Hello Sriram:
I can tell you a little example in which EJBs are better than Servlets:
With Servlets:
--------------
There are an HTML page which ask for the login and passord. Submitting this
page is received by a Servlet. This Servlet searchs the combination
login/password in a, for example, database. If everything is all rigth, it
gives to the user a cookie , etc.
When the user wants to do any action, a servlet must test if she/he has a
valid cookie and which permissions she/he has.
With EJBs Stateful:
-------------------
The Servlet calls to a function in a stateless session bean. This session
bean test if the combination login/password is correct and then creates a
stateful session bean with the operations the user can do (for example, in
an environment in which there are administrators, advanced users, users...)
and returns the serialized handler to this stateful EJB to the servlet. The
servlet gives to the user a cookie which contains this handler.
When the user wants to do any action, a servlet must call to the adecuated
method in the stateful session bean (represented by the handler in the
cookie). The stateful session bean throws an exception if the user is not
authorized, without any test --remember this EJB has been made at login time
for only this user.
This second way is more secure, because accesses to the system are
controlled by the EJBs, not by the implementation of the servlets, which can
change when the look changes; and permits more complex security policies
than servlets.
I hope this can help you. Regards
Luis Canals
-----Original Message-----
From: Sriram Krovvidi [mailto:[EMAIL PROTECTED]]
Sent: martes, 21 de noviembre de 2000 12:16
To: [EMAIL PROTECTED]
Subject: Servlets instead of StatefulSB's
Hi,
I have seen few EJB Projects where servlets are being used for login purpose
instead EJB's.
I thought Stateful session bean is the best way to validate a login then
servlets.
Am I missing something here ???
Can somebody provide with the info/pointers on pro and cons of using
servlets in an EJB Project , (mainly with respect to login )?
Thank You,
Regards,
- Sriram Krovvidi
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
This message and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
No confidentiality or privilege is waived or lost by any wrong transmission.
If you have received this message in error, please immediately destroy it
and kindly notify the sender by reply email.
You must not, directly or indirectly, use, disclose, distribute, print, or
copy any part of this message if you are not the intended recipient.
Opinions, conclusions and other information in this message that do not
relate to the official business of Newknow shall be understood as neither
given nor endorsed by it.
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
