In chapt 4 (page 176) of Allen's book there is a brief mention that EJBs can be overkill if the object can be accessed locally and one should use POJOs instead.
This is curious in light of Marc Fleury's comments at our recent User's Group meeting: Never use serialization and always put your EJBs on the same CPU as your web server (which is always practicle with
JBoss since there are no licensing fees).
Well, assuming we are creating a web application and everything is on the same CPU and we don't want CMP Entity beans (I hear they are slow and don't support inheritance) when should we use
EJB instead of POJOs (plain old
java objects)? Do we need EJBs for role based security? Don't Apache HTTPD and Apache
Tomcat implement authorization and authentication? I believe they do because I just used it!
I have not heard much encouragement about statefull session beans either.
I am tempted to conlude that EJBs are not terribly useful for Web applications and are mostly useful for 2 tier applications where there is no web server to provide authorization, authentication, no browser to support session state (with cookies and hidden fields).
Please critque my logic and assumptions here if you disagree!
Thanks,
Siegfried