I am using Equinox, so the Equinox Aspect project seems like a no-brainer, but that project appears to be inactive and has only one page of documentation that leaves me hanging at the end.
Other than that project, I do not see many options for using AOP in OSGI. Let me know what you all think and what the possibilities are, thanks :)
I don't know of any alternative, but I didn't think Equinox Aspects was inactive. It's even receiving new features in the upcoming Helios release.
The big issue is obviously with the lack of standardized loadtime weaving; Equinox Aspects and the weaver (used by AJDT) has been the only option for now. The good news is that bytecode weaving in all its glory is actively in progress in the OSGi working group and will "soon" be standardized. If you really need something that works reliably right now, your best bet is still compile-time weaving. IMHO that is a much better approach anyway, at least for AOP as design-time activity as it was originally envisioned..
As an alternative, you could also consider using the Apache Felix Dependency Manager, which allows you to at runtime add interceptors to existing OSGi services. Of course this is in no way a full AOP replacement, but for some use cases it might be enough.
You can find more documentation and an example here:
http://felix.apache.org/site/apache-felix-dependency-manager-osgi-design-patterns.html
Related
I'm developing some Kotlin libraries and I have the following conceptual issues:
The first library is based on spring's classpath scanner and is intended for use as a spring extension, so it pulls spring-core as a dependency. Is this ok? How would the potential user of my library handle different spring versions?
The second library is based on first and it is intended for use in p2p networks. It synchronizes with other peers and provides a shared state that can be easily retrieved by library user using special pre-defined spring service. Is this ok for a library to have side effect like this? Maybe there are some patterns for implementing/distributing such libraries?
If this is not ok, can you please guide me how to do this right.
Thanks in advance.
This is a bit general question, and having concrete examples would help understand if that's "okay" or "not okay" to do it.
But generally speaking:
It's fine if your library depends on other libraries of specific versions. Most of the libraries do. The question is how heavy and obtrusive this library you depend on is. And unfortunately for you, Spring libraries are known to be both. In case of the end-user of your library, in case of conflicts he'll simply have to choose whether he wants to update his Spring version for your library or not
Having some distributed state is not necessarily a side effect. EhCache is a distributed cache library, for example. The basic pattern is to be as SOLID as possible. When I developed caching for Vert.x WebClient library, I made it rely on interfaces instead of solid implementation, so if someone decides he doesn't want to use your library (Spring component, for example), he could provide an alternative solution.
Again, those are basic guidelines, without seeing your code. If you intend to open source it, feel free to share specific bits to get more concrete insights from StackOverflow community.
I'm interested in the OSGi Enterprise specification. At the moment I'm only interested in the JDBC connectivity, but that may change.
At http://www.osgi.org/Download/Release4V42 I can find the osgi.enterprise.jar (the companion code link). Can I just install it in my equinox container and use it?
I had the impression that some of the classes are overlapping (for instance org.osgi.service.component), doesn't this lead to problems? Or should I then just uninstall the org.eclipse.osgi.services bundle and use the osgi.enterprise instead?
No. You can't do that.
The file from OSGI.org is mostly interfaces, it is not complete implementation.
The answer by "J-16 SDiZ" is correct, in that the osgi.enterprise.jar is pure interfaces rather than implementations.
You also asked about the overlap with the org.eclipse.osgi.services bundle… in fact the OSGi enterprise JAR should be a strict superset of it. There is not much problem with having both these bundles installed but it is also not really necessary, so to minimise confusion I would probably remove org.eclipse.osgi.services.
I was just about to include the HtmlUnit library in a project. I unpacked the zip-file and realised that it had no less than 12 dependencies.
I've always been concerned when it comes to introducing dependencies. I suppose I have to ship all these dependencies together with the application (8.7 mb in this particular case). Should I bother checking for, say, security updates for these libraries? Finally (and most importantly, actually what I'm most concerned about): What if I want to include another library which depends on the same libraries as this library, but with different versions? That is, what if for instance HtmlUnit depends on one version of xalan and another library I need, depends on a different version of xalan?
The task HtmlUnit solves for me could be solved "manually" but that would probably not be as elegant.
Should I be concerned about this? What are the best practices in situations like these?
Edit: I'm interested in the general situation, not particularly involving HtmlUnit. I just used it here as an example as that was my current concern.
Handle your dependencies with care. They can bring you much speed, but can be a pain to maintain down the road. Here are my thoughts:
Use some software to maintain your dependencies. Maven is what I would use for Java to do this. Without it you will very soon loose track of your dependencies.
Remember that the various libraries have different licenses. It is not granted that a given license works for your setting. I work for a software house and we cannot use GPL based libraries in any of the software we ship, as the software we sell are closed source. Similarly we should avoid LGPL as well if we can (This is due to some intricate lawyer reasoning, don't ask me why)
For unit testing I'd say go all out. It is not the end of the world if you have to rewrite your tests in the future. It might even be then that that part of the software is either extremely stable or maybe not even maintained no more. Loosing those is not that big of a deal as you already had a huge gain of gaining speed when you got it.
Some libraries are harder to replace later than others. Some are like a marriage that should last the life of the software, but some other are just tools that are easily replaceable. (Think Spring versus an xml library)
Check out how the community support older versions of the library. Are they supporting older versions? What happens when life continues and you are stuck at a version? Is there an active community or do you have the skill to maintain it yourself?
For how long are your software supposed to last? Is it one year, five year, ten year or beyond? If the software has short time span, then you can use more to get where you are going as it is not that important to be able to keep up with upgrading your libraries.
It could be a serious issue if there isn't a active community which does maintain the libraries on long term. It is ok to use libraries, but to be honest you should care to get the sources and put them into your VCS.
Should I bother checking for, say, security updates for these libraries?
In general, it is probably a good idea to do this. But then so should everyone upstream and downstream of you.
In your particular case, we are talking about test code. If potential security flaws in libraries used only in testing are significant, your downstream users are doing something strange ...
Finally (and most importantly, actually what I'm most concerned about): What if I want to include another library which depends on the same libraries as this library, but with different versions? That is, what if for instance HtmlUnit depends on one version of xalan and another library I need, depends on a different version of xalan?
Ah yes. Assuming that you are building your own classpaths, etc by hand, you need to make a decision about which version of the dependent libraries you should use. It is usually safe to just pick the most recent of the versions used. But if the older version is not backwards incompatible with the new (for your use case) then you've got a problem.
Should I be concerned about this?
IMO, for your particular example (where we are talking about test code), no.
What are the best practices in situations like these?
Use Maven! It explicitly exposes the dependencies to the folks who download your code, making it possible for them to deal with the issue. It also tells you when you've got dependency version conflicts and provides a simple "exclude" mechanism for dealing with it.
Maven also removes the need to create distributions. You publish just your artifacts with references to their dependents. The Maven command then downloads the dependent artifacts from wherever they have been published.
EDIT
Obviously, if you are using HtmlUnit for production code (rather than just tests), then you need to pay more attention to security issues.
A similar thing has happened to me actually.
Two of my dependencies had the same 'transitive' dependency but a different version.
My favorite solution is to avoid "dependency creep" by not including too many dependencies. So, the simplest solution would be to remove the one I need less, or the one I could replace with a simple Util class, etc.
Too bad, it's not always that simple. In unfortunate cases where you actually need both libraries, it is possible to try to sync their versions, i.e. downgrade one of them so that dependency versions match.
In my particular case, I manually edited one of the jars, deleted the older dependency from it, and hoped it would still work with new version loaded from other jar. Luckily, it did (i.e. maintainers of the transitive dependency didn't remove any classes or methods that library used).
Was it ugly - Yes (Yuck!), but it worked.
I try to avoid introducing frivolous dependencies, because it is possible to run into conflicts.
One interesting technique I have seen used to avoid conflicts: renaming a library's package (if its license allows you to -- most BSD-style licenses do.) My favorite example of this is what Sun did when they built Xerces into the JRE as the de-facto JAXP XML parser: they renamed the whole of Xerces from org.apache.xerces to com.sun.org.apache.xerces.internal. Is this technique drastic, time consuming, and hard to maintain? Yes. But it gets the job done, and I think it is an important possible alternative to keep in mind.
Another possibility is -- license terms abided -- copying/renaming single classes or even single methods out of a library.
HtmlUnit can do a lot, though. If you are really using a large portion of its functionality on a lot of varied input data, it would be hard to make a case for spending the large amount of time it would take to re-write the functionality from scratch, or repackage it.
As for the security concerns -- you might weigh the chances of a widely used library having problems, vs. the likelihood of your hand-written less-tested code having some security flaw. Ultimately you are responsible for the security of your programs, though -- so do what you feel you must.
I am starting work on a project that has some code written in BeansBinding. It seems to work, but I found this scary post: http://weblogs.java.net/blog/fabriziogiudici/archive/2009/03/lets_fork_beans.html
It appears that development on BeansBinding has stopped. Why wouldn't this ambitious developer just pick up where the other developers left off? Why is it necessary to fork? Are there some serious core issues with BeansBinding?
I have not used the BetterBeansBinding yet. Will projects written in BeansBinding need to be replaced with "BetterBeansBinding" in the future? Is BetterBeansBinding even somewhat similar to BeansBinding and is it stable? If BeansBinding is seen as "abandonware" then will BetterBeansBinding have the same fate?
If you happen to hit any the bugs in beans binding (most of the people don't) maybe you will be forced to use betterbeansbinding (where they may have fixed it).
BetterBeansBinding in a drop-in replacement for beansbinding, it has the same api so it's ok to just replace the beansbinding.jar with the betterbeansbinding.jar. It's stable yes.
JSR-295 itself was marked as inactive so it could be that better beans binding share the same fate.
But giving the fact that beans binding was stopped on 2007 and people still use it (netbeans) I don't think you should be scared to use it.
I want to use an AOP framework, but I have two constraints.
Any framework that I choose
Must be fairly independent. I plan to use this in a legacy code base, and hence
cannot upgrade prospective dependencies like commons-logging-XXX.jar to commons-logging-newest.jar.
Must be fairly well documented, should not be too complex to understand and integrate.
AspectJ as far as I can tell is just a compiler and imposes no dependencies on compiled programs other than including the AspectJ runtime jar.
It is also actively maintained, part of the Eclipse project and has a nice development environment (AJDT, a plugin to Eclipse).
I like Spring + AspectJ. You can do all of your pointcut definitions in xml if you like, and you don't need to change a line of code on your legacy stuff. If you already know spring and AOP concepts, there's not much to learn.
Okay, this one doesn't fit all your requirements, but I think, it's worth a look:
http://dynamicaspects.sourceforge.net/
Positives
No dependencies except needs java 1.5 due to using the JavaAgent
No XML markup needed and just works with POJO classes
Tried myself and found it very easy to use (not very complex)
Negatives
No more activly maintained afaik
Poor documentation
You cannot do everything a full fledged AOP framework allows you to do
I tested it out some time ago and was pretty impressed but found some glitches which I don't remember right now. Though you might give it a try.
Greetz, GHad