Extending java.base module

Volker Simonis volker.simonis at gmail.com
Wed Feb 15 16:20:16 UTC 2017

On Wed, Feb 15, 2017 at 5:16 PM, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> On 15/02/2017 16:01, Daniel Fuchs wrote:
>> In that specific case it's not java.base that depends
>> on java.security.jgss, but the application itself.
>> So I would expect the application code to either require
>> java.security.jgss, or some higher level module for that
>> itself requires java.security.jgss, or jlink to be run with
>> command line options that explicitly add java.security.jgss
>> to the image.
> java.security.jgss exports an API so it will be resolved by default when the
> initial class is loaded from the class path. In addition, it provides a
> SecurityProvider implementation and so will be resolved because java.base
> `uses java.security.Provider`. For the jlink case then you are right, it
> needs someone to know that the application might need to do SPNEGO
> authentication.
> In any case, it's an example of how not to do things, and hopefully it will
> be cleaned up at some point.

Daniel, Alan, thanks for the clarification. I didn't wanted to blame
anybody - just looking for good arguments to prevent such code in our
version of the JDK :)

> -Alan

More information about the jigsaw-dev mailing list