This behavior is handled by JBoss Remoting, which EJB3 implementation uses for the remote calls. In earlier releases of JBoss Remoting, dynamic classloading was enabled, but did not have any security checks. As of JBoss Remoting 1.0.1 final release, dynamic classloading has been turned off, with the exception of internal loading of marshallers/unmarshallers, until security can be added to authenticate the client in some way. This feature should be added to the next JBoss Remoting release (1.2.0), which will be what the following EJB3 release will be using.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3872573#3872573 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3872573 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-Development mailing list JBoss-Development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-development