Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add clarification about package.properties not providing automatic discovery #3929

Open
javier-godoy opened this issue Nov 19, 2024 · 4 comments
Open

Add clarification about package.properties not providing automatic discovery #3929

javier-godoy opened this issue Nov 19, 2024 · 4 comments
Labels
flow

Comments

@javier-godoy
Copy link
Contributor

From the description of JAR Packages Scanning it's not clear that "the package.properties feature is not about automatically discovering annotated classes in external JARs, but to improve Flow class scanning by allowing JARs to filter out their own unnecessary packages" (as mentioned by @mcollovati in https://vaadin.com/forum/t/any-simple-markdown-viewer/167646/17)

If you think this issue is important, add a 👍 reaction to help the community and maintainers prioritize this issue.
@mlopezFC
Copy link

From the docs:

The package.properties file effects only the target JAR content. It supports vaadin.allowed-packages and vaadin.blocked-packages properties in the same way as in the application.properties file. The vaadin.blocked-jar=true property is used to disable scanning of the JAR, entirely.

From that text I assume that "It supports vaadin.allowed-packages and vaadin.blocked-packages properties in the same way as in the application.properties file" meaning that if I add vaadin.allowed-packages with my package, it will automatically discover the add-ons on that jar when doing the scanning.
By the way, why is that the automatic discovery of add-ons is not supported? .. It could be implemented in such a way that if (for some reason) you have the add-on dependency but you don't want it to be scanned, you could disable those packages from the application.properties (of course it should have more relevance than package.properties from add-ons).

@mcollovati
Copy link
Contributor

IIRC also the settings in application.properties do not activate any discovery. They simply restrict the packages to scan, that by default is everything.
However, for security reasons, this settings take precedence over the ones defined in the jar files.

@javier-godoy
Copy link
Contributor Author

@mcollovati start.vaadin.com generates application.properties with vaadin.allowed-packages = com.vaadin,org.vaadin,com.example.application, which requires manual configuration in case one uses third-party add-ons with a package other that org.vaadin.* (that's why it's important to clarify that even if an add-on includes package.properties, it will not be scanned unless it's also allowed)

@mcollovati
Copy link
Contributor

I wonder if it could be helpful if the vaadin-spring add on would print a warning message for the JAR rules that cannot be applied because of global allowed/blocked list.
Perhaps also Vaadin Copilot could propose changes to apply to application.properties.

@yuriy-fix yuriy-fix added the flow label Nov 21, 2024
@mshabarov mshabarov moved this to 🅿️Parking lot - under consideration in Vaadin Flow ongoing work (Vaadin 10+) Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
flow
Projects
Vaadin Flow ongoing work (Vaadin 10+)
Status: 🅿️Parking lot
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mcollovati @javier-godoy @mlopezFC @yuriy-fix