Kurt,
Well, a client could still start a transaction and then call an entity bean,
so this doesn't absolutely keep the architecture enforced.
In EJB 1.0 you could use the "Run As" feature to force the Session Bean to
take on a certain security principal. The entity beans could then be fenced
with an ACL that only allows that "system" principal. The problem with this
is that you lose who the real principal/roles are, and so role based
security is then foobar. It meets your architectural requirement, but
probaby does not meet your user security requirements.
I can't think of a spec hook to force this organization.
How about establishing best practices and standards for your prject, and
performing team code reviews to enforce? It's a good idea anyway. This is
just another thing to check for.
Regards,
-Chris.
> -----Original Message-----
> From: Christensen, Kurt [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, July 17, 2000 8:26 PM
> To: [EMAIL PROTECTED]
> Subject: TX attribute question
>
> I'm a transaction newbie, so bear with me...
>
> If we have a layered architecture where we have stateless session beans in
> a
> services layer, and entity beans in a domain layer (i.e., the Gemstone
> "FoodSmart" architecture at www.javasuccess.com), would it be unreasonable
> to say that all session beans could have a TX attribute of "TX_REQUIRED",
> and all entity beans could have a TX attribute of "TX_MANDATORY"? This
> seems
> appealing to me because:
>
> a) This would essentially force all entity beans to be called through
> session beans (what we want, at least in this architecture)
> b) This would allow for Java clients with user-managed transactions, but
> otherwise would force creation of new transactional contexts for methods
> called on the stateless session beans (also what we want in this
> architecture... any individual method call on a stateless bean either
> succeeds or fails, and stateless bean methods can call other stateless
> bean
> methods to provide services, without creating new transactional contexts).
>
> I realize that this isn't appropriate in all cases (i.e., if we have a
> session bean that don't require *any* transactional context), but in
> general, setting the TX attributes in this way makes sense to me.
>
> Any comments?
>
> KurtC
>
> ==========================================================================
> =
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
