Create forward-compatible beans in EJB,
Part 2 - JavaWorld January
2000
Tutorial Details:
Create forward-compatible beans in EJB, Part 2
Create forward-compatible beans in EJB, Part 2
By: By Richard Monson-Haefel
More key strategies for developing portable EJB 1.0 beans for EJB 1.1 servers
hile the Enterprise JavaBeans specification (EJB) 1.1 provides a more stable and concrete specification than its predecessor, EJB 1.0, does, it also introduces forward-compatibility problems. Beans developed for EJB 1.0-compliant servers today will not automatically port to EJB 1.1 servers tomorrow.
Create forward-compatible beans in EJB: Read the whole series!
Part 1. How to write EJB 1.0 beans to port to EJB 1.1 servers
Part 2. More key strategies for developing portable EJB 1.0 beans for EJB 1.1 servers
In the first installment of this article, we developed the PortableContext , an abstraction that insulates bean developers from changes that affect forward compatibility. At runtime, PortableContext automatically changes its behavior to support either EJB 1.0 or EJB 1.1 conventions for accessing properties, JDBC connections, and other beans. This article will continue to enhance the PortableContext in order to encapsulate access to security from a bean. I will also demonstrate how you can use the PortableContext to make enterprise beans portable between brands of servers, as well as different versions of the specification. In addition, I'll address issues specific to entity bean portability and the changes to XML deployment descriptors.
This article covers some advanced topics, and is not intended for individuals new to Enterprise JavaBeans. Readers should already be familiar with Java development, JNDI, JDBC, and Enterprise JavaBeans. In addition, I have simplified exception handling so that example code is clear and easy to follow.
PortableContext
Last month, we developed the PortableContext so that it provided a common interface that hid implementation differences between EJB 1.0 and EJB 1.1 when accessing environment properties, JDBC connections, and other beans. Now we will extend the PortableContext to encapsulate differences between EJB 1.0 and 1.1 when utilizing the EJBContext security methods.
Bean access to security
Enterprise JavaBeans provides beans with limited access to authorization-based (access control) security. In EJB, a bean can obtain the security identity of its client and make sure that the client is a member of a specific security role or identity. EJB 1.0 and EJB 1.1 maintain slightly different semantics in the EJBContext to support these security features.
In EJB 1.0, the EJBContext is specifically designed to use the java.security.Identity type for identifying clients and verifying membership in a role; in EJB 1.1, the EJBContext uses the java.security.Principal type for this purpose. In EJB 1.1, the Identity methods used in EJB 1.0 are still available but are deprecated, which presents a forward-compatibility problem. Lists 1-A and 1-B show the security methods in the EJBContext for EJB 1.0 and EJB 1.1.
List 1-A. EJB 1.0: Security methods in the EJBContext
public interface EJBContext {
public java.security.Identity getCallerIdentity();
public boolean isCallerInRole(Identity role);
...
}
List 1-B. EJB 1.1: Security methods in the EJBContext
public interface EJBContext {
public java.security.Principal getCallerPrincipal();
public boolean isCallerInRole(java.lang.String roleName);
// Deprecated
public java.security.Identity getCallerIdentity();
// Deprecated
public boolean isCallerInRole(Identity role);
...
}
The change in the new spec is a result of change in the security architecture of the Java 2 Platform. However, the differences are cosmetic for most EJB developers, since the underlying objective is the same. The code fragments below demonstrate how a bean might use the EJBContext to determine a caller's identity and verify membership in a role under both the EJB 1.0 and EJB 1.1 specs.
List 2-A. EJB 1.0: Using the EJBContext security methods
public class AccountBean implements EntityBean {
int id;
double balance;
String modifiedBy;
EntityContext ejbContext;
PortableContext portableContext;
public void withdraw(Double withdraw)
throws WithdrawLimitException, AccessDeniedException {
// only tellers can withdraw more than 10k
if(withdraw.doubleValue() > 10000) {
Identity tellerIdnty = new RoleIdentity("teller");
boolean isTeller = ejbContext.isCallerInRole(tellerIdnty)
if(!isTeller)
throw new AccessDeniedException();
}
Double limit = (Double)
portableContext.getEnvironmentEntry(
"java:comp/env/withdraw_limit", Double.class);
if (withdraw.doubleValue() > limit.doubleValue())
throw new WithdrawLimitException(limit);
else
balance = balance - withdraw.doubleValue();
Identity identity = ejbContext.getCallerIdentity( );
String modifiedBy = identity.getName();
}
...
}
List 2-B. EJB 1.1: Using the EJBContext security methods
public class AccountBean implements EntityBean {
int id;
double balance;
String modifiedBy;
EntityContext ejbContext;
PortableContext portableContext;
public void withdraw(Double withdraw)
throws WithdrawLimitException, AccessDeniedException {
// only tellers can withdraw more than 10k
if(withdraw.doubleValue() > 10000) {
boolean isTeller = ejbContext.isCallerInRole("teller")
if (!isTeller)
throw new AccessDeniedException( );
}
Double limit = (Double)
portableContext.getEnvironmentEntry(
"java:comp/env/withdraw_limit",Double.class);
if (withdraw.doubleValue() > limit.doubleValue())
throw new WithdrawLimitException(limit);
else
balance = balance - withdraw.doubleValue();
Principal principal = ejbContext.getCallerPrincipal( );
String modifiedBy = principal.getName();
}
...
}
PortableContext can hide the EJB 1.0 and EJB 1.1 security models from the bean. To accomplish this, the PortableContext models its abstraction around the EJB 1.1 security model. Below, the abstract PortableContext class has been modified to include two new methods, getCallerPrincipal() and isCallerInRole() , which mimic the new security methods in the EJB 1.1 EJBContext .
List 3. PortableContext class with new abstract security methods
import javax.ejb.*;
import java.lang.reflect.Method;
import java.security.Principal;
public abstract class PortableContext {
final static String SYSTEM_PROPERTY_NAME = "java.ejb.portable_context";
EJBContext ejbContext;
public static PortableContext getInstance(EJBContext context)
throws PortableContextException{
String className = System.getProperty(SYSTEM_PROPERTY_NAME);
if(className == null)
throw new PortableContextException("System property for implementation not set");
try{
Class clazz = Class.forName(className);
PortableContext portableCtx = (PortableContext)clazz.newInstance();
portableCtx.setEJBContext(context);
return portableCtx;
}catch(Exception e){
throw new PortableContextException(e);
}
}
public void setEJBContext(EJBContext ctx){
ejbContext = ctx;
}
public abstract Object lookup(String name, Class type)throws PortableContextException;
public abstract Principal getCallerPrincipal( );
public abstract boolean isCallerInRole(String roleName);
}
In the PortableContext class, the security methods are abstract, which means that the PortableContext implementations ( PortableContext1_0 and PortableContext1_1 ) must implement these methods.
In Lists 4-A and 4-B below, the PortableContext implementations are modified to implement the security methods. Notice that the EJB 1.1 implementation ( PortableContext1_1 ) simply delegates the method requests to the EJB 1.1 EJBContext , while the EJB 1.0 implementation converts requests from the Principal -based model of EJB 1.1 to the Identity model of EJB 1.0.
List 4-A. PortableContext1_0, with security methods
import javax.ejb.EJBContext;
...
import java.security.Principal;
import java.security.Identity;
public class PortableContext1_0 extends PortableContext {
public Principal getCallerPrincipal( ) {
return (Principal)ejbContext.getCallerIdentity( );
}
public boolean isCallerInRole(String roleName) {
Identity identity = new RoleIdentity(roleName);
return ejbContext.isCallerInRole(identity);
}
...
}
List 4-B. PortableContext1_1, with security methods
import javax.naming.InitialContext;
...
import java.security.Principal;
public class PortableContext1_1 extends PortableContext {
public Principal getCallerPrincipal( ) {
return ejbContext.getCallerPrincipal();
}
public boolean isCallerInRole(String roleName) {
return ejbContext.isCallerInRole(roleName);
}
...
}
The java.security.Identity class implements the java.security.Principal interface, so the getCallerPrincipal( ) method in the PortableContext1_0 class simply casts the Identity object returned from the EJBContext.getCallerIdentity( ) method to its Principal type. This is simple enough; the implementation of the isCallerInRole() method in the PortableContext1_0 class is more complicated, however.
EJB 1.0 required the use of java.security.Identity to verify membership in a security role. As the code in Lists 2-A and 2-B demonstrates, checking a client's role can provide valuable authorization logic that the access control declarations in the deployment descriptor can't address. Unfortunately, while the EJB 1.0 specification requires the use of the Identity type as a role identifier, it doesn't specify how a bean should acquire the Identity object specific to the role being tested. The Identity class is an abstract class, so simply instantiating it is not possible. In the examples above, a mysterious RoleIdentity object was instantiated with the name of the role being tested. This provided us with an Identity object that could be used in the isCallerInRole(Identity role) method. But where did the RoleIdentity object come from?
The RoleIdentity class is an extension of the java.security.Identity class, and provides us with a simple, concrete implementation of Identity that we can instantiate with a string name. (A similar RoleId
Read
Tutorial at: Click here to view the tutorial
Rate Tutorial: Create forward-compatible beans in EJB,
Part 2 - JavaWorld January
2000
View Tutorial: Create forward-compatible beans in EJB,
Part 2 - JavaWorld January
2000
Related
Tutorials:
 Integrate security infrastructures with JBossSX
Integrate security infrastructures with JBossSX
|
Boost Struts with
Boost Struts with XSLT and XML
|
Use Web services
to integrate Web applications with
EISs
Use Web services
to integrate Web applications with
EISs
|
Accelerate EJB 2.0
development with EJBGen
Accelerate EJB 2.0
development with EJBGen
|
Will Big Blue
eclipse the Java
tools market?
Will Big Blue
eclipse the Java
tools market?
|
Integrate EJBs with CORBA
Integrate EJBs with CORBA
|
Container-managed relations for the
21st century
Container-managed relations for the
21st century
|
The J2EE 1.4 Tutorial
The J2EE 1.4 Tutorial is a guide to developing enterprise applications for the Java 2 Platform, Enterprise Edition (J2EE) version 1.4. Here we cover all the things you need to know to make the best use of this tutorial.
|
Add concurrent processing with message-driven beans
Add concurrent processing with message-driven beans
|
Finally, getting hands in !
Finally, getting hands in !
|
Developing Your First Enterprise Beans, Part 1
One of the most important features of EJB is that enterprise beans have the ability to work with containers from different vendors. However, that doesn't mean that selecting a server and installing your enterprise beans on that server are trivial processe
|
Developing Your First EJBs, Part 2
the authors walked through what you need to do to develop your first entity bean. This week concludes this series with a look at how to develop a session bean, building on the examples presented in part one.
|
Java Beans, Part 1 Introducing Java Beans
The basic idea of the Beans tutorial is to get you to the point where you can quickly create beans. You may want to write new beans from scratch, or you may want to take existing components, applets, or other classes and turn them into beans.
|
JSP (JavaServer Pages) is a standard for combining Java and HTML to provide dynamic content in web pages.
With JSP, you embed Java code in HTML using special JSP tags similar to HTML tags. You install the JSP page, which has a .jsp extension, into the WebLogic Server document root, just as you would a static HTML page. When WebLogic Server serves a JSP page..
|
Testing Your Enterprise JavaBeans with Cactus
Enterprise JavaBeans provide many advantages. But each server-side/back-end developer knows that development of EJBs is sometimes painful, time-consuming, and requires a lot of patience while creating assembly descriptors, application-server-specific conf
|
Developing Distributed application using Enterprise Java Beans, J2EE Architecture, EJB Tutorial, WebLogic Tutorial.
Developing Distributed application using Enterprise Java Beans, J2EE Architecture, EJB Tutorial, WebLogic Tutorial.
Distributed Architecture
Two-tier application:
In the past two-tier applications were used. Two-tier applications are also know as
|
Introduction To Enterprise Java Bean(EJB). WebLogic 6.0 Tutorial.
Introduction To Enterprise Java Bean(EJB). WebLogic 6.0 Tutorial.
Welcome to EJB Section
(Learn to Develop World Class Applications with Enterprise Java Beans)
(Online WebLogic 6.0 Tutorial)
Introduction To Enterprise Java Bean(EJB)
Enterprise
|
developing a Session Bean and a Servlet and deploy the web application on
JBoss 3.0
developing a Session Bean and a Servlet and deploy the web application on JBoss 3.0
Writing Calculator Session Bean and Calling through JSP
Previous Tutorial Index Next
In this lesson I will show you how to develop a Calculator Stateless Session
|
developing a Session Bean and a Servlet and deploy the web application on
JBoss 3.0
developing a Session Bean and a Servlet and deploy the web application on JBoss 3.0
Writing Stateless Session Bean and Calling through Servlet
Previous Tutorial Index Next
In this lesson I will show you how to develop a Stateless Session Bean and
|
New Technical Articles: 64-bit Programming on Solaris 10 OS for x86 Platforms
Four technical articles describe the new Sun Studio 10 software's 64-bit programming features on the Solaris 10 OS for x86 and AMD64 platforms. Important issues regarding the AMD64 ABI (Application Binary Interface), debugging, migration to 64-bits, and p
|
|
|
|
