Carsten TBH - I wasn't sure.
We have always just rebundled the HTTP Jetty Jar and customized the manifest to make it usable. And it's pretty easy for us to continue with that. The http.jetty bundle seems to explicitly make these private packages. I guess in the strictest terms, that could be viewed as correct since it ensures no one codes to rely on a specific HTTP Service implementation and only relies on the publish OSGi api. But of course in practical terms that gets cumbersome. Anyhow, we're fine local here as-is, so it'smore of an observation in case it impacts others -R -----Original Message----- From: Carsten Ziegeler [mailto:[email protected]] Sent: 20 August 2018 16:34 To: Rob Walker <[email protected]>; [email protected] Subject: HTTP Jetty - org.eclipse.jetty.security.authentication marked as PrivatePackage Hi, I think this is a bug; if I remember correctly this package was not exported by the Eclipse jetty jar in some version, therefore we added it to the exclude list. But it seems to be exported by Eclipse jetty for some time now, but we forgot to update our exclude list :( Regards Carsten Rob Walker wrote > Wondering on the use of PrivatePackage for the > org.eclipse.jetty.security.authentication package. > > > > Admittedly, it is rather internal and a boundary case, but it's one > our implementation does make use of as part of wiring JAAS handling > into HTTP security authentication. > > > > We can get around it fairly easy by generating our own bundle with a > modified manifest. Just wondering on the rationale behind making this > specific package private? > > > > Cheers all > > > > ---- > > Rob Walker > > > > cid:[email protected] > > > > www.ascert.com > > [email protected] > > SA +27 21 300 2028 > > UK +44 20 7488 3470 ext 5119 > > > -- Carsten Ziegeler Adobe Research Switzerland [email protected]
