Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

J2EE  RSS feed

 
Sowmya
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
This forum comes just in time for my exams in Java(I am a student). I have a doubt I would like cleared. Why is not secure for servlets to talk directly to the datatbase (through JDBC) why go through an EJB?
------------------
 
Bhagvan Kommadi
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The use of ejb is for these features:
a) transactional management (container)
b) security (container)
c) container managed persistence
d) separation of business logic from controller
Bhagvan K
SCJP,SCJA part I , IBM 483
------------------
 
Subrahmanyam Allamaraju
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
> Why is not secure for servlets to talk directly to the datatbase
> (through JDBC) why go through an EJB?
There is just one reason.
You can protect methods on EJBs declaratively (i.e., in the deployment descriptor) to allow access only to users of specific roles. For instance, you can specify that only users having role "customer" may access the order status. In order for this mechanism to work, you need to setup your J2EE server with users/roles and so on. Once such a security constraint is setup on a bean, the container verifies the credentials of the caller before executing the protecting methods.
For security, this is, of course, not adequate. You also have to make sure that your DataSource objects are protected. This is to preclude direct access to the database from non-EJBs. How exactly you do this depends on the server you are using.
------------------
Subrahmanyam Allamaraju
Author of Professional Java Server Programming J2EE 1.3 Edition
 
Subrahmanyam Allamaraju
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One clarification. Although you can protect servlets too, there is a difference in the level of granularity.
------------------
Subrahmanyam Allamaraju
Author of Professional Java Server Programming J2EE 1.3 Edition
 
Richard Smolen
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can set up users and groups inside a DB, too...so I think the question still remains, why use EJB?
 
ruilin yang
Ranch Hand
Posts: 334
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess there are some advantage to use EJB to access DB:
1) distribute business logic/resource easily.
2) EJB can cache database inf
3) EJB managed by its container (synchronize with DB), so save the developer's effort.
Do I miss something more important ?
Ruilin
[This message has been edited by ruilin yang (edited December 04, 2001).]
 
Thomas Paul
mister krabs
Ranch Hand
Posts: 13974
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sowmya,
JavaRanch has a naming standard that requires a full name (first name space last name). You must follow the standard to be eligible for the book!
Thanks,

------------------
Tom
Sun Certified Programmer for the Java� 2 Platform
Moderator of the forums:
J2EE and EJB
Other Java APIs
 
Sowmya
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the information Thomas, where do I change my user name? I updated my signature.
------------------
Sowmya Suresh
MS-IS (student)
 
Ajith Kallambella
Sheriff
Posts: 5782
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Soumya, simply re-register with a new name and we will take care of deleting your old account. Unfortunately the software doesnot allow changing the name once it is registered
Thanks!
------------------
Ajith Kallambella M.
Sun Certified Programmer for the Java�2 Platform.
IBM Certified Developer - XML and Related Technologies, V1.
Co-author of Java 2 Certification Passport
 
raj sekhar
Ranch Hand
Posts: 117
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A servlet need not go ONLY thru an EJB to access a database unless it is REQUIRED. It can still get to DB directly if you desire. Security is only a complimentary reason to use EJB and not a specific reason for the servlet to access DB thru an EJB.
But normally if you do not need a EJB in your application, there can be a DB wrapper that your servlet can access thru which everything can be made possible.
Did I answer the question or I am an tangent? Any nodding heads?
Thanks
Raj
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!