 |
OpenJDKIdeas page lists ideas about how to improve the OpenJDK in the scope of the next version (JDK7 say).
Table of content
Post here your ideas in the existing topic tree, or create new topics in the tree if not matching. Please group as much as possible ...
Implement JSR277 and provide reference standard extensions repository
JVM lib and jars to use JSR277
JVM itself (jar, natives & tools) should be integrated as Java modules (easy unified update scenarios, centralized update repositories, always up-to date applications, matching of version constraints ...).
New Target Platforms
PortableJre? (install once on USB and run anywhere)
A JavaRuntimeEnvironment?, that can be deployed to USB sticks... and if thought out... should even be able to run Java applications regardless of the hosts platform, i.e. install JRE once on your USB stick and take it with you to whatever host platform you are confronted with...
- Deployment of PortableJre?? Using Installer or simply Unpack and use provided config tools?
- Different setups or one masterpiece? A MultiPlatformPortableJre? with a platform independent launcher and portable^2 runtime vs. a Windows-only version and a Linux-only version and a OSX-only version and a Solaris-only version...
Improved security
Declarative security model
A declarative security model has to be setup so that "full permission" is no more an acceptable mode (in either application, applet or webstart). There is no reason a code should always be given full permission. When trusted certified code should be given only the required permission to run as expected. This means that each JAR/module has to list all the permission it requires to be run. This can be automated by deployment tool. Doing so, when requiring understricted right, the code will be given only the Permission they declare to use in the meta data file. This will enable us to create a permission audit system where a threat-o-meter can be computed for a given permission set required.
A default table of might be defined for most of the common known permission required. As en example, getting a resource thru URL from a website other than the source site is of low threat, but installing a native library not part of a module from a trusted repository is of highest risk ...
Seamless JASS client integration
Better integration with SecurityManager?
"Out of the box" JAAS default login modules with default behaviors matching system native behaviors. Two login modules are required :
- System login (authenticate and authorise agains the sytem or the domain controler) : kerberos and jgss will be have system specific defaults config set up. For instance to ask if current user with current credentials is having the permission to access "stuff" ressource for the current system security manager:
System.getSecurityManager().checkPermission("ressource:stuff");
- Remote login (AA machine with domain controler system For instance, it should be possible for a client application to : check if current logged-in user is have "XXX" right. Hence the followgin code could be possible for :
LoginContextSecurityManager loginSecurityManager = (LoginContextSecurityManager) System.getSecurityManager("spnego:http://server.example.com/whatever/protected/file");
loginSecurityManager.checkPermission("remotestuff"); // should popup up the login dialog if required
LoginContext loginContext = loginSecurityManager.getLoginContext();
LoginContext otherContext = loginSecurityManager.getLoginContext( new PasswordAuthentication("MyIdentier",password));
otherContext.login(); // login to server !
loginSecurityManager.checkPermission("ressource:com.exemple.StuffRequiringCredentials")); // Should be Ok !
otherContext.logout(); // logout from server !
loginSecurityManager.checkPermission("ressource:com.exemple.StuffRequiringCredentials)); // Should throw a SecurityException !
- Add basic credential class to help building generic LoginModule?. At this time, there is a GSSCredential but nothing like : PasswordCredential? or CertificateCredential?. FYI, such class exists in Glassfish, but as beeing specific, you can not assume the same class in other JAAS contexts !
Rich Client
Integrate SwingApplicationFramework? JSR296
Support first-class citizen top level components
In current OpenJDK Java top level components are supposed to be opaque and square.To boost JavaFX? and compete with other contenders we need to be able to make top level components of any required kind (non square and non opaque). Apparently Apple has already they CM code supporting non-opaque top level component. Let's get this for any platform !
Multiple Input Device support
Support of multi-input device opens lots of great developments like multi-touch UI, multi-user collaborative UI, ... Example of support can be found at http://www.cs.umd.edu/hcil/mid/
- Definition of multiple mouse cursors (1 per mouse) and focus cursors (1 per keyboard)
- GraphicsConfiguration? to list mouse and keyboards with respective capabilities and device IDs
- GraphicsConfiguration? to define InputGroups? for devices ( groups of device handling common elements, for instance : which mouse focuses which focus cursors )
- Create a default InputGroup? that includes all the devices (mouse, keyboards)
- KeyEvent? and MouseEvent? to send source device ID
- Support of multiple focus
- Registering events will be by default applied to default InputGroup? (where any input device is considered as valid source)
- Add to event registration possibility to select the source InputGroup? (only events comming from this group are send)
System log integration
Implements java.util.logger to system's defaults logging pipes (syslog on unixes and event log on windows) and set it up by default.
Improved JavaControlPanel
Improve the UI to a more modern one and add new features :
- selection of default Java VM (combo ?)
- selection of default Swing LnF? (combo ?)
- overriding of system defaults L12Ns? (country, lang, calendar, ....)
- enable set of default JVM properties (sharing memory, initial memory, text alias, use GDI, ...)
- manage list of module repository (see upcoming Java Module JSR) (delete downloaded module, check repositories for module update, force download of a given module)
- configure JASS config
- configure permissions
- configure logs (threashold level of log to be send, syslog name or windows event log name to send to)
Multimedia
Improve metadata image support
More metadata support should be done here into the ImageIO. EXIF and PTC microparsers should be added, see http://www.drewnoakes.com/code/exif/ and http://www.picturegrid.com/community/samples/imageio/ for examples. XMP support (EXIF node starting with "http://ns.adobe.com/xap/1.0/\0") should be inline inside image metadata DOM tree the XMP data as simple XML nodes. This would make metadata extraction smooth and simple.
Revive JMF
JMF is very important to multimedia Java, the issue is that it has not evolve/improve since "long time". It is time for JMF to be back in the JDK.
General
Validators
There should be a unified set of annotation to provide additional validation informations on data. Say maximum size, minimum size, regular expression (for string)... See an example at http://www.hibernate.org/hib_docs/annotations/reference/en/html/validator.html
This will benefit both presentation layers and persistence layers and ensure data consistencies across tiers.
Runtime persistent genericity
A class should be aware of its exact parametric type (and not only its "constraints"). Doing so dynamic code using using java.lang.reflect on any system already using collection framework can benefit of genericity for make some tasks more "generic". An exemple of usage is to automagically adapt data models returned from JPA into swing's models !
Raw IP socket support
Support of raw IP socket is a long time awaited features to bring key network applications to Java. Obviously, raw socket access will be protected by system Permission's (as a native compile app, would be so). By default, raw socket would not be allowed on a VM, you will have to to grant it. See http://www.savarese.org/software/rocksaw/ for a example of possible direct implementation or packet capture based implementation http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html or http://jpcap.sourceforge.net/
Code cleanup
Generify where possible
Make sure genericity is used everywhere in the JDK ! No it is not so yet  For instance,
Remove all java sun.* and sunw.* classes
All the sun.* and sunw.* classes should be removed and replaced by the correspoding class from the JDK. If such a class does not exists, evaluation should be done of the : integration opportunity of this class ("why do JDK need this, and JDK user would not ?) vs inline replacement of class usage by corresponding code. Non RI code (say Sun specific), should move to com.sun.* with help of SPIs.
Clarify where possible
Since JDK 1.0 lots of improvements has been done on the platform, so there might be new ways of doing the same thing that have benefits. Any changes at this step will have to be done carefully for compatibility impact reasons.
I18N? improvements
Lots of things to do here to make Java less north-america centric. ICU4J and CLDR might be good inspiration sources.
Extend URL/URI using SPI
At this time, adding new URL/URI handler is complex and require tricky setup. Moving extension to regular SPI introduced in JDK6 (see java.utilServiceLoader) looks like a win-win. Simple, more consistent.
-- Main.bjb - 13 Feb 2006
|