arrow_back history picture_as_pdf This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ~~NOTRANS~~ ~~Title: Actions in Server objects~~ Every [[jvx:server:lco:actions|server-side action]] should be defined in a [[jvx:server:lco:lifecycle|life-cycle object]] (= LCO). Sometimes it's better to group functionality in helper objects. It's very easy to encapsulate functionality in objects. Just create an object and add public methods: <file java Car.java> public class Car { private String type; private int speed; public Car(String type, int speed) { this.type = type; this.speed = speed; } public String getType() { return sType; } public int getSpeed() { return speed; } } </file> Our Car class has two methods: **getType** and **getSpeed**! If you're using the Car class in your life-cycle obect, like following: <file java> // Application LCO public class Application extends GenericBean { } // Session LCO public class Session extends Application { public Car getCar() { Car car = (Car)get("car"); if (car == null) { car = new Car(); put("car", car); } return car; } } </file> it will be possible to call getType and getSpeed. <file java> connection.call("car", "getSpeed") </file> But this call would throw a SecurityException with "access is not allowed". It's not possible to call every method of an object just because it's public. This could open back-doors. You have to define accessible methods - from objects - via annotation: <file java Car.java> public class Car { ... @Accessible public String getType() { return sType; } @Accessible public int getSpeed() { return speed; } } </file> The call: <file java> connection.call("car", "getSpeed"); </file> will work without problems! If you define a public method in your LCO (= action), it's always accessible because usually you will offere business logic or storages for the client. But it's possible to deny the access to objects or actions: <file java Session.java> public class Session extends Application { @NotAccessible public getCar() { ... } } </file> The **NotAccessible** annotation denies the access via connection call but it's still possible to invoke the method directly in your Session LCO or a Screen LCO: <file java> public class Session extends Application { @NotAccessible public getCar() { ... } public int getSpeed() { return getCar().getSpeed(); } } public class Screen extends Session { public String getType() { return getCar().getType(); } } </file> The call: <file java> connection.call("car", "getSpeed") </file> will fail with a SecurityException because car object is not accessible. The action call: <file java> connection.callAction("getSpeed") </file> will work without problems. The security controller doesn't check simple method calls because the developer should have the freedom to do everything on server-side.