[
https://issues.apache.org/jira/browse/MNG-7574?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus updated MNG-7574:
---------------------------------
Description:
Currently if a Maven plugin is loaded with {{<extensions>true</extensions}} all
classes of the underlying artifact are exposed through the Maven Core
Classloader
(https://github.com/apache/maven/blob/415eaf31de407efcbf61166afd8cf4e86cdafe11/maven-core/src/main/java/org/apache/maven/classrealm/DefaultClassRealmManager.java#L243
and
https://github.com/apache/maven/blob/415eaf31de407efcbf61166afd8cf4e86cdafe11/maven-core/src/main/java/org/apache/maven/classrealm/DefaultClassRealmManager.java#L345).
At least the Mojo classes should IMHO be excluded otherwise they are exposed
through both the plugin and core classloader for no reason (as the core
classloader as parent always takes precedence).
As {{extensions}} is accepting String values
(https://github.com/apache/maven/blob/daa8e1690226fc385db3d448ad962997afe3dba8/api/maven-api-model/src/main/mdo/maven.mdo#L2215)
one could accept the old values "true" (all) and "false" (nothing) next to
some allowed resource name prefixes (comma-separated).
was:
Currently if a Maven plugin is loaded with {{<extensions>true</extensions}} all
classes of the underlying artifact are exposed through the Maven Core
Classloader
(https://github.com/apache/maven/blob/415eaf31de407efcbf61166afd8cf4e86cdafe11/maven-core/src/main/java/org/apache/maven/classrealm/DefaultClassRealmManager.java#L243
and
https://github.com/apache/maven/blob/415eaf31de407efcbf61166afd8cf4e86cdafe11/maven-core/src/main/java/org/apache/maven/classrealm/DefaultClassRealmManager.java#L345).
At least the Mojo classes should IMHO be excluded otherwise they are exposed
through both the plugin and core classloader for no reason (as the core
classloader as parent always takes precedence).
> Never expose Mojo classes via Core Classloader
> ----------------------------------------------
>
> Key: MNG-7574
> URL: https://issues.apache.org/jira/browse/MNG-7574
> Project: Maven
> Issue Type: Improvement
> Components: Core
> Reporter: Konrad Windszus
> Priority: Major
>
> Currently if a Maven plugin is loaded with {{<extensions>true</extensions}}
> all classes of the underlying artifact are exposed through the Maven Core
> Classloader
> (https://github.com/apache/maven/blob/415eaf31de407efcbf61166afd8cf4e86cdafe11/maven-core/src/main/java/org/apache/maven/classrealm/DefaultClassRealmManager.java#L243
> and
> https://github.com/apache/maven/blob/415eaf31de407efcbf61166afd8cf4e86cdafe11/maven-core/src/main/java/org/apache/maven/classrealm/DefaultClassRealmManager.java#L345).
> At least the Mojo classes should IMHO be excluded otherwise they are exposed
> through both the plugin and core classloader for no reason (as the core
> classloader as parent always takes precedence).
> As {{extensions}} is accepting String values
> (https://github.com/apache/maven/blob/daa8e1690226fc385db3d448ad962997afe3dba8/api/maven-api-model/src/main/mdo/maven.mdo#L2215)
> one could accept the old values "true" (all) and "false" (nothing) next to
> some allowed resource name prefixes (comma-separated).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
