Java libs in apps

2 views
Skip to first unread message

Mark Porter

unread,
Jun 6, 2010, 12:20:26 PM6/6/10
to MynaJS-General
I'm working on application/library import and export for Myna. The way
it works is you go to an "application management" tab in the
administrator, import a directory as an app, and then export it as an
"egg", i.e. a zip file containing the file structure of the app.
This .egg file can then be imported on another instance. I have also
added native ComonJS support such that if you have a CommonJS library
called "StuffManager.sjs" in an application called "MyLib" then after
installing MyLib.egg, other applications can access the library via:

var sm = require("MyLib/StuffManager");
sm.someFunction();

My questions is this: Should eggs be allowed to include Java libraries
to be installed in /WEB-INF/lib?

Pros:
* Allows the installation of Java libraries along with JS wrappers
* Allows implicit dependency management...the end-user doesn't have to
figure out where to get the required libraries

Cons:
* an app could break other apps be installing incompatible libraries
* an app could "hack" Myna in a non-transparent way by installing
poisoned libraries

What do you think? Are there other pros and cons?

Jeff Bader

unread,
Jun 6, 2010, 2:36:36 PM6/6/10
to mynajs-...@googlegroups.com
I Mark,

I'm wondering if you are borrowing [intentionally] the "egg" concept
from Python or if it is just a coincidence that you have chosen it?

FYI

http://peak.telecommunity.com/DevCenter/EggFormats#eggs-and-their-formats

> --
> You received this message because you are subscribed to the Google Groups "MynaJS-General" group.
> To post to this group, send email to mynajs-...@googlegroups.com.
> To unsubscribe from this group, send email to mynajs-genera...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/mynajs-general?hl=en.
>
>

Mark Porter

unread,
Jun 6, 2010, 2:43:37 PM6/6/10
to mynajs-...@googlegroups.com

I'm not familiar with python eggs, but it looks like the same thing. I think that if your platform is named after an egg-laying animal then there is an obvious choice for package name :)

On Jun 6, 2010 12:36 PM, "Jeff Bader" <jeffw...@gmail.com> wrote:

I Mark,

I'm wondering if you are borrowing [intentionally] the "egg" concept
from Python or if it is just a coincidence that you have chosen it?

FYI

http://peak.telecommunity.com/DevCenter/EggFormats#eggs-and-their-formats


On Sun, Jun 6, 2010 at 12:20 PM, Mark Porter <ma...@porterpeople.com> wrote:

> I'm working on applic...

Jeff Bader

unread,
Jun 6, 2010, 3:40:11 PM6/6/10
to mynajs-...@googlegroups.com
Inline...

On Sun, Jun 6, 2010 at 12:20 PM, Mark Porter <ma...@porterpeople.com> wrote:

> I'm working on application/library import and export for Myna. The way
> it works is you go to an "application management" tab in the
> administrator, import a directory as an app, and then export it as an
> "egg", i.e. a zip file containing the file structure of the app.
> This .egg file can then be imported on another instance. I have also
> added native ComonJS support such that if you have a CommonJS library
> called "StuffManager.sjs" in an application called "MyLib" then after
> installing MyLib.egg, other applications can access the library via:
>
> var sm = require("MyLib/StuffManager");
> sm.someFunction();
>
> My questions is this: Should eggs be allowed to include Java libraries
> to be installed in /WEB-INF/lib?

The alternative I suppose (which is actually more explicit) is for the
egg to define in some sort of manifest, what libs are required then
force the person installing the egg to fetch the libs and place them
in the lib on the server.This may be best b/c if licensing comes into
play, it might not be OK to distribute with your "application (egg)"
anyway. I would actually vote for no on including libs that are pushed
into WEB-INF.

>
> Pros:
> * Allows the installation of Java libraries along with JS wrappers
> * Allows implicit dependency management...the end-user doesn't have to
> figure out where to get the required libraries

>
> Cons:
> * an app could break other apps be installing incompatible libraries

This is an issue because certain functionality in any given egg could
require/include newer (or older) libs then those used by the Myna app
server. Need a namespace fix for this in some way (Java inherently
manages this poorly in my opinion).

> * an app could "hack" Myna in a non-transparent way by installing
> poisoned libraries

Could, but unlikely, and really that probably isn't of major concern
to you as the app-server developer. It's probably ok that users be
expected to use care when importing eggs, and that they ensure they
are signed from a trusted source...check the signature what have you.

>
> What do you think? Are there other pros and cons?
>

Mark Porter

unread,
Jun 6, 2010, 4:28:57 PM6/6/10
to mynajs-...@googlegroups.com
Those are good points. I was already leaning towards not including java libs. When you export an egg, a checksum file is also created. I intend to create a a system on Mynajs.org where developers can register and post their eggs. When Myna downloads an egg from a mirror, it will automatically check the sig against mynajs.org. until that is ready, you can still check sigs for manually installed eggs. So you could, for instance, post your egg and sig on your web site.


On Sun, Jun 6, 2010 at 1:40 PM, Jeff Bader <jeffw...@gmail.com> wrote:
On Sun, Jun 6, 2010 at 12:20 PM, Mark Porter <ma...@porterpeople.com> wrote:

> My questions is this: Should eggs be allowed to include Java libraries
> to be installed in /WEB-INF/lib?

The alternative I suppose (which is actually more explicit) is for the
egg to define in some sort of manifest, what libs are required then
force the person installing the egg to fetch the libs and place them
in the lib on the server.This may be best b/c if licensing comes into
play, it might not be OK to distribute with your "application (egg)"
anyway. I would actually vote for no on including libs that are pushed
into WEB-INF.

>

> Cons:
> * an app could break other apps be installing incompatible libraries

Tony Zakula

unread,
Jun 6, 2010, 10:33:36 PM6/6/10
to mynajs-...@googlegroups.com
I would be for NOT automatically including libraries. I think this
would do two things. The best path to write an app others could use
and install easily would be totally in JavaScript. This would be good
for Myna and the community. If an app absolutely needs Java libraries,
it could have clear instructions as to how to install the app
including copying in Java libraries and restarting the app server. An
app like that could have a list of "depends" that must be met. This
is typically the way Asp or PHP does it. This leaves the security and
integrity up to the person doing the installing, and this could
definitely be a security issue.

Thanks,

TonyZ

Reply all
Reply to author
Forward
0 new messages