5.8 Restricting Deferred Capabilities

In order to make the use of deferred event object more secure, only the original source of the deferred event object should normally be able to issue callbacks. This may be enforced by calling the makeRestricted method on the deferred event object, which returns a restricted capability reference. Any attempt to call the callback or errback methods on a restricted capability reference will then result in a RestrictedCapabilityException being thrown. This is demonstrated by the simple long running task given in Listing 5.4.

Since the restricted and full capability deferred references are distinct objects, it is not safe to use the object identity test (==) to check equivalence between them. However, the Object.equals and Object.hashCode methods are fully implemented - so that different references to the same deferred event objects are considered to be equivalent for all other comparison tests. Note that the deferred event handle passed back to deferrable callback handlers as the first parameter in the onCallback and onErrback methods will always be a restricted capability reference.