Saving the world from bad beans

Dave Clarke, Michael Richmond, James Noble
2003 Proceedings of the 18th ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications - OOPSLA '03  
The Enterprise JavaBeans (EJB) framework requires developers to preserve architectural integrity constraints when writing EJB components. Breaking these constraints allows components to violate the transaction protocol, bypass security mechanisms, disable object persistence, and be susceptible to malicious attacks from other EJBs. We present an object confinement discipline that allows static verification of components' integrity as they are deployed into an EJB server. The confinement rules
more » ... simple for developers to understand, require no annotation to the code of EJB components, and can be efficiently enforced in existing EJB servers.
doi:10.1145/949338.949339 fatcat:6n6lhysgxzhbrgtsphh3o6zt74