~~NOTRANS~~
~~Title: Actions in Server Objects~~

Every [[jvx:server:lco:actions|server-side action]] should be defined in a [[jvx:server:lco:lifecycle|life cycle object]] (LCO). Sometimes, it's better to group functionality in helper objects.

It's very easy to encapsulate functionality in objects. Just create an object and add public methods:

<file java Car.java>
public class Car
{
    private String type;
    private int speed;

    public Car(String type, int speed)
    {
        this.type = type;
        this.speed = speed;
    }

    public String getType()
    {
        return sType;
    }

    public int getSpeed()
    {
         return speed;
    }
}
</file>

Our Car class has two methods: **getType** and **getSpeed**!

If you're using the Car class in your life cycle object, like the following:

<file java>
// Application LCO
public class Application extends GenericBean
{
}

// Session LCO
public class Session extends Application
{
    public Car getCar()
    {
        Car car = (Car)get("car");

        if (car == null)
        {
            car = new Car();

            put("car", car);
        }

        return car;
    }
}
</file>

it will be possible to call getType and getSpeed. 

<file java>
connection.call("car", "getSpeed")
</file>

But this call would throw a SecurityException with "access is not allowed".

It's not possible to call every method of an object just because it's public. This could open back doors.

You have to define accessible methods - from objects - via annotation:

<file java Car.java>
public class Car
{
    ...

    @Accessible
    public String getType()
    {
        return sType;
    }

    @Accessible
    public int getSpeed()
    {
         return speed;
    }
}
</file>

The call:

<file java>
connection.call("car", "getSpeed");
</file>

will work without problems!

If you define a public method in your LCO (action), it's always accessible because, usually, you will offer business logic or storages for the client. But it's possible to deny the access to objects or actions:

<file java Session.java>
public class Session extends Application
{
    @NotAccessible
    public getCar()
    {
        ...
    }
}
</file>

The **NotAccessible** annotation denies the access via connection call but it's still possible to invoke the method directly in your Session LCO or a Screen LCO:

<file java>
public class Session extends Application
{
    @NotAccessible
    public getCar()
    {
        ...
    }

    public int getSpeed()
    {
        return getCar().getSpeed();
    }
}

public class Screen extends Session
{
    public String getType()
    {
        return getCar().getType();
    }
}
</file>

The call:

<file java>
connection.call("car", "getSpeed")
</file>

will fail with a SecurityException because car object is not accessible. The action call:

<file java>
connection.callAction("getSpeed")
</file>

will work without problems.

The security controller doesn't check simple method calls because the developer should have the freedom to do everything on server side.