Re: Obscure EJB programming restriction

Tue, 12 Sep 2000 15:26:12 -0700 

I don't see that exact phrasing in the 1.1 spec. In the ejb 1.1 spec, section 18.1.2 I 
see:
. The enterprise bean must not attempt to create a class loader; obtain the current
class loader; set the context class loader; set security manager; create a new
security manager; stop the JVM; or change the input, output, and error streams.

These functions are reserved for the EJB Container. Allowing the enterprise bean
to use these functions could compromise security and decrease the Container's
ability to properly manage the runtime envi-ronment.

The restriction is against defining a class as in ClassLoader.defineClass(...). This 
is not
a restriction on to package your beans.

----- Original Message -----
From: "Frank Sauer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 12, 2000 2:51 PM
Subject: Obscure EJB programming restriction


> I noticed a fairly obscure EJB programming restriction today that I
> didn't know existed since the appserver I use doesn't enforce it:
>
> "An Enterprise bean must not define a class in a package, as this is a
> function reserved for the container for security reasons."
>
> This exists both in EJB1.1 and EJB2.0 spec. I'm not sure about EJB 1.0.
>
> 1) Why is this a security risk?
> 2) Does any appserver out there actually enforce it?
> 3) Why hasn't anybody ever complained about this on this list?
> 4) If enforced, how do you manage a large scale EJB project?
>
> Frank Sauer
> The Technical Resource Connection
> Tampa, FL
> http://www.trcinc.com
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST".  For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

Reply via email to