Question: How is the basic concept any different from method-level
security on an EJB? Aren't you in essence putting security on a public
interface?
I personally would tend to not block access to method either, by
whatever method, as was originally asked about... but is it really as
evil as you make it sound? :)
Frank
Josh McDonald wrote:
Strewth! I just went back and read this thread... Throw an exception and
check to see if you like the caller???? That makes baby jesus cry.
If you have public methods you don't want people to call, ask them not
to. If doing what you ask them not to causes exceptions and their
program not to work, then the problem seems to be solved already.
And if you insist on keeping a list of classes that can call your api
and checking it santa-style, then don't do it on every method call,
that's just plain horrible. Make those methods "package", and add a
proxy class in that package with public a API that can only be
instantiated by your "manager" classes. And it's you're still going to
go to programmer hell if you do that.
-Josh
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
