Stanley M. Ho
Stanley.Ho at sun.com
Thu May 24 17:12:26 PDT 2007
Bryan Atsatt wrote:
> 1. Definitely agree that resource search order should be identical to
> class search order.
Glad to hear!
> 2. Using permissions to limit access to private resources seems like
> overkill to me. The prototype implemented this in a very simple fashion:
> a. If resource is exported, return it, else
> a. Get the caller's Module (get class from stack, get module from it)
> b. If callerModule == this, return resource, else return null.
The issue is that this approach still requires stack walking and there
is no public API in the SE platform that let you implement this.
If stack walking is required for the check anyway, I think the security
permission approach is better that it is implementable with the existing
API in the SE platform.
More information about the jsr277-eg-observer