Java libs in apps
Mark Porter
it works is you go to an "application management" tab in the
administrator, import a directory as an app, and then export it as an
"egg", i.e. a zip file containing the file structure of the app.
This .egg file can then be imported on another instance. I have also
added native ComonJS support such that if you have a CommonJS library
called "StuffManager.sjs" in an application called "MyLib" then after
installing MyLib.egg, other applications can access the library via:
var sm = require("MyLib/StuffManager");
sm.someFunction();
My questions is this: Should eggs be allowed to include Java libraries
to be installed in /WEB-INF/lib?
Pros:
* Allows the installation of Java libraries along with JS wrappers
* Allows implicit dependency management...the end-user doesn't have to
figure out where to get the required libraries
Cons:
* an app could break other apps be installing incompatible libraries
* an app could "hack" Myna in a non-transparent way by installing
poisoned libraries
What do you think? Are there other pros and cons?
Jeff Bader
I'm wondering if you are borrowing [intentionally] the "egg" concept
from Python or if it is just a coincidence that you have chosen it?
FYI
http://peak.telecommunity.com/DevCenter/EggFormats#eggs-and-their-formats
> --
> You received this message because you are subscribed to the Google Groups "MynaJS-General" group.
> To post to this group, send email to mynajs-...@googlegroups.com.
> To unsubscribe from this group, send email to mynajs-genera...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/mynajs-general?hl=en.
>
>
Mark Porter
I'm not familiar with python eggs, but it looks like the same thing. I think that if your platform is named after an egg-laying animal then there is an obvious choice for package name :)
On Jun 6, 2010 12:36 PM, "Jeff Bader" <jeffw...@gmail.com> wrote:
I Mark,
I'm wondering if you are borrowing [intentionally] the "egg" concept
from Python or if it is just a coincidence that you have chosen it?
FYI
http://peak.telecommunity.com/DevCenter/EggFormats#eggs-and-their-formats
On Sun, Jun 6, 2010 at 12:20 PM, Mark Porter <ma...@porterpeople.com> wrote:
> I'm working on applic...
Jeff Bader
On Sun, Jun 6, 2010 at 12:20 PM, Mark Porter <ma...@porterpeople.com> wrote:
> I'm working on application/library import and export for Myna. The way
> it works is you go to an "application management" tab in the
> administrator, import a directory as an app, and then export it as an
> "egg", i.e. a zip file containing the file structure of the app.
> This .egg file can then be imported on another instance. I have also
> added native ComonJS support such that if you have a CommonJS library
> called "StuffManager.sjs" in an application called "MyLib" then after
> installing MyLib.egg, other applications can access the library via:
>
> var sm = require("MyLib/StuffManager");
> sm.someFunction();
>
> My questions is this: Should eggs be allowed to include Java libraries
> to be installed in /WEB-INF/lib?
The alternative I suppose (which is actually more explicit) is for the
egg to define in some sort of manifest, what libs are required then
force the person installing the egg to fetch the libs and place them
in the lib on the server.This may be best b/c if licensing comes into
play, it might not be OK to distribute with your "application (egg)"
anyway. I would actually vote for no on including libs that are pushed
into WEB-INF.
>
> Pros:
> * Allows the installation of Java libraries along with JS wrappers
> * Allows implicit dependency management...the end-user doesn't have to
> figure out where to get the required libraries
>
> Cons:
> * an app could break other apps be installing incompatible libraries
This is an issue because certain functionality in any given egg could
require/include newer (or older) libs then those used by the Myna app
server. Need a namespace fix for this in some way (Java inherently
manages this poorly in my opinion).
> * an app could "hack" Myna in a non-transparent way by installing
> poisoned libraries
Could, but unlikely, and really that probably isn't of major concern
to you as the app-server developer. It's probably ok that users be
expected to use care when importing eggs, and that they ensure they
are signed from a trusted source...check the signature what have you.
>
> What do you think? Are there other pros and cons?
>
Mark Porter
On Sun, Jun 6, 2010 at 12:20 PM, Mark Porter <ma...@porterpeople.com> wrote:
> My questions is this: Should eggs be allowed to include Java librariesThe alternative I suppose (which is actually more explicit) is for the
> to be installed in /WEB-INF/lib?
egg to define in some sort of manifest, what libs are required then
force the person installing the egg to fetch the libs and place them
in the lib on the server.This may be best b/c if licensing comes into
play, it might not be OK to distribute with your "application (egg)"
anyway. I would actually vote for no on including libs that are pushed
into WEB-INF.
>
> Cons:
> * an app could break other apps be installing incompatible libraries
Tony Zakula
would do two things. The best path to write an app others could use
and install easily would be totally in JavaScript. This would be good
for Myna and the community. If an app absolutely needs Java libraries,
it could have clear instructions as to how to install the app
including copying in Java libraries and restarting the app server. An
app like that could have a list of "depends" that must be met. This
is typically the way Asp or PHP does it. This leaves the security and
integrity up to the person doing the installing, and this could
definitely be a security issue.
Thanks,
TonyZ