In JBoss, I did performance tests and discovered that Remote interfaces were actually faster than Local interfaces! I can't tell you why it was faster, but I can tell you why it's at least no slower than Local interfaces. I think I was using 3.0.6 at the time.
JBoss automatically knows when you are accessing an EJB in the same container, even if you use Remote interfaces. Thus, it passes by reference instead of by value, offering the performance advantage of Local interfaces. Why was it faster in tests I did? I can only speculate that in that version of JBoss the Local interfaces had some inefficient code associated with it, which is logical considering that Local interfaces were new at the time. The Local interfaces code could been cleaned up by now.
Local interfaces always pass by reference. Remote interfaces are supposed to pass by value, and do indeed do this in JBoss if you access your EJBs remotely. This means it makes a copy of the data. However, they pass by value in the same container, and this is particular to JBoss, as I understand it.
Keep in mind that Remote interfaces are inherently less secure, since they can be accessed from anywhere on the network via port 1099 on JBoss (JNDI). Thus, for this reason alone, I highly recommend using Local interfaces for all entity beans. I choose to use Local interfaces for all entity beans, and only use Remote interfaces from the web tier.
This ensures that the web tier supports the session facade, and is distributable, while also ensuring that my data is never directly accessible outside the container via port 1099.
By creating a smart getHome() method, you can have it read a properties file to determine if it should connect remotely to another server, or within the same server. Either way, it returns a Remote interface, so your web module is immune to whether or not your EJB tier is distributed.
Another benefit to using only Remote interfaces from the web tier is web modules tend to be highly portable across J2EE vendors. I couldn't believe how easy it was to deploy a WAR create with JBoss in WebSphere, while still accessing the EJBs running in JBoss. WebSphere simply needed a JBoss client jar in its path to use JNP over JNDI to connect to obtain the remote home interfaces. If I had used Local interfaces in the web tier, then this wouldnt have been possible without porting the EJB modules.
I'd like to see the rules for Local interfaces tightened to permit them to increase security inside a single container. Basically, Id like to see them limited to the EJB tier, and only accessible within a single EJB module. In the meantime, I do enjoy knowing that they can't be accessed outside the JVM.
Erik Slimanhttp://as.joshuabranch.com Application security today