Okay, I'll take a stab and say, I don't think that's what it says.
I think it says that if you have an EJB method (for example)
that requires a certain role (say r1) to execute, then you
must not (in order to be portable I think) use reflection
to invoke the methods on another EJB requiring another different
role (r2). If the method have the same security rules (roles)
then it's probably OK to use reflection. Then again, since
security roles can be changed descriptively via XML, how one figures
this out is currently confusing to me. (but that probably a personal
problem)
Basically I take this to mean "it's not good to use reflection
on EJB in a fraudulent manner".
Hope that helps.
-----Original Message-----
From: Rong Sang [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 13, 2000 12:06 PM
To: [EMAIL PROTECTED]
Subject: Reflection API in EJB
Could someone please explain the following restriction
in EJB programming?
"Using the Reflection API to query classes that are
not otherwise accessible to the EJB component due to
Java's security rules."
Does this mean we should totally abandon Reflection in
both EJB classes and any helper classes?
Thanks,
Rong
__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
