After doing some more research, this is what I have discovered: The Class.getMethods() can be invoked on a non-packaged class with absolutely no security restrictions. In other words, if the target class is not part of a package and is therefor public, SecurityManager.checkMemberAccess( ) returns quietly (without exception) every time. The Class.forName(String name) is invoked without security restrictions. I can't seem to track down any security checks done when this method is invoked. I have, however, found that it does not work in Weblogic 4.5 which seems to argue that a security check can and is done. I'm looking for a confirmation or denial of this information. Thanks, Richard -- Richard Monson-Haefel EJB Expert for jGuru.com ( http://www.jguru.com ) Author of Enterprise JavaBeans Published by O'Reilly & Associates ( http://www.ejbnow.com ) =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
