Single Entry Point to EJB Layer

Java 专栏收录该内容
44 篇文章 0 订阅
Single Entry Point to EJB Layer pattern

This pattern forces the client to use a single entry point to perform the calls to EJBs.

Motivation:

Precisely manage the user access to an application with a dynamic verification of security and session state with full transparency for client’s developers.

This architecture was first designed to be used with a heavy client in Swing. It can easily be modified for a web based client.

Solution :

The main components of this architecture are :

User:
This entity represents a user of the application. It holds authorisation informations as well as session state.

SessionManagementService :
This stateless service is a factory of user sessions. Security can be plugged in to verify the authorization to a particular user to obtain a Session.

UserSession :
This stateful bean is the real facade of the application. Each client call is passed through its two main methods :

public Object invoke(EJBDefinition p_service, String p_methodName, Class[] p_paramTypes, Object[] p_args)

public Object invoke(ServiceKey p_serviceKey, String p_methodName,Class[] p_paramTypes ,Object[] p_args)

This facade can check the connection state of the user (an administrator can dynamically lock a user) and the user's authorization to perform this call using the User EJB.
This component holds a cache on the services ( stateful or stateless).

The first method is used for the call on SLSB services, the second for SFSB services.

Services :
The services are implemented as stateful or stateless EJB. SLSB services have a ejbCreate method without any argument. SFSB services are created through a call on a SLSB service.

All the SLSB are defined in an interface of constants.

public interface Services {

    final static EJBDefinition MESSAGING_SERVICE =
        newEJBDefinition("ejb/framework/MessagingService",
        "org.z.framework.jms.MessagingServiceHome",
        "org.z.framework.jms.MessagingService");

….


UserSessionClient :
This singleton is instantiated only on the client side.
It first asks the SessionManagementService to create a new UserSession and then maintains a reference on this Session to transmit all the client calls.

ClientServiceFactory :
When an object on the client side needs a service to perform a task it asks it to this factory through the call :

messageService = (MessaggingService)ClientServiceFactory.getService(Services.MESSAGGING_SERVICE);


The return of this call is the remote interface of the SLSB service. In fact the object is a dynamic proxy ( see java.lang.reflect.Proxy ) with a ServiceClient as InvocationHandler.

ServiceClient :
This class implements the java.lang.reflect.InvocationHandler and is beside all the remote interface of EJB on the client side.

Every time the client makes a call on an remote interface an instance of this class extracts the method called and the arguments and transmits it to the UserSessionClient.

Normal sequence :

1. A client JVM which needs remote services initiate the session with its UserSessionClient :

UserSessionClient.getInstance().init( userLogin, userPassword);

The SessionManagementService after security checking creates a new UserSession. The remote reference on it is kept in the UserSessionClient.

2. The client needs a service to perform a task. It asks it to the ServiceFactory.

messageService = (MessaggingService)ClientServiceFactory.getService(
Services.MESSAGGING_SERVICE);

A new dynamic proxy is created using the EJBDefinition. The InvocationHandler of this dynamic proxy is a new instance of ServiceClient.

3. The client makes a call on his remote interface.

MessageService.sendMessage("toto");

The ServiceClient transmits all the parameters (the EJBDefinition, the method name, the arguments ) of this call to the UserSessionClient.

The UserSessionClient transmits everything to the UserSession.

The UserSession which does not have any reference on the service performs a lookup to retrieve a reference on the Home of the service and call "create" on it.

Then using reflection it invokes the method.

Consequences :
·The client code to access remote service is extremely simple,
·Any kind of control can be plugged on the client calls.

2 replies in this thread Reply
Read more EJB Session Facade pattern
Posted By: Gal Binyamini on October 13, 2001 in response to this message.
First of all, I think this pattern is not a "session facade" pattern. This pattern suggests a way for inserting method interceptors in method calls. It does not give a user a simplified view of a collection of complex subsystems. The user still talks to each "service" seperately, and the fact that all these calls happen to go through some single session bean behind the scenes is irrelevant to the client. I do not mean to say that the client should talk to the UserSession itself, of course. The UserSession has a very weakly typed interface (maybe weaker than C typing) and it isn't a facade either.

As for the motivation, I don't think security should be a key reason for using this pattern. EJB has a security model and while it isn't perfect, I think it's beneficial to atleast conform with it. You can then add any additional required functionality through proprietary interfaces. Virtually all App servers have such (atleast, to my knowledge). The security model outlined here does not support propagation of user identities. EJB supports such propagations atleast internally within the server, and will hopefully support inter-server propagation as well (although this field requires more work).

As for verification of session state - I do not understand how that relates to this pattern. IMO state verification should occur in the specific components responsible for the state - not in some global interceptor. Some examples of such use could clear thing out for me :)

I can't think of any particularly important use of interception that would require this massive pattern. It seems to me that, if interception is required, it will be much easier to add directly by calling the interceptor in the facade methods. While this isn't as theoretically interesting as doing dynamic interception, I believe it will get the same job done with much less code and will execute faster as well.
I also think that this pattern imposes several arbitrary limitations on implementations (effectively eliminating use of home objects, requiring JVMs of versions 1.3 or higher on client side, ...) that will make any application using it virtually incompliant with the rest of the EJB world. EJB meta classes will not return any meaningful results, new EJB2.0 home methods will not be supported, and god knows what in EJB2.1.

As a final note, EJB2.0 lists method interceptors as a planned feature for future releases. I doubt we'll see it in EJB2.1 though, but maybe in 3.0...

Regards
Gal
1 replies in this thread Reply
Read more Single Entry Point to EJB Layer
Posted By: Floyd Marinescu on October 14, 2001 in response to this message.
I agree that this pattern is misnames, Gaetan, I changed it to "Single Entry Point to EJB Layer" (let me know if you think a different name is appropriate). Please read the Session Facade pattern from EJB Design Patterns book project (http://www.theserverside.com/resources/patterns_review.jsp) for a concise explanation of the session facade pattern.

Floyd
0 replies in this thread Reply
Read more Single Entry point to EJB Layer
Posted By: gaetan zoritchak on October 15, 2001 in response to this message.
The single entry point to EJB layer is indeed more appropriate.

I don't agree with you on using code based on the proprietary interfaces of the security App Server your work on. I prefer limit the proprietary code to the minimum I can.

>The security model outlined here does not support propagation of user identities.

No. We set the user identity ( proprietary App Server code ;-) ) with the first call to the UserSessionClient. The user identity is then normally delegated and we can call the EJBContext.getCallerPrincipal() at anytime to obtain the caller principal name.

>IMO state verification should occur in the specific components responsible for the state - not in some global interceptor.

The session state is not held by the UserSession. Only the verification of this state is called in a generic way by this "global interceptor". It allows a administator to lock a specific session or all the sessions for a maintenance work. But I agree this functionnality may not interest a lot of people. The main purpose for us of this pattern is the security checking based on dynamic settings.

>I also think that this pattern imposes several arbitrary limitations on implementations (effectively eliminating use of home objects, requiring JVMs of versions 1.3 or higher on client side, ...) that will make any application using it virtually incompliant with the rest of the EJB world. EJB meta classes will not return any meaningful results, new EJB2.0 home methods will not be supported, and god knows what in EJB2.1.

We strictly divide our server code in layers : session, service and business. Our client should never call directly an entity and therefore doesn't need home methods. JDK 1.3 is not so recent and I don't feel it like a limitation.

Regards,
Gaetan
  • 0
    点赞
  • 0
    评论
  • 0
    收藏
  • 一键三连
    一键三连
  • 扫一扫,分享海报

打赏
文章很值,打赏犒劳作者一下
相关推荐
<p style="text-align:left;"> <span> </span> </p> <p class="ql-long-24357476" style="font-size:11pt;color:#494949;"> <span style="font-family:"color:#E53333;font-size:14px;background-color:#FFFFFF;line-height:24px;"><span style="line-height:24px;">限时福利1:</span></span><span style="font-family:"color:#3A4151;font-size:14px;background-color:#FFFFFF;">购课进答疑群专享柳峰(刘运强)老师答疑服务。</span> </p> <p> <br /> </p> <p class="ql-long-24357476"> <strong><span style="color:#337FE5;font-size:14px;">为什么说每一个程序员都应该学习MySQL?</span></strong> </p> <p class="ql-long-24357476"> <span style="font-size:14px;">根据《2019-2020年中国开发者调查报告》显示,超83%的开发者都在使用MySQL数据库。</span> </p> <p class="ql-long-24357476"> <img src="https://img-bss.csdn.net/202003301212574051.png" alt="" /> </p> <p class="ql-long-24357476"> <span style="font-size:14px;">使用量大同时,掌握MySQL早已是运维、DBA的必备技能,甚至部分IT开发岗位也要求对数据库使用和原理有深入的了解和掌握。</span><br /> <br /> <span style="font-size:14px;">学习编程,你可能会犹豫选择 C++ 还是 Java;入门数据科学,你可能会纠结于选择 Python 还是 R;但无论如何, MySQL 都是 IT 从业人员不可或缺的技能!</span> </p> <span></span> <p> <br /> </p> <p> <span> </span> </p> <h3 class="ql-long-26664262"> <p style="font-size:12pt;"> <strong class="ql-author-26664262 ql-size-14"><span style="font-size:14px;color:#337FE5;">【课程设计】</span></strong> </p> <p style="font-size:12pt;"> <span style="color:#494949;font-weight:normal;"><br /> </span> </p> <p style="font-size:12pt;"> <span style="color:#494949;font-weight:normal;font-size:14px;">在本课程中,刘运强老师会结合自己十多年来对MySQL的心得体会,通过课程给你分享一条高效的MySQL入门捷径,让学员少走弯路,彻底搞懂MySQL。</span> </p> <p style="font-size:12pt;"> <span style="color:#494949;font-weight:normal;"><br /> </span> </p> <p style="font-size:12pt;"> <span style="font-weight:normal;font-size:14px;">本课程包含3大模块:</span><span style="font-weight:normal;font-size:14px;"> </span> </p> </h3> <p class="ql-long-26664262" style="font-size:11pt;color:#494949;"> <strong class="ql-author-26664262"><span style="font-size:14px;">一、基础篇:</span></strong> </p> <p class="ql-long-26664262" style="font-size:11pt;color:#494949;"> <span class="ql-author-26664262" style="font-size:14px;">主要以最新的MySQL8.0安装为例帮助学员解决安装与配置MySQL的问题,并对MySQL8.0的新特性做一定介绍,为后续的课程展开做好环境部署。</span> </p> <p class="ql-long-26664262" style="font-size:11pt;color:#494949;"> <span class="ql-author-26664262" style="font-size:14px;"><br /> </span> </p> <p class="ql-long-26664262" style="font-size:11pt;color:#494949;"> <strong class="ql-author-26664262"><span style="font-size:14px;">二、SQL语言篇</span></strong><span class="ql-author-26664262" style="font-size:14px;">:</span> </p> <p class="ql-long-26664262" style="font-size:11pt;color:#494949;"> <span class="ql-author-26664262" style="font-size:14px;">本篇主要讲解SQL语言的四大部分数据查询语言DQL,数据操纵语言DML,数据定义语言DDL,数据控制语言DCL,</span><span style="font-size:14px;">学会熟练对库表进行增删改查等必备技能。</span> </p> <p class="ql-long-26664262" style="font-size:11pt;color:#494949;"> <span style="font-size:14px;"><br /> </span> </p> <p class="ql-long-26664262" style="font-size:11pt;color:#494949;"> <strong class="ql-author-26664262"><span style="font-size:14px;">三、MySQL进阶篇</span></strong><span style="font-size:14px;">:</span> </p> <p class="ql-long-26664262" style="font-size:11pt;color:#494949;"> <span style="font-size:14px;">本篇可以帮助学员更加高效的管理线上的MySQL数据库;具备MySQL的日常运维能力,语句调优、备份恢复等思路。</span> </p> <span><span> <p style="font-size:11pt;color:#494949;"> <span style="font-size:14px;"> </span><img src="https://img-bss.csdn.net/202004220208351273.png" alt="" /> </p> </span></span>
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页

打赏

xxcc

你的鼓励将是我创作的最大动力

¥2 ¥4 ¥6 ¥10 ¥20
输入1-500的整数
余额支付 (余额:-- )
扫码支付
扫码支付:¥2
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值