On Tuesday 26 of October 2010 15:27:17 Peter Firmstone wrote: > Hi Michal, > > Sorry for taking time to respond, I've been busy and am still digesting > the code. > > Michal Kleczek wrote: > > In my code there is a simple hack to force creating a different > > ClassLoader for each unique Module - before calling to a delegate > > RMIClassProviderSpi I set a TCCL to a new ClassLoader that is unique to > > the Module. (That is also the reason I had to provide a slightly > > modified version of BasicJeriTrustVerifier so that not the proxy > > ClassLoader but also its parent are verified) See AbstractRmiModule for > > details. > > > > Module uniqueness: two Modules are considered the same iff their equals > > returns true. > > > > In case of ProxyTrustModule (which is the most interesting) - two > > ProxyTrustModules are equal when their codebases are equal and their > > ProxyTrusts are equal. so for two different services - each providing its > > own ProxyTrust for Modules - we create two different ClassLoaders > > regardless of the codebases. (This is not based on Subject but on > > service proxy identity) Basing it on Subject would be a little tricky > > IMHO because actual service Principals are dependent on what the client > > requires. > > Ok I see your point, we should be using service proxy identity, not the > Subject. A server might use a number of subjects. Since not all proxy's > are services, would it be better to use the BasicObjectEndpoint identity. > > ProxyTrust, doesn't by default implement equals or hashcode, if the > client is handed a reference to a remote object, that is a smart proxy, > from another client, it could end up with two separate instances if > ProxyTrust uses the default Object equals implementation. > > So thinking about it a little more, perhaps we could use the Uuid of the > BasicObjectEndpoint?
Hmm... I've checked BasicInvoationHandler and it implements equals for its proxies by (among other stuff) comparing object endpoints. So in basic scenario (when ProxyTrust is a simple Jeri proxy) all is fine. For smart proxies I would simply require "sensible" implementation of equals. It is in the interest of a service to provide a client with the right Module identity - otherwise the service just won't work properly (but it will not affect client's security). Equals for me seems to be the easiest and general enough. I wouldn't want to base it on some internal stuff since that would preclude Modules that are not Jeri based etc... Michal
