Overview
This section
| Excerpt |
|---|
provides general developer tips and recommendations for OSGi bundle development |
...
Provided by Pierre Parrend (http://www.slideshare.net/kaihackbarth/security-in-osgi-applications-robust-osgi-platforms-secure-bundles)
- Bundles should
- Never use synchronized statements that rely on third party code. Keep in mind multi-threaded code when using synchronized statements in general as they can lead to performance issues.
- Only have dependencies on bundles that are trusted.
- Shared Code
- Provide only final static non-mutable fields.
- Set security manager calls during creation in all required places at the beginning of methods.
- All Constructors
- clone() method if a class implements Cloneable
- readObject(ObjectInputStream) if the class implements Serializable
- Have security check in final methods only.
- Shared Objects (OSGi services)
- Only have basic types and serializable final types as parameters.
- Perform copy and validation (e.g. null checks) of parameters prior to using them.
- Do not use Exception objects that carry any configuration information.