Skip to content
This repository has been archived by the owner on Jun 3, 2020. It is now read-only.

Need transform rules for Jakarta Authentication packages #109

Open
scottmarlow opened this issue May 9, 2020 · 9 comments
Open

Need transform rules for Jakarta Authentication packages #109

scottmarlow opened this issue May 9, 2020 · 9 comments
Assignees
@tbitonti

Comments

@scottmarlow
Copy link

scottmarlow commented May 9, 2020
edited

We hit this in the migration of the Jakarta EE Platform TCK issue 244, in that we had changed "import javax.security.auth.;" to "import jakarta.security.auth.;", however, we really needed the JDK classes (not the Jakarta EE 9).

Perhaps the transformer should generate an extra import jakarta.security.auth.* classes, so that both jakarta.security.auth.* + javax.security.auth.* classes are imported.

Similar for importing javax.transaction., which could be translated to include both the JDK javax.transaction. classes, as well as jakarta.transaction.*.
@bjhargrave
Copy link
Collaborator

We need transformation rules for:

javax.security.auth.message=jakarta.security.auth.message
javax.security.auth.message.callback=jakarta.security.auth.message.callback
javax.security.auth.message.config=jakarta.security.auth.message.config
javax.security.auth.message.module=jakarta.security.auth.message.module

These are the Java EE 8/Jakarta EE 8 packages which need transformation.

https://github.com/eclipse-ee4j/authentication/tree/master/api/src/main/java/jakarta/security/auth/message

Other packages starting with javax.security.auth. belong to Java SE.

@bjhargrave bjhargrave changed the title How to transform import of javax.security.auth.*? Need transform rules for Jakarta Authentication packages May 11, 2020
@tbitonti
Copy link
Owner

Is this a request to update the default rules data with the four security renames?
That would be an update to this file:
https://github.com/tbitonti/jakartaee-prototype/blob/master/transformer/src/main/resources/org/eclipse/transformer/jakarta/jakarta-renames.properties
Or, is there an additional capability which is required?

@bjhargrave
Copy link
Collaborator

This is a request to update the default rules. We need to do a complete review of the Jakarta 9 APIs to make sure we don't have any other renaming gaps...

@tbitonti tbitonti self-assigned this May 11, 2020
@tbitonti
Copy link
Owner

Hi; ok, I'll add those in.
I have an additional TODO which is to update the default data with the entire known package rename data. I'll get those in, too -- but commented out, since not all of the jakarta versions of implementations are available.

@tbitonti
Copy link
Owner

Remaining package renames is covered by issue #114.

@bjhargrave
Copy link
Collaborator

but commented out, since not all of the jakarta versions of implementations are available.

I think what we will need is an exclude/disable option so that the tool is complete in the Jakarta transformation rules, but since APIs and implementations are at various stages of progress in the move to the new APIs, they will need to individually exclude/disable certain Jakarta transformations until they are ready.

Since each user will not all be at the same state of progress, it is better that the tool have the complete set of Jakarta transformations available yet allow the user to exclude/disable the transformations they are not yet ready to handle. This will allow users to progress at their own rate rather than be held up by the tool having not yet enabled some Jakarta transformation rules.

@scottmarlow
Copy link
Author

What should the transformer do when transforming EE 8 => EE 9 applications that import javax.security.auth.? Should the transformer include all of the Java SE (javax.security.auth.) classes and the Jakarta EE 9 (jakarta.security.auth.*) classes?

Or only the Java SE classes, which may result in CNFE if a jakarta.security.auth.message.ClientAuth (or other jakarta.security.auth) classes are referenced in the bytecode?

@bjhargrave
Copy link
Collaborator

What should the transformer do when transforming EE 8 => EE 9 applications that import javax.security.auth.? Should the transformer include all of the Java SE (javax.security.auth.) classes and the Jakarta EE 9 (jakarta.security.auth.*) classes?

The transformer does not transform source code. Therefore, any import statements in source code are not relevant. The transformer transforms binary class files which only contain fully qualified class names. So we can transform only the references to the Java EE 8/Jakarta EE 8 packages, javax.security.auth.message, javax.security.auth.message.callback, javax.security.auth.message.config, and javax.security.auth.message.module without affecting any other references to the Java SE packages starting with javax.security.auth..

Or only the Java SE classes, which may result in CNFE if a jakarta.security.auth.message.ClientAuth (or other jakarta.security.auth) classes are referenced in the bytecode?

If you compile source code against Jakarta EE 9 libraries, your source code will also need to import from the jakarta.security.auth.message packages if you need access to them.

@scottmarlow
Copy link
Author

That makes sense, thanks! :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tbitonti tbitonti

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bjhargrave @scottmarlow @tbitonti