[英]Is there any way that users of my modular library are able to access classes which have not been exported?
I'm trying to get familiar with the module system introduced in Java 9, and I would like to know the best way to leverage it. 我正在尝试熟悉Java 9中引入的模块系统,我想知道利用它的最佳方法。
For a library I'm writing, I would like to do the following (ignore the naming of the packages): 对于我正在编写的库,我想执行以下操作(忽略软件包的命名):
com.myproject.api
. com.myproject.api
仅公开接口,简单的POJO类和工厂类。 Everything in this class can be used by the users. com.myproject.core
. com.myproject.core
。 Users should not be able to access anything in here. My reasoning is that users do not need to get confused or overwhelmed by the implementation logic. 我的理由是,用户无需对实现逻辑感到困惑或不知所措。 Instead, they can just look at (hopefully) clean and well documentated interfaces.
取而代之的是,他们可以仅查看(希望)干净且记录良好的界面。
However, due to the way Java packages work, it can be difficult to restrict use of certain classes without making them all package private. 但是,由于Java程序包的工作方式,很难在不将所有程序包都私有的情况下限制某些类的使用。 But I don't like putting all the classes in one package, and would rather organize them into various packages.
但是我不喜欢将所有类都放在一个包中,而是希望将它们组织成各种包。
After reading about the module system, I believe I can do the following to achieve what I want. 在阅读了有关模块系统的知识之后,我相信我可以做以下事情来实现我想要的。 This is the
module-info.java
file: 这是
module-info.java
文件:
module com.myproject {
exports com.myproject.api;
}
From my understanding, the users of my library will be able to use everything defined in the com.myproject.api
package (by using require com.mypojrect.api
in their own module-info file). 据我了解,我的库用户将能够使用
com.myproject.api
包中定义的所有内容(通过在自己的module-info文件中使用require com.mypojrect.api
)。
But is there any way that users will be able to access anything in the com.myproject.core
package? 但是,用户是否可以通过任何方式访问
com.myproject.core
软件包中的任何内容? I have no problem with them looking at the code (via IDE or the source code itself), but I just don't want to end up supporting classes/methods/logic which I didn't want to expose. 我对他们(通过IDE或源代码本身)查看代码没有问题,但是我只是不想最终支持我不想公开的类/方法/逻辑。
I'm concerned that users who don't have a modularized application or users who put my library JAR on the classpath will somehow find a way to get access to the supposed restricted package. 我担心没有模块化应用程序的用户或将我的库JAR放在类路径中的用户将以某种方式找到一种方法来访问假定的受限软件包。
Please let me know if you need any other information. 如果您需要其他任何信息,请告诉我。
A pre- JDK9
user of your library cannot exist, as you're going to use the Java Platform Module System , which is post- JDK8
, and thus you're going to compile to a class version greater than 52
. 库的
JDK9
用户不存在,因为您将使用JDK8
的Java平台模块系统 ,因此您将编译为大于52
的类版本。
Said that, your users will be able to look at the source code (if shipped), and obviously they will be able to extract your .class
files. 话虽如此,您的用户将能够查看源代码(如果已发货),并且显然他们将能够提取您的
.class
文件。
By definition 根据定义
a type in a module is not accessible to other modules unless it's a public type and you export its package.
除非是公共类型并且您导出其包,否则其他模块将无法访问模块中的类型。
The only way to gain Reflective access to your classes would be if you willingly opened them, with the 获得对您的课程的反思访问的唯一方法是,如果您愿意通过以下方式打开它们:
opens your.package
directive. 指示。 So basically, you're covered also on the
Reflection
aspect. 因此,基本上,您还将了解
Reflection
方面的内容。
And the opens
directive exposes to Reflection
only public definitions. opens
指令仅向Reflection
公开公共定义。
If you want to control Reflective access to your classes in a non-modular/pre- JDK9
environment, SecurityManager might be what you're looking for. 如果要在非模块化/
JDK9
环境中控制对类的反射访问,则可能需要SecurityManager 。 However this requires access to the JVM configuration. 但是,这需要访问JVM配置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.