Consider the situation of modeling users and groups using entity beans. My GroupBean has methods for adding and removing users from the membership list. The membership list is stored in the UserGroup table, which associates the user id and a group id. There is a corresponding UserGroupBean.
- Posted by: Imran Haq
- Posted on: April 10 2002 17:54 EDT
My business logic requires that whenever a User is removed from the database, all of its group memberships be removed as well.
Should I put the code to remove membership in the UserBean::ejbRemove() method? Or should the ejbRemove() method internally call a session bean to do the removal? The final alternative is to use a session bean directly from the client. In this case, how can I prevent clients from calling UserBean::ejbRemove() since it does not enforce my desired business logic?
- Should I put business logic for CMP entity beans in ejbRemove()? by Andreas Schaefer on April 10 2002 19:49 EDT
I would not consider this as business logic but as data integrety (referencial intergrety). In EJB 1.1 you had to add this to ejbRemove() in EJB 2.0 you can use the CMP 2.0 relationships which should take care of this.
To prevent client access to Entity Beans other hide some Session Beans you can use the "run-as" identity and only allow access to the security EJB with an internal (application server) identity. Therefore no outside user can access the hidden EJBs.
Hope this helps - Andy