Now's a great time to standardise a common subset we can all use, this is a good conversation.
We're all solving similar issues, we could have something really great if we can work together. I created com.sun.jini.start.Starter out of necessity to fix unsafe publication, however this could take another form. I've fixed the dynamic IP adressing issue in qa-refactor, see inline further below. Also, it might be worth investigating org.apache.river.api.io.Distributed, this allows a non Serializable object to be stored in MarshalledInstance and created on demand, using any constructor, static factory method or builder object. This object is created in an unpriviliged context, otherwise an attacker could create a Classloader etc. It's so simple, yet so powerful, it's scary. It's up to the implementor to do something in a privileged context, including getting a login context. Because a Distributed object doesn't need to implement Serializable and because it can be recreated on demand just by calling MarshalledInstance.get(), it allows an implementation to avoid having a serial form, the implementation is then free to change, even to a completely different class. At present it's intended to be immutable, but that could be relaxed to include a thread safe service. This would allow any service to have it and it's current persisted state stored in a MarshalledInstance for fail over replication to other nodes, to be restored simply by calling get(). Upgrades could be performed simply by persisting and restarting. More inline below. ----- Original message ----- > (New subject for an interesting point) > > Good point, Dennis... > > On Mon, 2013-05-27 at 13:30, Dennis Reedy wrote: > > On May 27, 2013, at 103PM, Greg Trasuk wrote: > > > > > Sure, no problem. One big thing to consider wrt container IoC, is that > > the lifecycle of a River service is different then an EJB. With River, > > a service can join and leave the network (advertised and > > unadvertised). Making sure that you consider that has been important > > in my experience. This when tied with how a service deals with other > > services (what I call associations > > http://www.rio-project.org/associations.html), can change the > > lifecycle of a service. So food for thought > > > > I think you're on the right track in Rio, with injecting a dynamic proxy > for associations. Curiously, this approach is similar to the dynamic > proxies injected under JEE6 CDI for contextual objects. > > Truth is, I've always been hesitant about injecting service > dependencies, because it seems to me that resolving the services needs > to be a part of the logic of the service invocation, so that various > failures can be handled appropriately. > > Couple of scenarios: > > Context - We're talking about a service that depends on one or more > other services. When you call service A's 'doSomething()' method, it > needs to call methods on services B, C, etc. > > Scenario 1- You have a (not very efficient!) policy of looking up every > service dependency every time A.doSomething() is called. In this case > it might just be reasonable to throw an exception (ServiceNotAvailable > or something similar) and let the client deal with it. Straight > injection works in that case. Or you might want to save the data > locally and do some alternate handling. In that case, perhaps it might > be best to leave the unresolved service references null, so the > A.doSomething() code can handle it. > > Scenario 2- You have some service references cached. When you go to do > A.doSomething(), you find that service B has failed (of course, you find > this out by means of an IOException when calling service B). What to > do? In the past, I've handled this by dumping all the caches and > rediscovering the services. Which means that A.doSomething() has to > take some control of the dependency resolution, which doesn't fit with > dependency injection very well. In Harvester, I had a resolver object > (I could be wrong, but I think I saw something similar in Rio), so > A.doSomething() would execute the resolution before attempting to use > service dependencies. Then in case of failure, it could call fail() on > the resolver, which would dump the caches, and attempt resolution again, > then complete the calls. > > Another issue I've been pondering is how Jini interacts with dynamic IP > address assignments (i.e. network cards on DHCP). If the IP address of > a node changes, it's kind of catastrophic, since the IP addresses of any > services it exports are probably baked in to both the serialized > endpoints, and the codebase urls (assuming that we pessimistically > assumed that name-based resolution won't work - arguably the truth in > most networks). I've gone to great lengths to fix this in qa-refactor, however I've also provided a system property that reverts to the present behaviour: -Dnet.jini.loader.codebaseAnnotation=URL It seems like in that case, the services' states need > to roll back to before the endpoints were exported, then re-export and > re-publish to the registrar. > > > From a client point of view, a client would simply see that as a set of > services failing, and then go and rediscover the services. That's no > problem. But I wonder how to handle that on the service side. It's > almost easiest to just shutdown the services and restart. > > And what happens if a host has more than one IP address (multi-homed)? > Again, the services codebases will likely have the IP address baked-in. > So a client on one interface needs to use the serialized proxy that > corresponds to the correct interface. Here's a case where using Maven > artifact ids could help handle the codebase issue. I suspect the > multiple IP addresses could be handled at the JERI level. > > Anyway, lots of things to think about. > > Greg. > > > Regards > > > > Dennis > > > > >