Okay, here's my 2 cents...
(1) Performance is one of those issues that keeps cropping up again and again. Some camps say that EJB provides fantastic performance, while some don't. The reasons against are because EJBs are relatively heavyweight, container managed components that require a fair amount of resources. On the other hand, containers (depending on which vendor you choose) can optimize things by pooling bean instances, providing caching for entity beans and so on. So then, is performance a merit of EJBs? I think so. Scalability is also one of the best things about the stateless session bean model.
(2 and 3) Despite what people say, CMP makes building entity beans very, very easy. BMP is great, and IMHO, a better way to build truly portable entity beans - simply because you don't have to rewrite the deployment descriptors for each server. On the projects that I've been involved in, we've usually used a combination of CMP (for the straightfoward O/R mappings) and BMPs (for more complex stuff). In addition to this, we also use
patterns like Data Access Object and Value Object next to entity beans when we need to read large amounts of persistent information. This hybrid approach means that we get high performance reads, while still maintaining the nice abstraction layer for small reads and updates.
(4) Role based security is great, although since the majority of systems will have a web-based interface built using JSPs and
Servlets, you may find that you never actually need to use it, but rather handle this in the web tier. Even so, having the ability to control who accesses beans and their methods is a very powerful feature.
Anybody else have any thoughts?
Simon