Exported resources

Stanley M. Ho Stanley.Ho at sun.com
Wed May 30 15:12:38 PDT 2007

Hi Bryan,

A module can use the ResourceBundle API to retrieve resources from other
resource modules, but it can also use the ResourceBundle API to retrieve
resources from the (target) module itself. In the latter case, the
resources are currently not required to be exported from the target module.

I don't think we want to force a module to export its own private
resources simply because it wants to use the ResourceBundle API in this
case, would you agree?

Regarding there are differences in the access models between classes and
resources, I also prefer symmetry if possible. However, the access model
for classes and resources have always been different, and there are
built-in JVM support for classes while there is none for resources, so
it is unclear if we can completely eliminate this asymmetry after all.

- Stanley

Bryan Atsatt wrote:
> I've been assuming that Module private resources should not be visible
> to *any* class outside of the module. Including ResourceBundle, or any
> other existing framework classes that do resource lookups (e.g.
> ServiceLoader, JSF, etc). If resources need to be visible to these
> existing classes, they must be exported. The very simple check I
> proposed (immediate caller) is sufficient to make this assertion.
> I believe your point is that if we used the permission model instead, it
> would become possible for a module to invoke an external class (e.g.
> ResourceBundle.getBundle()) and enable *it* to successfully load a
> private resource from the module.
> Aside from the permission *grant* mechanism this model would rely on, it
> is an entirely different model than that used for classes! (Though we
> haven't explicitly defined this in 294, it seems extremely unlikely that
> we will rely on permissions--none of the other access modes do so.) Such
> asymmetry is very disconcerting to me, and, I believe, just plain wrong...
> Consider that you could grant the ServiceLoader, for example, access to
> a resource that names a class that it could not instantiate. That class
> would have to be exported. I believe the resource should be as well.
> // Bryan

More information about the jsr277-eg-observer mailing list