On 10/12/2010 6:08 AM, Sim IJskes - QCG wrote:
On 10/12/2010 12:33 PM, Michal Kleczek wrote:
Hmm... I think I would argue that annotation should have the codebase embedded
and only issue a remote call to verify this codebase - not to retrieve it.
How about we get rid of Module interface and require annotation to be
RmiModule (which is final)?
By re/encoding it as a String. So we can harden the MarshallInputStream to only
accept UTF-8 String with limited length.
Remember that, you can serialize to a byte stream, sign those bytes, UUEncode or
otherwise make it an ASCII/UTF-8 string.
Imagine then, that you put "rmimod:/" on the front of that string and return it
as the annotation.
For the client, you can create a protocol handler for rmimod, which takes the
"path" value, converts to binary, checks the signature, extracts the byte stream
and then returns that byte stream from the URLStreamHandler.
Gregg Wonderly
