Invariant Properties

  • rss
  • Home

The difference between APIs and SPIs

Bear Giles | May 19, 2018

At work we implement a number of filesystems via the java.nio.file.spi.FileSystemProvider SPI. This allows us to use URLs in our code and adding support for a new filesystem requires nothing more than implementing a dozen or so classes in an abstraction layer. Our application code doesn’t need to change beyond, perhaps, adding a entry in a pulldown menu or an account class that captures a new type of authentication information. (Examples of the latter are AWS credentials, or Kerberos principal and keytab file).

The java.nio SPI is stable so it’s literally a case where we can write it once, test it well, and then forget about it. We can eventually remove from our primary source tree and use like any other library. We aren’t quite there yet since some servers don’t fully implement their RFC standard and we have to find workarounds. (I’m looking at you, Windows FTP server.) But soon….

A recent issue highlighted that some developers didn’t understand the key difference between an API and a SPI:

An API (Application Programming Interface) is a contract from the library to the developer. The developer can use as much or as little of the API as they wish.

A SPI (Service Provider Interface) is a contract from the developer to the library. The developer must fully implement the SPI according to the specification. Ideally the test coverage is based on a reference implementation, e.g., I wrote my hdfs:// tests by writing analogous file:/// tests and verifying the results matched instead of basing them solely on my understanding of the SPI javadoc. There were some significant differences.

There are two caveats to the requirement that a developer fully implement the SPI. First, many SPIs specify that some methods can throw UnimplementedMethodException. These methods are optional and the developer can safely throw that exception if they don’t want to implement the method for some reason. Second, if the developer knows, with absolute certainty, which SPI methods will never be called then they can throw an exception if these methods are called. This is extremely risky though since methods you don’t need today have a tendency to become critical a few years later. On the one hand we want to make the most efficient use of our time and it’s wasteful to implement something we’ll never need. On the other hand if we do need that functionality later it’s far more efficient to implement everything at once while all of the nuances are fresh in our minds. It can be costly to refamiliarize yourself with the servers and code later.

In our particular case having a full implementation wouldn’t have solved the immediate problem. However the discussion brought up the difference between APIs and SPIs and I decided that this is a common enough confusion to be worth discussing.

Categories
Uncategorized
Comments rss
Comments rss
Trackback
Trackback

« Hadoop: User Impersonation with Kerberos Authentication Better Ad Blocking Through Pi-Hole and Local Caching »

Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

Archives

  • May 2020 (1)
  • March 2019 (1)
  • August 2018 (1)
  • May 2018 (1)
  • February 2018 (1)
  • November 2017 (4)
  • January 2017 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (2)
  • March 2016 (1)
  • February 2016 (3)
  • January 2016 (6)
  • December 2015 (2)
  • November 2015 (3)
  • October 2015 (2)
  • August 2015 (4)
  • July 2015 (2)
  • June 2015 (2)
  • January 2015 (1)
  • December 2014 (6)
  • October 2014 (1)
  • September 2014 (2)
  • August 2014 (1)
  • July 2014 (1)
  • June 2014 (2)
  • May 2014 (2)
  • April 2014 (1)
  • March 2014 (1)
  • February 2014 (3)
  • January 2014 (6)
  • December 2013 (13)
  • November 2013 (6)
  • October 2013 (3)
  • September 2013 (2)
  • August 2013 (5)
  • June 2013 (1)
  • May 2013 (2)
  • March 2013 (1)
  • November 2012 (1)
  • October 2012 (3)
  • September 2012 (2)
  • May 2012 (6)
  • January 2012 (2)
  • December 2011 (12)
  • July 2011 (1)
  • June 2011 (2)
  • May 2011 (5)
  • April 2011 (6)
  • March 2011 (4)
  • February 2011 (3)
  • October 2010 (6)
  • September 2010 (8)

Recent Posts

  • 8-bit Breadboard Computer: Good Encapsulation!
  • Where are all the posts?
  • Better Ad Blocking Through Pi-Hole and Local Caching
  • The difference between APIs and SPIs
  • Hadoop: User Impersonation with Kerberos Authentication

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Pages

  • About Me
  • Notebook: Common XML Tasks
  • Notebook: Database/Webapp Security
  • Notebook: Development Tips

Syndication

Java Code Geeks

Know Your Rights

Support Bloggers' Rights
Demand Your dotRIGHTS

Security

  • Dark Reading
  • Krebs On Security Krebs On Security
  • Naked Security Naked Security
  • Schneier on Security Schneier on Security
  • TaoSecurity TaoSecurity

Politics

  • ACLU ACLU
  • EFF EFF

News

  • Ars technica Ars technica
  • Kevin Drum at Mother Jones Kevin Drum at Mother Jones
  • Raw Story Raw Story
  • Tech Dirt Tech Dirt
  • Vice Vice

Spam Blocked

53,313 spam blocked by Akismet
rss Comments rss valid xhtml 1.1 design by jide powered by Wordpress get firefox