Object based annotations allow creating ClassLoaders - it is not only a
way to download code but to:
1. Make sure only trusted code is executed
2. Resolve any dependencies and create the whole ClassLoader structure
when deserializing objects
So URL handler is not enough - alternative
quot;
Sent: 02/02/2017 06:29:55 am
To: dev@river.apache.org
Subject: Re: object based annotations
I have actually given up on the idea of object annotations encoded as
Strings (in whatever form).
Simply speaking it does not make any sense really:
- it would complicate the solution because of
software needs upgrade
anyway because of security and concurrency fixes.
Thanks,
Michal
Peter Firmstone wrote:
Mike, I recall the last time I looked at object based annotations, there was a
backward compatibility issue because both ends of the Marshal streams expect
string based annotations
Mike, I recall the last time I looked at object based annotations, there was a
backward compatibility issue because both ends of the Marshal streams expect
string based annotations as does RMIClassLoader.
However if you are still keen to investigate object based annotations there's
no r