[jboss-dev-forums] [Design of POJO Server] - Re: ManagedOperation aspects for the ProfileService.Manageme
adrian@jboss.org
do-not-reply at jboss.com
Fri Sep 21 08:30:11 EDT 2007
"adrian at jboss.org" wrote :
| Correct. If that's not correct then the dispatch context is wrong for the same reason.
|
While we are on subject the InvokeDispatchContext IS incorrect.
1) The getTarget() is redundant, since that is on the plain ControllerContext interface.
2) The getClassLoader() should not be there.
As far as I can tell, the classloader is used to get the parameters when they are
expressed as strings in the metadata/xml
We need to find a way to remove the getClassLoader()
and make it an implementation detail, or introduce a permission check
into the implementations. Exposing classloaders in public methods is a security hole.
See Class.getClassLoader() or Thread.currentThread().getContextClassLoader()
for the kind of checks required.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4087205#4087205
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4087205
More information about the jboss-dev-forums
mailing list