He, > to fetch them using HTTP connection to appropriate client. Indeed, that doesn't sound that bad, but I will need to maintan a mapping between the moduleBaseUrl that I receive in the backend and the actual http url of the module location where I can find the policy file. And these mappings are different in development and production mode.
But, if you think about it, it will probably be the best option if you want to deal with policy files. The other little disadvantage would be the HTTP communication whereas the files are located on the same server. But, that doesn't take away the disadvantage of having all these duplicate entries in the policy files. What about implementing my own SerializationPolicy class and simple filter on, for example the package name, to indicate if an object is allowed to be serialized/deserialized.? -- http://groups.google.com/group/Google-Web-Toolkit-Contributors