json-rpc exposes backend program?

I plan to implement jab开发者_如何学JAVAsorb in my project to call Java method from Javascript by registering Java Class. Hence, the backend's partial Java class and methods would be exposed to users if they review javascript code of web page, right? Does it have security issues?

Does it have security issues?

Of course it does!

If you do this, you should assume that people will try to compromise your system by calling the exposed methods. So your server side needs to be written to perform comprehensive access control checks on use of those methods, and the methods themselves need to thoroughly check the call arguments to ensure that they don't do harmful things when called with unexpected argument values.