And Extensible Architectures: On Plug-Ins
And Extensible Architectures: On Plug-Ins
On Plug-ins
running plug-ins, with no inherent end-user functional-
ity. Without a directive hosting application, what is left
is a universe of federated plug-ins, all playing by the rules
FIG 1
when needed.
In the new pure plug-in
architectures, everything is
a plug-in. The role of the
FIG 2
a user’s machine, plug-in-
based applications may
have a higher degree of
freedom for installation
CHALLENGING ISSUES
On Plug-ins
Pressured by time, budgets, or slick marketing claims,
you may be tempted to adopt a pure plug-in architecture
without being aware of its potential pitfalls. Alternatively,
and Extensible Architectures you might truly believe in Murphy’s law and therefore
won’t use plug-ins because they’re doomed to fail, any-
way. I tend to follow those who walk the middle road: if
layout and plug-in discovery. This flexibility can also be something can fail, then it first should be understood and
a source of major headaches for installers and plug-in then fixed. The rest of the article presents issues that are
management. likely to pose some challenges when you employ plug-ins,
Consider a multiuser shared installation where the and that will help you ask questions or provide answers
entire product is installed by the central administrator when evaluating a plug-in architecture.
on behalf of a community of users. The individual users Installing and updating. Many modern products auto-
do not need to perform any installation. They are simply matically detect when they are out of date with respect
given a local “shortcut” to invoke the shared installation to available service or product version. Either on start-up,
(the shortcut can be in the form of a command-line invo- or as a result of an explicit update action, the products
cation or a true desktop shortcut encapsulating the com- compare the current installation level against some
mand-line invocation). If you’re like most users, you will network-based baseline. The product then automatically
want to install some other cool new features, especially downloads required fixes or upgrades and applies them,
when the third-party plug-in offerings are plentiful (and often as part of the product execution. Additionally, users
often free). Obviously, the new plug-ins, private to that can, and most often will, install additional plug-ins from
user, cannot be installed in the read-only, shared install various sources to extend the functionality provided by
location, so the product should allow users to install and their current application.
configure extra plug-ins in a location where they have For plug-in-based applications, the installation and
more privileges. update process can be a real nightmare: on the one hand,
Configuring only a subset of plug-ins for a particular there are the traditional installation issues that arise in
user based on access criteria, such as user roles, adds more any application—ability to roll back changes, migrate
challenges. Other configuration issues arise in scenarios existing program data and preferences, or ensure the
where a common set of plug-ins is shared by many appli- installation is not corrupted. On the other hand, because
cations running on the same machine, or where some plug-ins may originate from various providers that are
plug-ins are not installed locally but run from a remote not related to each other, the resulting configuration has
location (e.g., an application server provider). likely never been tested. This poses a number of interest-
In theory, the platform must find the available plug- ing challenges that we address in the context of the other
ins on its own and gracefully cope with missing plug- issues discussed in the next sections.
ins or those that are dynamically coming and going. Security. Systems can never be too secure, and you
In practice, many solutions for these problems involve need to pay particular attention to securing a sys-
predefined files and directory locations for key configura- tem based on plug-ins. Since arbitrary plug-ins can be
tion files or for the plug-ins themselves. More advanced installed—for example, by downloading them from the
plug-in systems offer pluggable configuration and plug-in Web—and are allowed unlimited access to the system
discovery mechanisms. Usually some basic bootstrap they plug into, security in a plug-in environment must be
code is run to start a configurator plug-in, which will then carefully planned. On top of this, some plug-ins require
discover the other plug-ins based on its own strategy. For support for executing custom install code during instal-
example, Eclipse provides an Update Manager configura- lation, so they can have control over some parts of their
tor plug-in that picks up plug-ins from the eclipse/plugins installation. To prevent software security accidents or
folder, as well as from other local plug-in folders linked failures, the plug-in framework must address the issues of
from the eclipse/links folder or dynamically added when downloading from third parties and controlling a plug-
users install new plug-ins to locations of their choice. in’s access to other code and data. Supporting digitally
Because the configurator is pluggable, anyone can plug in signed plug-ins or secure connections helps, but it still
another configurator, which can provision and configure relies on trusting the download source or the plug-in
the plug-ins from a remote server. provider. Some programming environments, such as Java,
On Plug-ins
General discussion about plug-in architecture and design
issues may not mean much for you or your company’s
bottom line unless you’re a participant or plan to be