Resolving Library Conflicts with Class Whitelisting
Published on 12 Jul 2017
by Lenny PrimakMany applications, especially complex legacy ones that are packaged with a large number of libraries, may contain libraries that are also shipped with Payara Server (like Google Guava or Jackson for example). These types of conflicts can be very hard to track down and solve. Starting from the 171 release of Payara Server, there is now another solution in the toolbox which can help with resolving these dependency conflicts.
Applications can now include a whitelist, which will list the only classes that are allowed to be looked up from the Payara Server packaged applications, with certain exceptions.
This feature can be turned on with the <whitelist-package>
directive in the following deployment descriptor files:
glassfish-web.xml
glassfish-application.xml
If this directive is included, the whitelist feature is considered turned on. When this happens, only Java packages that are explicitly mentioned in the whitelist are loaded from Payara Server packaged libraries; otherwise, Payara Server will look at the libraries included on the deployed application and throw a ClassNotFoundException
if they are not present.
For example:
To use the version of Google Guava that is shipped with Payara Server, you can whitelist the
com.google
package, as shown:
<whitelist-package>com.google</whitelist-package>
This has an effect of whitelisting all packages that start with
com.google,
for example:
com.google.guava
com.google
com.google.collections.concurrent
etc.
All other classes are only allowed to load from the Application itself.
Certain classes are whitelisted automatically, meaning they will always be loaded from Payara Server's libraries, even if this feature is turned on. This is because these packages are required by Payara Server and therefore cannot be loaded from a deployed application:
- java
- javax
- com.sun
- org.glassfish
- org.apache.jasper
- fish.payara
- com.ibm.jbatch
- org.hibernate.validator
- org.jboss.weld
- com.ctc.wstx
Related Posts
Jakarta EE Media & Community Challenge - Winning Entries: Part 4
Published on 19 Dec 2024
by Chiara Civardi
2 Comments
The Jakarta EE Media and Community Challenge initiated by Payara celebrates the innovation and creativity that thrives within the Jakarta EE community. This global competition invited developers, technical writers and technology enthusiasts to ...
Jakarta EE Media & Community Challenge - Winning Entries: Part 3
Published on 25 Nov 2024
by Chiara Civardi
0 Comments
The Jakarta EE Media and Community Challenge initiated by Payara celebrates the innovation and creativity that thrives within the Jakarta EE community. Designed as a platform to inspire, educate and showcase collaboration, the competition ...