On Sun, 2007-01-21 at 13:46 -0500, Richard S. Hall wrote: > John E. Conlon wrote: > > Ran across a case where a project bundle was using a Bundle-Classpath > > entry with the /target/classes/ value in it's manifest even though it > > had no such path in the bundle. As expected Bnd flagged this as an > > error. > > > > Over at the spring-osgi maillist someone mentioned this practice as a > > way to get their bundle working in an equinox environment. Don't > > understand this statement really - Although I run eclipse I don't have > > much experience with Equinox. > > > > Is fudging the behavior of Bundle-Classpath in this manner okay or is > > this verboten? > > Yes, they are using this trick to get their bundles to work correctly as > PDE projects (they are working with maven that puts classes in > target/classes, but PDE doesn't expect them there, so they can add this > to the bundle class path to get PDE to look in the right place...or > something like that). > > The spec says that missing class path entries should be ignored, so this > is ok I guess, but it does make life difficult for BND. > I may not understand this... but doesn't the path refer to resources within the bundle/jar? If a bundle is created with a Bundle-Classpath pointing to /target/classes/ why would the Equinox runtime look for resources on the file system? Do other frameworks do this?
So if I create a production bundle and deploy it with such a Bundle- Classpath and one or more OSGi frameworks looks outside of the bundle for resources on the filesystem wouldn't this be a potential security issue? regards - John
