OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Distributed versus local processing

[ Lists Home | Date Index | Thread Index ]

Alaric B. Snell wrote,
> On Thursday 31 October 2002 16:32, Paul Prescod wrote:
> > Alaric B. Snell wrote,
> > > Remote o = Naming.lookup (<registry name>);
> > > Method m = o.getClass ().getMethod (<method>,new Object[0]);
> > > Object result = m.invoke (o, new Object[0]);
> > >
> > > System.out.println (result.toString ());
> >
> > This makes no logical sense. In order to get the data for a stock
> > quote I have to download an appropriate class, find a static
> > method, invoke a method coerce the result to string and return it?
> Not done much Java? Ok. What it says is:
> 1) Get a "connection" to the object given the name. Call the result'o'
> 2) Find the zero-param method with the given name on that object
> 3) Call the method (giving it an empty list of arguments)
> 4) Ask the result to display itself

I think Paul is probably boggling at the hoops you're jumping through 
merely to get a string result when you could just as easily have gotten 
the string directly from the remote service via a much less heavyweight 

There are times and places for extruding remote behaviour into a local 
execution context, but your toy example hardly gives a compelling 
example of one.

> > > That tool can be compiled up and then used to call any zero
> > > argument getter method anywhere. If you want to get into ones
> > > with arguments then there's a UI issue of setting up arbitrary
> > > Java objects for parameters, but it's still doable. You should
> > > really call result.toString () in a sandbox, too, since it'd be
> > > arbitrary code, but I'm leaving that out for the sake of ease.
> >
> > You think people should trust the Java sandbox with the execution
> > of their most crucial business processes?

I can't resist the temptation to plug the forthcoming Java Application 
Isolation API which (modulo flawed implementations) will make the local 
execution of untrusted remote code in the way Alaric's suggesting a 
much less risky proposition than it is now,


It's in community review at the moment, and should be in public review 
in a couple of weeks. Hopefully you'll see it in the next rev of J2SE 
and a subset in J2ME.




News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS