Menu
▾
▴
RE: [Openjmx-devel] RMI adaptor and remote notifications
|
From: Bordet, S. <Sim...@co...> - 2002-01-30 14:04:54
|
Hi, > > If you serialize the filter it is uploaded to the agent, yes. > > My scenario is with the agent running in some server and the client > (Let's say a swing app) writes the filter above and adds a listener. > Then the listener will be serialized and sent to the agent.=20 Of course no ! If the listener is run in the server, how can the swing app be notified of events ? The listener is always remote (from server point of view), and runs in the client. > Are we talking about the same idea? > >=20 > > > How using for instance a web > > > server in the codebase? > >=20 > > Not following. > > Obviously you cannot just send a serialized object to the agent and > expect it to know how to deserialize it and execute.=20 > You have to also > download the class definition which may be available in a web=20 > server.=20 No, the server already has it. It will be a pain to force the clients to do all the above. I set up a better implementation, client needs to do nothing :) > If > you don't allow this then the code has to be introduced beforehand and > is therefore trusted. Maybe you could clarify this but I think this > scenario always calls for a security manager Not necessarly, see above. We serialize known and trusted classes, client code is transparent. The proxy pattern. > My point is that this problem is much broader than only the=20 > filter. You > could upload a MBean which does something similar Yes, the problem is broader. Once you add adaptors, you need the Agent run under security manager, since by design you can create MBeans from a client. I just wanted here to know the opinion on filters, but the security issue must be faced. Fortunately I know something about it :) Simon |
