i'm confused about how this is going to be deployed. are you going to "host" the server side of things and then have a client connect over some type of vpn, etc? if they were to "host" both sides, there's nothing that would prevent them from unpackaging the ears, and decompiling your classes - although i guess you could ship code using one of those tools that obscures some of that.
either way, using scoping is not a solution to locking down the system. for that you'd want to use jaas. an i do client-jar/ejb-jar packaging all the time. he's a brief example of how i do it (and this is some what modelled after how nukes is packaged, and i find it to be quite flexible). 1) create "api" (client) jar - inside here will go any Home/Remote interfaces, helper classes, etc. this is basically the jar you would give to the client so they could access the app. 2) create a "lib" jar - inside here will go any server side classes - ejb implementations, etc. no deployment descriptors are packaged here. 3) create "ejb" jar which contains all the deployment descriptor files, and no other classes. this allows you to do things like deploying all your entity bean classes once, but still deploy "read only" and "read/write" versions. 4) create an ear that contains the "lib" and "ejb" jars (and any sars you may have, wsrs, etc). 5) if you have any "third party" libraries, package them inside a sar (this will guarentee they get deployed first) or put them in the "lib" directory. when you do your deployments to jboss, you deploy both the "api" jar that you gave to your client, plus the ear file. in addition to getting rid of those nasty ClassCastExceptions, you have the ability to hot deploy the ear if you make backend changes (not that you'd want to do this for production, but it is a great advantage in development). imo, scoped ears are best if you have apps that don't need to communicate together and share different versions of a common library. if you're really concerned about who can access what, as i said before, jaas is the route you want to go. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3840383#3840383 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3840383 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
