Java library which implements the Java object model for SPDX and provides useful helper functions.
| |
|
|
|
The Spdx-Java-Library allows for different implementations of SPDX object storage. The storage facility implements the org.spdx.storage.IModelStore interface. This is a low level Service Provider Interface (SPI). The ISerializableModelStore extends the IModelStore and supports serializing and de-serializing the store to an I/O Stream. This interface is currently used to implement JSON, XML, YAML, and RDF/XML formats. The default storage interface is an in-memory Map which should be sufficient for light weight usage of the library.
Most common use of the library would de-serialize an existing SPDX document using one of the supported formats and model stores. To create SPDX objects from scratch, simply create the Java objects found in the org.spdx.library.model package. The model follows the SPDX Object Model. The model objects themselves are stateless and do not store information. All information is retrieved from the model store when properties are access. Storage to the classes will store the updates through the use of the storage interface.
The methods enterCriticalSection and leaveCritialSection are available to support multi-threaded applications. These methods serialize access to the model store for the specific SPDX document used for the SPDX model object.
The library is available in Maven Central org.spdx:java-spdx-library.
If you are using Maven, you can add the following dependency in your POM file:
<dependency>
<groupId>org.spdx</groupId>
<artifactId>java-spdx-library</artifactId>
<version>(,1.0]</version>
</dependency>API JavaDocs are available here.
There are a couple of static classes that help common usage scenarios:
org.spdx.library.SPDXModelFactorysupports the creation of specific model objectsorg.spdx.library.model.license.LicenseInfoFactorysupports the parsing of SPDX license expressions, creation, and comparison of SPDX licenses
Spdx-Java-Library can be configured using either Java system properties or a Java properties file located in the runtime CLASSPATH at /resources/spdx-java-library.properties.
The library has these configuration options:
org.spdx.useJARLicenseInfoOnly- a boolean that controls whether the (potentially out of date) listed license information bundled inside the JAR is used (true), vs the library downloading the latest files from the SPDX website (false). Default is false (always download the latest files from the SPDX website).org.spdx.downloadCacheEnabled- a boolean that enables or disables the download cache. Defaults tofalse(the cache is disabled). The cache location is determined as per the XDG Base Directory Specification (i.e.${XDG_CACHE_HOME}/Spdx-Java-Libraryor${HOME}/.cache/Spdx-Java-Library).org.spdx.downloadCacheCheckIntervalSecs- a long that controls how often each cache entry is rechecked for staleness, in units of seconds. Defaults to 86,400 seconds (24 hours). Set to 0 (zero) to have each cache entry checked every time (note: this will result in a lot more network I/O and negatively impact performance, albeit there is still a substantial performance saving vs not using the cache at all).
Note that these configuration options can only be modified prior to first use of Spdx-Java-Library. Once the library is initialized, subsequent changes will have no effect.
To update Spdx-Java-Library, the following is a very brief checklist:
- Update the SpdxContants with any new or changed properties and classes
- Update the Java code representing the model
- Update the SpdxComparer/SpdxFileComparer in the org.spdx.compare package
- Update unit tests
Note: This library is mostly stable, but and contains some defects. Reviews, suggestions are welcome. Please enter an issue with any suggestions.