[RIVER-436] Codebase annotations should be objects implementing a known interface instead of Strings - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: net_jini_core, net_jini_io, net_jini_security
Labels:
None

Description

Right now codebase annotations are Strings containing a space separated list of URLs . This has several drawbacks:
1. Code downloading is not dynamically extensible. All the parties in the network have to apriori agree on a set of URL handlers. Introduction of a new provisioning mechanism - for example based on Maven - requires at least reconfiguration of all participants
2. There is no way of verifying downloaded code before it is actually executed. Right now a TrustVerifier is obtained and used only after a service proxy was deserialized which enables untrusted code to execute during deserialization (see also RIVER-362).

The idea is to make code downloading extensible. Codebase annotations should be objects implementing a well known interface encapsulating the way how code is downloaded.
Prior to execution codebase annotations would be verified for trust.
That way:
1. Clients are decoupled from the mechanism used to download service proxy code
2. No code is executed before verifying the codebase for trust.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

codebase.patch
14/Mar/14 16:05
162 kB
Michal Kleczek

Activity

People

Assignee:: Unassigned

Reporter:: Michal Kleczek

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 27/Feb/14 05:12

Updated:: 14/Mar/14 16:05