Today, I added some code for calling bean methods from ajax via shale remoting
and to my wonder I discovered the mechanisms for executing bean calls are
enabled by default.
I don't think this is right. I think they should be disabled by default, and
they should be enabled once the configuration settings are added to the
web.xml. When I added shale core and shale remoting to my project I didn't have
time to read the remoting documentation (I didn't have to use it at that time)
and I didn't think shale would provide ways to poke server code by default. Is
there anything else that I should be aware of?
Anyway, I want to enable access only to one bean. I used the
DYNAMIC_RESOURCES_INCLUDES directive, but this doesn't make any difference. I
didn't understand from the documentation how shale processes the
DYNAMIC_RESOURCES_INCLUDES and DYNAMIC_RESOURCES_EXCLUDES parameters and I
didn't have time to read the code. Can someone explain this?
The other way would be to use the default web app security settings.
Thanks
---------------------------------
Make free worldwide PC-to-PC calls. Try the new Yahoo! Canada Messenger with
Voice
