1

This question is now up for Bounty! First answer that solves this problem wins.

So I've recently discovered that bundles in OSGI are not 100% isolated from each other, especially when your bundles share a common bundle that has a singleton in it, which can result in two unrelated bundles overwritting the singleton. This issue has manifested itself with the CXF libraries. Let me give a detailed example of what is happening:

We have bundle A, B and the shared bundle CXF all in a FuseESB ServiceMix (An osgi platform). CXF's Bus class is a singleton and because of how OSGI has a single classloader per bundle it will share this singleton with every other bundle that uses CXF. So I seem to be unable to create different buses for bundle A and bundle B, which is important that I do because bundle A should be using SSL and bundle B should not be using SSL. This is even more frustrating given that bundle A and bundle B have nothing to do with each other at all other than that they must be deployed together on the same ServiceMix.

Now I've been at this problem for a while now (1-2 months) and I've read up a lot of different solutions. The problem however is that a lot of the solutions require me to have complete control over the source code and in this case I do not. Bundle A that I'm creating is using some proprietary third-party non-osgi library, called Xenara, which uses CXF. For business reasons beyond my control I MUST use this third-party library. Fortunately I do have access to the CXF spring bean file that this library uses.

My guess for solving this problem is that I need to some how make it so that bundle A can use its own personal instance of CXF or at least make it instantiate its CXF Bus that isn't shared with other bundles. Here are the methods I've tried or considered:

  1. I embedded CXF into bundle A but unfortunately the classloader kept fetching CXF from outside of bundle A instead of looking on the classpath. Never figured out how to force it to search for CXF in bundle A first before searching outside of bundle A.

  2. Suggestions were made to make bundle A into a service. I think there were some misunderstandings and people thought that the singleton was in A and not in CXF. Regardless I tried it and it didn't solve the problem. The CXF bus was still shared between bundle A and B.

  3. Override the classloading so that bundle A uses a different classloader for loading the CXF classes. I don't fully understand the logic for this but I'm sure it will be very tricky given that a spring bean is being used to create the CXF bus and http-conduit. See (4) below to get a better idea.

  4. In CXF there is a way to set the CXF bus and http-conduit for a given thread context. I really want to use this solution, but I can't figure out how to translate the CXF bean file into equivalent java code. The CXF spring bean file is provided below. Note I don't have access to the source code using this http-conduit, which is why I haven't used examples show in this link here at "Using Java Code" because I don't have access to the SOAPService, the wsdl, etc...

    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
    <property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
    <property name="searchSystemEnvironment" value="true" />
    <property name="ignoreUnresolvablePlaceholders" value="true" />
</bean>

<cxf:bus>
    <cxf:outInterceptors>           
        <bean class="com.xenara.messaging.security.IdentityAssertingOutInterceptor"
              scope="singleton" />
    </cxf:outInterceptors>

    <cxf:features>
        <wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing"/>
    </cxf:features>
</cxf:bus>

<http-conf:conduit name="*.http-conduit">
    <http-conf:client AllowChunking="false" Connection="Keep-Alive" />
    <http-conf:tlsClientParameters disableCNCheck="true" secureSocketProtocol="TLS">
        <sec:keyManagers keyPassword="${javax.net.ssl.keyStorePassword}">
            <sec:keyStore type="JKS" password="${javax.net.ssl.keyStorePassword}"
                                     file="${javax.net.ssl.keyStore}" />
        </sec:keyManagers>
        <sec:trustManagers>
            <sec:keyStore type="JKS" password="${javax.net.ssl.trustStorePassword}" file="${javax.net.ssl.trustStore}" />
        </sec:trustManagers>
        <sec:cipherSuitesFilter>
            <sec:include>SSL_RSA_WITH_3DES_EDE_CBC_SHA</sec:include>
            ...
        </sec:cipherSuitesFilter>
    </http-conf:tlsClientParameters>
</http-conf:conduit>
рüффп
  • 5,172
  • 34
  • 67
  • 113
Thirlan
  • 712
  • 1
  • 8
  • 26
  • Plenty of time was wasted on this problem and the end solution was to sadly run the program outside of our FuseESB ServiceMix environment and have it talk to the FuseESB Servicemix through ActiveMQ. – Thirlan Mar 27 '12 at 16:46

2 Answers2

2

This sounds like the basic premisse of OSGi to me: isolation is provided, but you can do a lot of what you can in regular OSGi; such as, modify static members of a class, and since you all share that class (A presumably exports it, B and C import it), others will notice.

In most situations, I would advise you to not use static class state, since it is bound to mess something up for other bundles.

In your situation, it seems to me that bundle A is a library that has no real use being shared in the framework. I would package the library inside both of the using bundles, if you need real isolation, and not worry about the overhead too much.

For the record: this situation has nothing to do with Servicemix, it's basic Java: if we're talking about the same class, and someone changes a static property, others will notice. If this situation confuses you, you could read up a bit about the class loading and sharing mechanisms in OSGi.

Angelo van der Sijpt
  • 3,611
  • 18
  • 24
  • I know how a java static works, I was just under the impression when first working with Servicemix that bundles were in their own contexts' and completely separate from other contexts. It was wishful thinking that the Servicemix framework was glueing everything together in a special way. – Thirlan Feb 15 '12 at 13:55
  • So I tried this out, but it was impossible. As soon as I embeded the jar it started to ask for all sorts of other packages. We use Maven to build and manage our OSGI bundles and embeding caused the Manifest file's imports to triple in size and it started to ask for all sorts of packages, from the bean shell package to junit... Another post has suggested turning it into a service. I will try that out when I have the time. – Thirlan Feb 16 '12 at 15:55
  • True, packaging 'huge libraries' is often tricky endeavor. There's another recent question about this, which might give you some help. http://stackoverflow.com/questions/9292642/problems-with-maven-built-osgi-including-dependencies/9292749#9292749 . An indeed making it into a service is another possibility, depending on the type of library. – Angelo van der Sijpt Feb 16 '12 at 17:51
  • I couldn't successfully isolate the bundles with OSGI services. The library in question that is giving me the headaches is CXF. The CXF bus is apparently a singleton and there a bunch of third-party bundles using CXF that I'm using that are overwriting the buses. This is development hell... – Thirlan Feb 27 '12 at 23:22
2

The problem you are facing is fairly essential and basic. You have a static state in a supporting library CXF, while you still want shared instances of the libraries using CXF. You cannot modify the shared libraries (due to the sheer size), nor can you modify CXF (closed-source?). Let's call these shared libraries Foo and Bar.

Suppose you have the following classes:

CXF#1
Foo#1, using CXF#1
Bar#1, using CXF#1
WebApp#1, using Foo#1 and Bar#1

If I understand correctly, you now want another application to use the same instances of Foo and Bar, without using the same underlying library CXF#1. This amounts to the following situation.

CXF#2
CXF#1
Foo#1, using CXF#1 when called by App#1, using CXF#2 when called by App#2
Bar#1, using CXF#1 when called by App#1, using CXF#2 when called by App#2
WebApp#1, using Foo#1 and Bar#1
WebApp#2, using Foo#1 and Bar#1

This is just not possible; not in OSGi and not in any Java framework. An existing class cannot dynamically bind to another class, making the choice based on the calling Bundle. The only way to do this without modifying the libraries, is to duplicate the supporting libraries:

CXF#2
CXF#1
Foo#1, using CXF#1
Bar#1, using CXF#1
Foo#2, using CXF#2
Bar#2, using CXF#2
WebApp#1, using Foo#1 and Bar#1
WebApp#2, using Foo#2 and Bar#2

Indeed, this is a lot of effort and will explode the number of packages on disk and in memory. If the CXF package can only be used by a single application, the most logical solution is to duplicate the package and embed it everywhere you use it. Yes, this includes any and all libraries the package depends on.

A hacky/risky way to resolve this is as follows. You should be able to decompile the CXF class. This will allow you to modify the class as follows:

class CXF {
    [...]
    public static CXF getInstance() {
        // based on the current Stack frame, determine which instance to return. Remember, the instance should be based on the WebApp bundle (while you still have shared libraries in between!)
    }
}

This is not foolproof. Suppose your WebApp starts a callback thread originating from library A. This thread calls CXF.getInstance() -> The getInstance() method has no way of determining which WebApp started the callback thread.

The correct solution is to modify all libraries not to use the Singleton pattern. You can probably hack your way around the problem by implementing a special classloader, but this opens a whole other can of worms.

-- EDIT -- After reading up on CXF, it seems very strange that CXF exposes a Singleton class. The thing is made for OSGi! You are probably better off asking the question on the CXF mailing list; they will know all of the special sugar and reasons for making a singleton instance, and probably already thought about this usecase.

parasietje
  • 1,529
  • 8
  • 36
  • I'll give you the bounty for being the ONLY person who responded when the bounty was put up. To your EDIT, I've actually gone to the CXF forums and sadly the fixes involve modifying the source of Foo and Bar, which I can't do. Embedding the CXF library, as mentioned above, has been tried several times with plenty of issues. The pseudo-singleton, if you're curious is found here, http://cxf.apache.org/javadoc/latest/org/apache/cxf/BusFactory.html. If you program without thinking there will be a chance your bundle can/will modify the bus, and affecting other bundles written in the same way. – Thirlan Mar 27 '12 at 16:42
  • Extremely annoying! Good luck with convincing the original developers their code should not use the class in question... CXF should not advertise such a static class either, or at least make it bundle-specific / an OSGi service! – parasietje Mar 28 '12 at 07:06