Overview
This section provides general developer tips and recommendations for OSGi bundle development.
Dependency Injection Frameworks
It is highly recommended to use a dependency injection framework such as Blueprint, Spring-DM, or iPojo for non-advanced OSGi tasks. Dependency injection frameworks allow for more modularity in code, keep the code's business logic clean of OSGi implementation details, and take the complexity out of the dynamic nature of OSGi. In OSGi, services can be added and removed at any time, and dependency injection frameworks are better suited to handle these types of situations. Allowing the code to be clean of OSGi packages also makes code easier to reuse outside of OSGi. These frameworks provide code conveniences of service registration, service tracking, configuration property management, and other OSGi core principles.
Basic Security
Provided by Pierre Parrend (http://www.slideshare.net/kaihackbarth/security-in-osgi-applications-robust-osgi-platforms-secure-bundles)
- Bundles should
- Never use synchronized statements that rely on third party code. Keep in mind multi-threaded code when using synchronized statements in general as they can lead to performance issues.
- Only have dependencies on bundles that are trusted.
- Shared Code
- Provide only final static non-mutable fields.
- Set security manager calls during creation in all required places at the beginning of methods.
- All Constructors
- clone() method if a class implements Cloneable
- readObject(ObjectInputStream) if the class implements Serializable
- Have security check in final methods only.
- Shared Objects (OSGi services)
- Only have basic types and serializable final types as parameters.
- Perform copy and validation (e.g. null checks) of parameters prior to using them.
- Do not use Exception objects that carry any configuration information.