On Monday 11 of October 2010 15:41:46 Peter Firmstone wrote:
> What about the case where a Module depends on another Module?
>
> I'm guessing that was the intent.
>
Actually - no :)
There are two different things to consider:
1. Module dependencies (which I actually did not think about too much).
and
2. The client gets a proxy and this proxy code causes downloading objects
annotated with a different Module than the proxy's Module (IOW downloading
subsequent Modules happens _after_ the proxy was deserialized, prepared and
granted permissions). We need a way to say:
"OK I've downloaded some code, an object, verified that I trust both the code
and this object - now I don't really care how it is implemented - I trust that
if it needs to download some more code - it already was verified)."
That is something that can be achieved with DelegatedModuleTrustVerifier - the
client can grant DownloadPermission to the proxy it just deserialized and
prepared. Note that it is not transitive - the client has to grant a
GrantPermission(new DownloadPermission()) to the proxy if it wants the
DownloadPermission to be transfered further.
All is good so far except that the proxy must postpone deserialization of
subsequent objects so that it happens after the client had a chance to grant
permissions to the proxy.
With my proposal nothing really changes in a way the client handles objects
that it receives - permissions are granted to the proxy in exactly the same
way as it is done in Jini 2.1.
So unfortunatelly if we have a proxy:
class MyProxy implements Serializable {
private JavaSpace space;
//
}
it would have to be changed to:
class MyProxy implements Serializable {
private MarshalledObject<JavaSpace> marshalledSpace;
}
if the service wants to make use of DownloadPermission that was possibly
granted to it by the client.
Sure - it would be cool if we could grant permissions earlier (as soon as a
Module is verified and the ClassLoader is created) but I just don't know how
the client would pass the permissions it wants to grant to a Module to the low
level deserialization code.
Michal
