commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig McClanahan <craig...@gmail.com>
Subject Re: [modeler] what is guard?
Date Fri, 03 Dec 2004 01:10:47 GMT
On Thu, 02 Dec 2004 18:19:17 -0600, Vic <vin@friendvu.com> wrote:
> getRegistry(x,y) is used to get a handle on registry.
> 
> What is the 2nd argument, guard?
> Javadoc:   guard - Prevent access to the registry by untrusted components
> 

The problem that "guard" solves is that any code in your entire
application could call:

    Registry registry = Registry.getRegistry();

and start invoking JMX operations.  If "your entire application" were
Tomcat, for example, it would be really bad to let a potentially
untrusted webapp do things like shut down the server for you.

The answer, then is to configure Registry with a particular object
instance as the "guard" object, and then require that this very same
instance be passed in to any call to getRegistry().  Within your
application, then, you must ensure that you pass the guard instance
around *only* to code that is trusted to make JMX calls inside your
server.

> I have no idea what that is. I just want a handle to registry, but it
> needs a "guard" argument of type Object?
> 
> How do I create a guard? null? new Object() :-)

It doesn't really matter what it is -- new Object() works as well as
anything.  The key issue is that only callers who have this object
instance available can call getRegistry().  Essentially, it is the
one-and-only key in the JVM to unlock the Registry.

> 
> help plz?
> 
> :-{
> 
> .V
> 
Craig


> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org


Mime
View raw message