: The problems are:
: 1. Can a filter be applied to a method of a Java Bean?

Not directly, no.

Servlet filters may only be applied to web requests, either URL patterns
like "/protected/*" or file-extension patterns such as "/*.do".

Try not to think of protecting methods, but protecting procedures or
actions: You have some business task, "read," that you want to be available
via the web. To make this accessible from the web tier, you would

- create some object/method that encapsulates the business request;
we'll call that SomeBean.read()

- create a servlet that calls SomeBean.read(); said servlet would be
responsible for gathering params from the web request and passing
them to SomeBean.read()

- create a filter to perform your auth/access control

- map said servlet to a URI that is protected by said filter


This addresses your original goals:

- access by the end-users (via their web browsers) is managed
by your filter; only the proper people may perform the "read"
business task.

- other methods in your business logic may call one another without
restriction.


One additional benefit of taking the "API called by a servlet" route is
that your core business logic is separated from the web-acess and
web-presentation thereof.

-QM

--

C++ / Java / SSL
http://www.brandxdev.net/

___________________________________________________________________________
To unsubscribe, send email to listserv@(protected)
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html