You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by Rob Walker <ro...@ascert.com> on 2018/08/20 13:29:15 UTC
HTTP Jetty - org.eclipse.jetty.security.authentication marked as
PrivatePackage
Wondering on the use of PrivatePackage for the org.eclipse.jetty.security.authentication package.
Admittedly, it is rather internal and a boundary case, but it's one our implementation does make use of as part of wiring JAAS handling into HTTP security authentication.
We can get around it fairly easy by generating our own bundle with a modified manifest. Just wondering on the rationale behind making this specific package private?
Cheers all
----
Rob Walker
[cid:image001.jpg@01D39C2C.9DA64510]
www.ascert.com
robw@ascert.com
SA +27 21 300 2028
UK +44 20 7488 3470 ext 5119
Re: HTTP Jetty - org.eclipse.jetty.security.authentication marked as
PrivatePackage
Posted by Carsten Ziegeler <cz...@apache.org>.
Hi,
I think this is a bug; if I remember correctly this package was not
exported by the Eclipse jetty jar in some version, therefore we added it
to the exclude list. But it seems to be exported by Eclipse jetty for
some time now, but we forgot to update our exclude list :(
Regards
Carsten
Rob Walker wrote
> Wondering on the use of PrivatePackage for the
> org.eclipse.jetty.security.authentication package.
>
>
>
> Admittedly, it is rather internal and a boundary case, but it’s one our
> implementation does make use of as part of wiring JAAS handling into
> HTTP security authentication.
>
>
>
> We can get around it fairly easy by generating our own bundle with a
> modified manifest. Just wondering on the rationale behind making this
> specific package private?
>
>
>
> Cheers all
>
>
>
> ----
>
> Rob Walker
>
>
>
> cid:image001.jpg@01D39C2C.9DA64510
>
>
>
> www.ascert.com
>
> robw@ascert.com
>
> SA +27 21 300 2028
>
> UK +44 20 7488 3470 ext 5119
>
>
>
--
Carsten Ziegeler
Adobe Research Switzerland
cziegeler@apache.org
RE: HTTP Jetty - org.eclipse.jetty.security.authentication marked as
PrivatePackage
Posted by Rob Walker <ro...@ascert.com>.
Carsten
TBH - I wasn't sure.
We have always just rebundled the HTTP Jetty Jar and customized the manifest to make it usable. And it's pretty easy for us to continue with that.
The http.jetty bundle seems to explicitly make these private packages. I guess in the strictest terms, that could be viewed as correct since it ensures no one codes to rely on a specific HTTP Service implementation and only relies on the publish OSGi api. But of course in practical terms that gets cumbersome.
Anyhow, we're fine local here as-is, so it'smore of an observation in case it impacts others
-R
-----Original Message-----
From: Carsten Ziegeler [mailto:cziegeler@apache.org]
Sent: 20 August 2018 16:34
To: Rob Walker <ro...@ascert.com>; dev@felix.apache.org
Subject: HTTP Jetty - org.eclipse.jetty.security.authentication marked as PrivatePackage
Hi,
I think this is a bug; if I remember correctly this package was not exported by the Eclipse jetty jar in some version, therefore we added it to the exclude list. But it seems to be exported by Eclipse jetty for some time now, but we forgot to update our exclude list :(
Regards
Carsten
Rob Walker wrote
> Wondering on the use of PrivatePackage for the
> org.eclipse.jetty.security.authentication package.
>
>
>
> Admittedly, it is rather internal and a boundary case, but it's one
> our implementation does make use of as part of wiring JAAS handling
> into HTTP security authentication.
>
>
>
> We can get around it fairly easy by generating our own bundle with a
> modified manifest. Just wondering on the rationale behind making this
> specific package private?
>
>
>
> Cheers all
>
>
>
> ----
>
> Rob Walker
>
>
>
> cid:image001.jpg@01D39C2C.9DA64510
>
>
>
> www.ascert.com
>
> robw@ascert.com
>
> SA +27 21 300 2028
>
> UK +44 20 7488 3470 ext 5119
>
>
>
--
Carsten Ziegeler
Adobe Research Switzerland
cziegeler@apache.org
HTTP Jetty - org.eclipse.jetty.security.authentication marked as
PrivatePackage
Posted by Carsten Ziegeler <cz...@apache.org>.
Hi,
I think this is a bug; if I remember correctly this package was not
exported by the Eclipse jetty jar in some version, therefore we added it
to the exclude list. But it seems to be exported by Eclipse jetty for
some time now, but we forgot to update our exclude list :(
Regards
Carsten
Rob Walker wrote
> Wondering on the use of PrivatePackage for the
> org.eclipse.jetty.security.authentication package.
>
>
>
> Admittedly, it is rather internal and a boundary case, but it’s one our
> implementation does make use of as part of wiring JAAS handling into
> HTTP security authentication.
>
>
>
> We can get around it fairly easy by generating our own bundle with a
> modified manifest. Just wondering on the rationale behind making this
> specific package private?
>
>
>
> Cheers all
>
>
>
> ----
>
> Rob Walker
>
>
>
> cid:image001.jpg@01D39C2C.9DA64510
>
>
>
> www.ascert.com
>
> robw@ascert.com
>
> SA +27 21 300 2028
>
> UK +44 20 7488 3470 ext 5119
>
>
>
--
Carsten Ziegeler
Adobe Research Switzerland
cziegeler@apache.org