Section 15.6.9 of the spec (Runtime security enforcement) discusses, among other things, the requirement that an EJB Container provide isolation between executing beans. The second bullet states that beans may only access each other through the bean remote and home interfaces. This is all well and good, but the question I have is about beans in the same ejb-jar file. For single JVM containers, implementing this isolation for beans deployed from the same ejb-jar would mean the container would have to do some variation of the following: 1. provide a snazzy custom classloader that could share the ejb-jar file among beans but provide the necessary isolation. 2. unpack the jar file separating the bean components into separate directories and then apply a per-bean classloader to each directory. Is this reasonable, or should the spec relax this restriction for beans deployed within the same ejb-jar? Another question remains about arbitrary supporting class files and other resource files which might be in the ejb-jar. Can the container know which beans in the ejb-jar file such classes apply to? If not, it wont be able to isolate them in the required way. =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
