July 14, 2020
OSGi Support is Needed to Assure Secure Code
christopherw3118414 Follow
Comments
(4)
Share
July 14, 2020
OSGi Support is Needed to Assure Secure Code
christopherw3118414
Newbie 1 posts
Followers: 0 people
Follow
christopherw3118414 Follow
(4)
4

Here is a serious question to ponder.

I have been supporting the Adobe Experience Manager (AEM) at two different companies over the past five years.  The AEM and Lucee support OSGi framework over JVM which makes these applications faster (on compile) and more secure.

Is there any forward  looking plans to support OSGi (and Maven).

4
christopherw3118414
Newbie 1 posts
Followers: 0 people
Follow
christopherw3118414 Follow
Similar Blogs
4 Comments
Benjamin Reid
2020-07-15 23:34:14
2020-07-15 23:34:14

Christopher, can you elaborate your thoughts on how using OSGi makes coding more secure?

Like
Reply
Benjamin Reid
2020-07-15 23:24:50
2020-07-15 23:24:50

A key benefit of using OSGI is the ability to target which version of a Java library you wish to use on the server, whilst also allowing multiple versions to be installed and used at once. I personally see that as the key benefit to OSGI and would strongly encourage Adobe to adopt OSGI.

Like
(1)
Reply
(1)
Charlie Arehart
>
Benjamin Reid
's comment
2020-07-16 14:56:55
2020-07-16 14:56:55
>
Benjamin Reid
's comment

Benjamin, are you aware that CF (since 10) has already allowed application-level class loading, so that a given app can use a different version of a library than is setup for all of CF? No, not “the same thing”, but if someone didn’t realize that was an option, they may feel that CF is “stuck allowing only one version of a library”.

And I can’t tell if you saw my reply to Christopher here, yesterday. Since you have more knowledge of OSGI, I’d be curious if you have any thoughts on what I said. No worries if you did not have any to add.

Like
Reply
Charlie Arehart
2020-07-15 20:41:38
2020-07-15 20:41:38

I’m not aware of any such plans, but I realize you will prefer to hear from someone at Adobe or with a more authoritative answer.

That said, while OSGI is indeed powerful (which has its pros and cons), you highlight improved compile time as a goal. Since CF code is compiled the first time it’s executed (or edited, and that compilation is saved and re-used by default, even over CF restarts), compile time should be a negligible concern.

You also mention Maven, but of course CFML developers have no use for that…and while with Lucee being open source there may have been a benefit in compiling the Lucee engine itself, no developer outside of Adobe would even be compiling CF itself. (I suppose the key question is whether they, themselves, would somehow benefit from that aspect of a conversion of CF to an OSGI model.)

All that said, and while there may well be other benefits to having Adobe adopt OSGI as a platform, it’s not without its challenges (especially for such a large project as CF), as the Lucee team documented.

But again, since you have asked, let’s see if anyone else may have more to say.

Like
Reply
Add Comment