Session Facade

Home
>Discussions
>EJB design
> Session Facade

Discussions

EJB design: Session Facade

Session Facade (2 messages)
- Posted by: Alexandre Jaquet
- Posted on: January 03 2003 20:11 EST
Hi,

For my Struts project I got some questions for the architecture of my project.

I want to use a Session Facade to use the act as the controller of my EJB's.

But do you need multiples facades depending on the roles
of my EJB (most are entity's) or may I use only one facade to invoke my EJB's.

What's the best design ?

Thanks for your advice.

--
Alexandre Jaquet

Reply to this
Threaded Messages (2)
- Session Facade by Alexandre Jaquet on January 03 2003 20:41 EST
  - Session Facade by joel stewart on January 06 2003 15:00 EST
Session Facade[ Go to top ]
- Posted by: Alexandre Jaquet
- Posted on: January 03 2003 20:41 EST
- in response to Alexandre Jaquet
I explain more a use case of my problematic.

When a user login into the application I want for example
he's been redirect into the student page gathering all
the information concerning the current student.

Or if it's a professor the same but he's redirect into
the professor group page where he can update the information relative in his courses and have a view how
the student evolve.

Thanks for your advice.

--
Alexandre Jaquet

Reply to this Reply to original
Session Facade[ Go to top ]
- Posted by: joel stewart
- Posted on: January 06 2003 15:00 EST
- in response to Alexandre Jaquet
When you put a security constraint around a struts action, say studentPage.do, then the context will have the principal available from httpServletRequest.getUserPrincipal and can answer the question httpServletRequest.isUserInRole("rolename") given you supply the <security-constraint> in the war deployment descriptor and you have declared the <login-config> and <security-role> as well.

If the web container and ejb container are in the same server - then (at least with JBoss Jetty / BEA) the principal is delegated to calls in the ejb tier.

So, with struts, Simply creating a local / remote in the perform method should suffice, and business methods you call will automatically propigate to the ejb tier.

Beware that if you do not put security constraints around the web components interacting with the ejb tier, that of course nothing may have been authenticated and thus the ejb will not know who is calling it.

Then you either use container delegated security, ex:
<assembly-descriptor>
<security-role>
<role-name>student</role-name>
</security-role>
<method-permission>
...

Or on a per business method you can enforce security by checking the context.isCallerInRole and context.getCallerPrincipal.

When the web container and ejb container are in different VMs, consult the documentation on how auth info is propigated. Never done that.

Hope this is enough,
JS

Reply to this Reply to original

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site | Media Kits | Reprints | Site Map

TechTarget - The IT Media ROI Experts

Discussions

EJB design: Session Facade

Session Facade (2 messages)

Threaded Messages (2)

Session Facade[ Go to top ]

Session Facade[ Go to top ]