Re: Reflection API in EJB

Mon, 23 Oct 2000 13:13:39 -0700 

If any one can access the public methods of an EJB using
reflection, then what happens to the security mechanisms provided
by EJB?

What do you mean by invoking 'the public methods of a bean?'.

Is there a way that a client can use the remote interface, query
its methods using reflection and invoke a public method?  What
happens if this public method is protected by EJBs security
mechanisms and this specific client is not allowed to access this
method because the client is not in the expected role?

- anand

----- Original Message -----
From: "Francis Pouatcha" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 14, 2000 1:40 AM
Subject: Re: Reflection API in EJB


> Hi,
>
> Rong Sang wrote:
> >
> > Could someone please explain the following restriction
> > in EJB programming?
> >
> > "Using the Reflection API to query classes that are
> > not otherwise accessible to the EJB component due to
> > Java's security rules."
> >
> > Does this mean we should totally abandon Reflection in
> > both EJB classes and any helper classes?
> you can still use reflection. You are free to use it to
dynamicaly
> invoke bean's public methods.
>
> /Francis
> --
> [EMAIL PROTECTED]
>
> MATHEMA Software GmbH
> N�gelsbachstra�e 25 b
> 91052 E r l a n g e n
> D e u t s c h l a n d
> Tel +49(0)9131/8903-0
> Fax +49(0)9131/8903-55
> http://www.mathema.de
>
>
==================================================================
=========
> To unsubscribe, send email to [EMAIL PROTECTED] and include
in the body
> of the message "signoff EJB-INTEREST".  For general help, send
email to
> [EMAIL PROTECTED] and include in the body of the message
"help".
>
>
==================================================================
=========
> To unsubscribe, send email to [EMAIL PROTECTED] and include
in the body
> of the message "signoff EJB-INTEREST".  For general help, send
email to
> [EMAIL PROTECTED] and include in the body of the message
"help".
>
>

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

Reply via email to