Richard Monson-Haefel wrote:
> With the new code restrictions in EJB 1.1, its it legal to use the
> following methods in a bean?
>
> Class.forName(String str); // dynamically load a class
> System.getProperty(String str);// get a system property
> Class.getMethods( );// use reflection to list public methods on a class
>
> I'm not sure about the first two, but the Class.getMethods( ) does not
> under go a security check in the java.lang.SecurityManager if its
> executed on a class with a default package (no-package) name. This seems
> to imply that its legal if the target class has no package.
>
Before allowing access to any member of a class (getMethods, getFields(), ...),
the Java runtime may first call the checkMemberAccess(...), that in turn calls
the checkPackageAccess(..) -if the class belongs to a package. So, although a
class is in the default package(no-package), you can't access it members if you
don't have the required rights (or visibility).
Francis.
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
