On Mon, 6 Nov 2000 11:23:02 -0800, Larry Liu <[EMAIL PROTECTED]> wrote:
>It is well known statement quoted by your mail. Do you
>think the move of the IO work to Web tier instead of the
>EJB tire is the way out?
I have already given a solution to how to do file I/O through EJB's, but
here we go again. This seems to be hard for people to understand.
There is Absolutely Nothing(tm) that prevent you from putting all the file
I/O into a separate library which your EJB's then access. Period.
Are these classes not covered by the EJB restrictions? No, not if they are
considered part of the system.
How do I make them part of the system? By installing them in the servers
classpath, or as an installed extension in the lib/ext directory in the
JRE/JDK.
So, why does this work? Because the permission restrictions will not apply
to system loaded classes. For example, the server itself is allowed to do
file I/O, as do JDBC drivers etc. This would be no different.
And it would just work? Almost. You need to wrap all dangerous code blocks
in your library class with doPrivileged calls. For more information on this
please see the security framework documentation at java.sun.com/security, or
check the archives of this mailing list for posts on this topic by Rickard
Oberg (i.e. me) covering the ins and outs of permissions, grants, call stack
security checkings etc.
/Rickard
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
