• Post Reply Bookmark Topic Watch Topic
  • New Topic

Assigning EJB permissions to private methods ?

 
Pho Tek
Ranch Hand
Posts: 782
Chrome Python Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oreilly's EJB2 book says:

All the methods defined in the remote or home interface and all superinterfaces, including the methods defined in the EJBObject and EJBHome interfaces, can be assigned security roles in the <method-permission> elements. Any method that is excluded will not be accessible by any security role.

I have created a private method in my Stateless Session Bean. Can I assign permissions to methods which are (1) private (2) not exported in the remote nor local interface ? Will they work ?
Regards,
Pho
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By definition, a private method cannot be defined in an interface. Therefore you can't assign a security permission to it. In particular, the Java language specification (section 9.4) states in regard to method declarations in interfaces that the only acceptable method modifiers are public and abstract.
Kyle
[ April 30, 2004: Message edited by: Kyle Brown ]
 
Roland Barcia
author
Ranch Hand
Posts: 181
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And for you second question, you can only assign permissions to method on the Local or Remote Interface because these methods are called by the client through proxies that go through the container and do the check before going into your Bean.
Methods that are on the Bean class that are not part of any of the client interfaces can only be called by the bean itself (Unless you instantiate the class yourself but then it is a plain Java class not mananged by the container).
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!