Armond,
What a coincidence - I was just wondering almost the same question. I wondered
whether EJB/J2EE allows me to have a method on an EJB object that returns a
non-EJB object that implements java.rmi.Remote, which my EJB object
implementation would instantiate and return. I see in the J2EE 1.2 spec it says:
6.2.2.4 JavaIDL
JavaIDL allows applications to access any CORBA object, written in any
language, using the standard IIOP protocol. The J2EE security restrictions
typically prevent all application component types except application clients
from creating and exporting a CORBA object, but all J2EE application
component types can be clients of CORBA objects.
6.2.2.5 RMI-JRMP
JRMP is the Java technology-specific Remote Method Invocation (RMI) protocol.
The J2EE security restrictions typically prevent all application component
types
except application clients from creating and exporting an RMI object, but all
J2EE application component types can be clients of RMI objects.
None of that appears to restrict my EJB object from returning the non-EJB Remote
object, but apparently there are restrictions on creating and exporting such
objects. Does anyone know more details about such restrictions? The use of the
word "typically" in those spec sections seems ambiguous. The spec doesn't seem
to say who or what controls in which cases it is prevented and in which cases it
is allowed, but from your results it looks like the SocketPermission may be the
control?
Erik Voldal
Email: [EMAIL PROTECTED]
Phone: 507-253-4788
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
