users@glassfish.java.net

Problem with WebStart

From: Piero Filippin <filippinp_at_yahoo.co.uk>
Date: Wed, 26 Sep 2007 15:44:31 +0100

Hi,
I just noticed something "scary" - I am pretty sure this has something
to do with how my project is structured, can someone please help me
tracing what I am doing wrong?

My project EAR contains:
o EJBean jar (defining the implementation of my bean + all the
persistence classes)
o Separate Jar (defining the bean remote interface - this is the only
thing the client should know about the bean)
o Normal java app (the client)
o A bunch of jars with all my libraries required by the client.

Now, if download the client app using webstart, I receive a jar file
containing:

o The normal java app jar (the client)
o all the jars required by it (work as expected)
o The separate Jar with the bean interfaces (needed)
o the entire bean jar!

Why is the bean jar included in the webstart version? The implementation
is not needed, plus it introduces security issues as it contains all the
business logic (which a client should not allowed to know)

In addition (but this is an Eclipse problem) the EAR contains the source
code (no matter if I uncheck the "export source code" during the
export), so I am giving away the source of the bean as well!!

Piero