IIUC, this is about "package-protected" methods and constructors vs. "public" ones.
Package-protected is in my opinion a bad/useless feature of Java, since it just makes it hard to (internally) reuse classes from other packages, while you can still circumvent the security given by it by simply putting a client class in the same package. The OSGi approach that basically hides certain packages completely from the outside but still lets you use them internally is IMHO the best solution so far. It lets you use public/private on those internal classes again to control fine-grained internal OO design, without having to do that for the outside as well. Security checks on behalf of the repository should be done by internal classes that are hidden from the user at runtime, eg. via OSGi's private package mechanism. Regards, Alex -- Alexander Klimetschek alexander.klimetsc...@day.com
