I put together a standalone "boot" application that is fed a configuration which
contains an array of jar URLs. It uses a derivative of my vhttp: protocol
handler, called chttp: that does true local caching of downloaded jars using
http: HEAD requests. It can run the application from local content if no remote
network connection is possible.
It uses pieces of com.sun.jini.start to load the application into a
PreferredClassLoader, and it activates a policy as well using a mechanism that
I've had around for some time, which just grants AllPermission to every jar that
is in a list. The local jar caching of vhttp: and chttp: combined with how the
permissions works, keeps unauthorized jars from ever being loaded, because the
local disk file can not be opened for writing to the cache due to how the policy
is constructed.
This kind of mechanism is very handy to have, because then you get web like
caching as well as automatic updates since everything is loaded from the server
as if it was service discovery followed by codebase download.
Additional jars, could, of course be downloaded as part of the list of an
annotation on a particular proxy. You'd just have to add those to the list of
"authorized" jars or else they would not have any permissions in the client JVM.
Gregg Wonderly
