Dependencies and Class Loading

Java class loaders have parents to which they delegate. For purposes of Jenkins, what matters most is that “Jenkins core” delegates to the Java Platform, and Jenkins plugins all delegate to Jenkins core.

Plugins may also delegate to one another. In the above example, C declares dependencies on A and B. In its c.jpi!/META-INF/MANIFEST.MF this would look something like:

Thus C can directly refer to classes defined in either A or B, as well as to Jenkins and the Java Platform:

Each (enabled) plugin gets its own ClassLoader. It is possible for two distinct plugins to define a class of the same name, so long as neither depends on the other.

There is also a single special UberClassLoader which delegates to all enabled plugins. This never loads any additional resources but it can be used to look up any plugin class or resource.

When you initiate loading of a class

you are asking a particular ClassLoader (here, C’s) to look up a class by name. (Normally this will start by asking all of its parents to find that class, and only look in c.jpi!/WEB-INF/lib/*.jar as a last resort.)

What happens if Alpha.class refers to various other classes, for example by using them in import statements? Java considers the defining loader of Alpha.class (A’s), and only asks that class loader. The fact that you started loading in C is irrelevant. This means that C cannot provide some class A might need to link against. A needs to be able to “see” any such class on its own. Otherwise you will get a NoClassDefFoundError at runtime.

Java defines a Thread.getContextClassLoader(). Jenkins does not use this much; it will normally be set by the servlet container to the Jenkins core loader.

Some Java libraries have a fundamental design flaw, originating in premodular systems with a “flat classpath”, whereby they expect classes defined by clients of the library to be available by name without any qualification:

This does not work properly in Jenkins because the library org.somelib might be defined in plugin A, while the user class is defined in plugin B depending on A. Class.forName(String) uses the calling class (LibClass) to determine the initiating ClassLoader; since plugin A cannot load classes from plugin B, this will result in a ClassNotFoundException.

Other libraries try to work around the issue as follows:

This also fails by default in Jenkins, since the contextClassLoader can see only Jenkins core (not even plugin A, much less B). Jenkins plugin code can work around the issue in some cases:

(When the particular class loader needed is unclear, UberClassLoader can be used as a fallback, though this is not as safe since lookups could be ambiguous in case two unrelated plugins both bundled the same library.)

Ultimately however it is a design flaw in the library if it fails to allow clients to directly specify a ClassLoader to use for lookups (or preregister Class instances for particular names). Consider patching the library or looking harder for appropriate APIs that already exist. As an example, java.io.ObjectInputStream (used for deserializing Java objects) by default uses a complicated algorithm to guess at a ClassLoader, but you can override resolveClass to remove the need for guessing (as hudson.remoting.ObjectInputStreamEx in fact does).

Jenkins plugins normally contain “Stapler views” like config.jelly as well as other resources in src/main/resources/. While you can explicitly load these from Java code:

normally such resources would be loaded on your behalf, for example by the convention of Jenkins looking for a view. In such cases the lookup passes through UberClassLoader, so your resource path (/org/jenkinsci/plugins/a/config.txt) had better be globally unique.

Messages.properties used for localization is a little different, since this is actually compiled to Messages.class during the build, and thus behaves like any other Java class referred to statically from your plugin code:

A “service locator” pattern is used throughout Jenkins for modularity and extensibility. For example, if a plugin (or core) defines an API

then another plugin may declare a dependency on that API

and add an extension:

Now any code able to link against someapi can use those implementations; most commonly this is done inside the same API plugin:

It is important to understand that while MyChecker needs to link against Checker, mandating that dependency, RunsChecks does not need to be able to link against MyChecker (or any of the other implementations). While the local variable c’s implementation class might be in the somethingelse plugin, it need only care about the declared type Checker.

Beware that Maven dependencies include all transitive dependencies. This can lead to unexpected results when bundling libraries. For example, the POM for com.yoyodyne.cloud:cloud-access-sdk might declare that it needs commons-net:commons-net:3.5. Your plugin will thus wind up bundling commons-net-3.5.jar as well. If you are not careful, WEB-INF/lib/ may fill up with megabytes of stuff which is not actually used.

In practice it is undesirable for Jenkins feature plugins to bundle assorted third-party libraries. Typically other plugins will need some of the same libraries, so multiple plugins will wind up bundling copies. Even if all of these copies happen to be the exact same version, “downstream” plugins can wind up getting linkage errors. And users will wind up downloading multiple copies of the same code, increasing product and $JENKINS_HOME/plugins/ sizes, update center load, HotSpot compiler delays, etc.

Another problem is that updating library versions becomes harder to centralize when they are bundled independently in multiple plugins. While having each plugin define an exact version of a library does reduce the risk of API compatibility errors, this is outweighed by the need to update a library with assurance when new security vulnerabilities (or other critical fixes) are announced.

To centralize library management, you can instead define a wrapper plugin, or find one someone else has already defined. This is a Jenkins plugin which contains no sources of its own and simply includes a dependency on some library. After being published on the update center, other “feature” plugins can declare plain plugin-to-plugin dependencies on it and thus use the library.

Occasionally it can make sense to include a few API classes in the wrapper plugin itself, where any Jenkins code using the library would reasonably need some boilerplate adapters to standard Jenkins facilities.

To mitigate the risk of library plugin updates with incompatible changes breaking plugin functionality, it is suggested to include the major version of the library in the wrapper plugin’s artifactId: for example, commons-lang3. (This assumes that the library follows something like Semantic Versioning.) Thus there could be multiple major releases loaded simultaneously. Of course this means that critical fixes must be issued as updates to all release lines, so only do this for supported versions of the library.

The default behavior of Java class loaders, and of Jenkins plugin class loaders as well, is to service loadClass requests first by asking the parent loader(s) for the class of that name, and only if that fails to check whether the class could be defined among JARs present in the initiating loader. This is generally sensible since it ensures that types mentioned in bytecode from different plugins are resolved at runtime to the same Class objects and thus allowing APIs to work using shared type signatures.

Sometimes, however, it is not wanted for the parent to be searched first. For example, Jenkins core currently bundles a plethora of third-party libraries and exposes all of their packages to plugins. For that matter, some plugins bundle third-party libraries that are then incidentally exposed to other plugins needing a dependency on APIs defined in the bundling plugins. If a plugin also needs some variant of the same library for its own use, it will surprisingly not be able to load it, because the parent class loader will find it first.

To avoid that behavior, it is possible to set a flag pluginFirstClassLoader in the plugin’s Maven POM. (This simply produces a JAR manifest entry that is interpreted by the Jenkins plugin system at runtime.) This flag instructs the plugin class loader to check its own JARs first for any mentioned class names. You must be very careful when using this mode, since any type normally defined in core (or an “upstream” plugin) which is mentioned in any part of the Java signature of a method you are calling must not be duplicated in your JARs, or linkage errors will result. Thus it is best reserved to libraries used purely by internal implementation.

A more limited flag is maskClasses, which blocks only selected classes or packages from the parent loader, rather than everything. You must manually verify that the masked classes are complete under the transitive closure of the Java linker: for example, masking one package but not another from a library bundled in core could make classes in the masked package unresolvable. There is a related flag globalMaskClasses which adjusts the behavior of every loaded plugin to essentially override a component of the Java Platform.

If you did not understand any part of this section, do not use these options. Even if you did, think twice.

Another approach to taming the complexity of library dependencies and class loading is loosely referred to as shading, exemplified by the Maven Shade plugin (though multiple techniques are possible). In this case, rather than trying to control where a given classLoader.loadClass("org.apache.commons.lang.StringUtils") call finds the defining loader, the idea is to bundle the entire library under a distinct package prefix, rewriting all static and reflective class (or resource) loads, both within the library and from code defined in the plugin doing the bundling. Thus your-plugin.hpi!/WEB-INF/lib/commons-lang-shaded.jar might contain entries like org/jenkinsci/plugins/yourplugin/commonslang/StringUtils.class; and plugin source code like

would result in bytecode in your-plugin.hpi!/WEB-INF/lib/classes.jar referring in its constant pool to the type org.jenkinsci.plugins.yourplugin.commonslang.StringUtils. Since that type name is unique in the whole Jenkins JVM, there is no risk of it being loaded from the wrong place; from the perspective of Jenkins, it is as if you copied and pasted the whole Commons Lang library into some sources in your plugin.

While this system does address the risk of linkage errors, it does nothing to reduce the profusion of library versions in Jenkins, as described in the section on library wrappers. In some cases, however, library wrappers themselves will use this same trick for official purposes, so that the wrapped library will be present under a package name indicating the major release version. Plugins using the wrapped library therefore would refer to the repackaged name: