export
the packages that should be visible and the rest just works.

I guess there's alternatives. You could work around it with a load of
fragments but that's a lot of extra maintenance. We started before the
snaps stuff appeared so at that moment there was not really an
alternative. Although I'd doubt we'd switch to snaps, the moment Virgo
will provide a HttpService we will be a bunch of happy campers though,
then we can get rid of that horrible web.xml.

Cheers,

Ric