I am wondering, which portions of reflection are allowed to be used within EJBs (EJB3.x), which ones are discouraged to be used and which ones are forbidden.
[EDIT] I am generally speaking about stuff like getMethod(), method.invoke() etc on the different EJB Types, so no java POJO stuff.
I searched the EJB core specification without finding real hints on that.
I personally believe, that avoiding the use of reflection outside frameworks is good programming style, but the question remains, which portions are allowed by standard?
Thanks in advance!
Have you seen what spec EJB 3.1 says in point 21.2.2 ?
The enterprise bean must not attempt to query a class to obtain information about the declared members that are not otherwise accessible to the enterprise bean because of the security rules of the Java language. The enterprise bean must not attempt to use the Reflection API to access information that the security rules of the Java programming language make unavailable.
So generally speaking - you should not violate language defined security rules.