我的模块化库的用户是否可以通过任何方式访问尚未导出的类?
[英]Is there any way that users of my modular library are able to access classes which have not been exported?
问题描述
I'm trying to get familiar with the module system introduced in Java 9, and I would like to know the best way to leverage it. 
我正在尝试熟悉Java 9中引入的模块系统,我想知道利用它的最佳方法。
For a library I'm writing, I would like to do the following (ignore the naming of the packages): 对于我正在编写的库,我想执行以下操作(忽略软件包的命名):
- Expose only interfaces, simple POJO classes, and factory classes via
com.myproject.api.通过com.myproject.api仅公开接口,简单的POJO类和工厂类。 Everything in this class can be used by the users.用户可以使用此类中的所有内容。 - Put the implementation of interfaces in
com.myproject.core.将接口的实现放入com.myproject.core。 Users should not be able to access anything in here.用户应该无法在此处访问任何内容。
My reasoning is that users do not need to get confused or overwhelmed by the implementation logic. 我的理由是,用户无需对实现逻辑感到困惑或不知所措。 Instead, they can just look at (hopefully) clean and well documentated interfaces. 取而代之的是,他们可以仅查看(希望)干净且记录良好的界面。
However, due to the way Java packages work, it can be difficult to restrict use of certain classes without making them all package private. 但是,由于Java程序包的工作方式,很难在不将所有程序包都私有的情况下限制某些类的使用。 But I don't like putting all the classes in one package, and would rather organize them into various packages. 但是我不喜欢将所有类都放在一个包中,而是希望将它们组织成各种包。
After reading about the module system, I believe I can do the following to achieve what I want. 在阅读了有关模块系统的知识之后,我相信我可以做以下事情来实现我想要的。 This is the module-info.java file: 这是module-info.java文件:
module com.myproject {
exports com.myproject.api;
}
From my understanding, the users of my library will be able to use everything defined in the com.myproject.api package (by using require com.mypojrect.api in their own module-info file). 据我了解,我的库用户将能够使用com.myproject.api包中定义的所有内容(通过在自己的module-info文件中使用require com.mypojrect.api )。
But is there any way that users will be able to access anything in the com.myproject.core package? 但是,用户是否可以通过任何方式访问com.myproject.core软件包中的任何内容? I have no problem with them looking at the code (via IDE or the source code itself), but I just don't want to end up supporting classes/methods/logic which I didn't want to expose. 我对他们(通过IDE或源代码本身)查看代码没有问题,但是我只是不想最终支持我不想公开的类/方法/逻辑。
I'm concerned that users who don't have a modularized application or users who put my library JAR on the classpath will somehow find a way to get access to the supposed restricted package. 我担心没有模块化应用程序的用户或将我的库JAR放在类路径中的用户将以某种方式找到一种方法来访问假定的受限软件包。
Please let me know if you need any other information. 如果您需要其他任何信息,请告诉我。
1 个解决方案
解决方案1
6 已采纳 2019-03-14 14:15:15
A pre- JDK9 user of your library cannot exist, as you're going to use the Java Platform Module System , which is post- JDK8 , and thus you're going to compile to a class version greater than 52 . 库的JDK9用户不存在,因为您将使用JDK8的Java平台模块系统 ,因此您将编译为大于52的类版本。
Said that, your users will be able to look at the source code (if shipped), and obviously they will be able to extract your .class files. 话虽如此,您的用户将能够查看源代码(如果已发货),并且显然他们将能够提取您的.class文件。
By definition 根据定义
a type in a module is not accessible to other modules unless it's a public type and you export its package.
The only way to gain Reflective access to your classes would be if you willingly opened them, with the 获得对您的课程的反思访问的唯一方法是,如果您愿意通过以下方式打开它们:
opens your.package
directive. 指示。 So basically, you're covered also on the Reflection aspect. 因此,基本上,您还将了解Reflection方面的内容。
And the opens directive exposes to Reflection only public definitions. opens指令仅向Reflection公开公共定义。
If you want to control Reflective access to your classes in a non-modular/pre- JDK9 environment, SecurityManager might be what you're looking for. 如果要在非模块化/ JDK9环境中控制对类的反射访问,则可能需要SecurityManager 。 However this requires access to the JVM configuration. 但是,这需要访问JVM配置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.