On Thu, 6 Dec 2001 09:30, Berin Loritsch wrote: > A new issue: > > Components that will be "marketed", "sold", or otherwise be made available > for general consumption _without_ a supplied Container need to validate > that their lifecycle is called correctly. Such components cannot make the > assumption that the users of that Component have properly read the > documentation for Avalon, and need to fail fast if it is not called > correctly. Remember that Components can be Containers as well. Not > everyone gets it right the first time.
All components are built for a container. It makes no sense otherwise. > > Unix security permissions are not the most fine grained in the world. It > > is far easier to create a more secure environment as we can give fine > > grain access and control over resources or even make resources > > unreferencable by using code (except if they go JNI which a sandboxed > > environment would not allow). > > No they aren't, and neither are lifecycle assertions. No idea what you are referring to ;) > Assertions and FilePermissions both exist to keep you from shooting > yourself in the foot. File permissions aye ? > They _also_ provide immediate feedback if you just > messed up your container. This is why we should have unit tests to validate container behaviour. This catches problems before any component is ever deployed into the container. > Again, the most useful aspect of the ComponentValidator (IMO) is the > checkActive() function. ComponentValidator.checkActive() and it's cousin > ComponentValidator.isActive() are used to make sure that the Component is > not used _before_ it's container is finished initializing it or _after_ > it's container has disposed of it. Again - this is something that should be done in the container. Phoenixs proxys are not made accessible before the component is ready to accept requests and just before the component is about to be shutdown the proxy will be invalidated. Anyone calling a method after invalidation will get an IllegalStateException thrown that saids "you are using a service after it has shutdown - naughty, very naughty!" Again this way the component never has to worry about it and it is up to the conainer to validate and maintain correct lifecycle management and you aren't mixing concerns. > BTW, I have no false sense of security. Perhaps using something like that > will make you fall into such a trap--but it is a tool combined with tons of > other tools that help in the overall goal. Why am I reminded of the Princess Bride at this point? "You keep using the word ... " -- Cheers, Pete -------------------------------------------------- Where ignorance is bliss, 'tis folly to be wise. -------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
