: The problems are: : 1. Can a filter be applied to a method of a Java Bean?
Not directly, no. Servlet filters may only be applied to web requests, either URL patterns like "/protected/*" or file-extension patterns such as "/*.do". Try not to think of protecting methods, but protecting procedures or actions: You have some business task, "read," that you want to be available via the web. To make this accessible from the web tier, you would - create some object/method that encapsulates the business request; we'll call that SomeBean.read() - create a servlet that calls SomeBean.read(); said servlet would be responsible for gathering params from the web request and passing them to SomeBean.read() - create a filter to perform your auth/access control - map said servlet to a URI that is protected by said filter This addresses your original goals: - access by the end-users (via their web browsers) is managed by your filter; only the proper people may perform the "read" business task. - other methods in your business logic may call one another without restriction. One additional benefit of taking the "API called by a servlet" route is that your core business logic is separated from the web-acess and web-presentation thereof. -QM -- C++ / Java / SSL http://www.brandxdev.net/ ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
