ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ancoron Luciferis (JIRA)" <j...@apache.org>
Subject [jira] Commented: (WSS-264) OSGi bundle should NOT specify the universal DynamicImport-Package: *
Date Mon, 28 Feb 2011 19:27:37 GMT

    [ https://issues.apache.org/jira/browse/WSS-264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13000480#comment-13000480
] 

Ancoron Luciferis commented on WSS-264:
---------------------------------------

Thanks for integrating this. :-)

> OSGi bundle should NOT specify the universal DynamicImport-Package: *
> ---------------------------------------------------------------------
>
>                 Key: WSS-264
>                 URL: https://issues.apache.org/jira/browse/WSS-264
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 1.5.10
>            Reporter: Ancoron Luciferis
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.6
>
>
> WSS4J is about security and so should the OSGi bundle at the class loading level.
> In version 1.5.10 you are using this Manifest header:
> DynamicImport-Package: *
> which resolves all class loading issues but effectively disables the benefit of OSGi
in terms of class visibility.
> So please put some effort in here to get only those packages listed that may eventually
being accessed at runtime.
> A simple search yields only these classes for dynamic loading:
> org.bouncycastle.jce.provider.BouncyCastleProvider
> org.apache.security.juice.provider.JuiCEProviderOpenSSL
> ...so the header could be:
> DynamicImport-Package: org.bouncycastle.jce.provider,org.apache.security.juice.provider
> I also see that configuration properties like "org.apache.ws.security.saml.issuerClass"
in the SAMLIssuerFactory class may introduce problems herewith but after all there are 2 solutions:
> 1.) the implementor rebuilds the WSS4J bundle and adds an appropriate dynamic import
> 2.) the implementor packages the implementation class inside a fragment bundle attaching
to the WSS4J host bundle
> Option 2 is much more elegant, keeps package/class visibility at a minimum and also does
not require to customize the WSS4J OSGi bundle.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message