On 05/19/2010 03:51 PM, Dennis Reedy wrote:
Just a thought I've been musing about lately...
Since a client (or service acting as a client to another service)
must have the interface of the associated service in it's classpath
(local and trusted), why cant the client express a dependency on that
associated service's -dl.jar file(s), download and provision them
from a trusted server (installing them locally) and use the
downloaded (checked and verified) jars to load the classes the proxy
of the associated requires?
Do you agree that this looks similar to downloading all jars (signed)
with webstart, and not using a codebase service at all?
For test/development client and server both use the same classpath. On
deployment i use separate client and server jars, client jars only
containing the classes it needs. The only problem is determining the set
of classes needed in the client.
It all runs under the security of the webstart security manager, i guess
thats something one might not like.
Gr. Sim
