I have a Java EE application using EJBs, and perform most of the functions through Stateless EJBs.
I have a requirement for all users to also have an active session, and I'm wondering what the best way of using the beans are.
Currently, I have a command line client which uses the stateless beans directly in addition to logging into the system with the stateful bean.
I'm wondering if I should have the client perform all functions through the stateful bean, that way no functions can be performed unless an active session exists.
This makes more sense to me personally.
I'm just not quite sure what design is 'right' or what is the better design.
If I continue to have the client use the stateless beans, then I'll have to have a way for those stateless beans to check if the client has an active session.
A session exists anyway even if you're only invoking stateless beans. The choice on whether to invoke a stateless or stateful bean should mater only whether you need to keep state between method invocations. Try injecting the SessionContext and notice that there will be a principal, even if it's anonymous.
If your requirement is an authenticated user, a stateless session bean is fine:
You can call SessionContext.getCallerPrincipal() in the EJB (for logging purposes etc.)
You can impose authorization declaratively (using the #RolesAllowed annotation on EJB methods)
so I don't see a reason to switch to stateful session beans. It might not be relevant, but a stateful session bean consumes resources on the server side, so there should be a compelling reason to do so.
A related question When to use Stateful session bean over Stateless session bean? received no answers up to today, and I consider no answer in this case to be an answer as well.
Related
I am working on a JSF web application. The service layer is developed using stateless session beans. These stateless beans are injected to managed beans using CDI.
I know that to manage transactions in stateless beans, I can use either container managed transactions or bean managed transactions. Also all the public methods in a stateless bean are by default in container managed transactions.
So my questions are:
Which is the preferred approach for transaction management in stateless bean - container managed or bean managed?
Is it advisable to have both bean managed and container managed transaction beans in service layer?
Is it possible to use both container managed and bean managed transactions in a single bean? If possible is it advisable?
Please let me know your suggestions...
Which is the preferred approach for transaction management in stateless bean - container >managed or bean managed?
The typical and preferred approach is to use CMT. Transaction management is one of the useful services that a app server offers, it simplifies your development, therefore, you should use this approach (that also is the default one) the vast majority of the time.
However, BMT is still necessary in some special cases:
a) when you need reduce the transaction boundaries for improving performance.
b) when you have a statefull session bean and you need retain a transaction across several client calls. (it's hard to see when this can be useful).
Is it advisable to have both bean managed and container managed transaction beans in service layer?
Yes, If some services need the special requirement described above, you can use both bean transaction types as part of the service layer.
Is it possible to use both container managed and bean managed transactions in a single bean? If possible is it advisable?
No, it is not possible.
Use container managed transaction if your transaction scope does not span across more service layer methods: ideally you should have one transaction (container-triggered commit) for one method. If this is not the case, a bean managed transaction should be more practical, letting the caller decide when commit or rollback.
I am new to ejbs and cdi. To my understanding a stateful ejb stores the data in the instance variables and destroys the stateful ejb after the request is finished.
I recently attended an interview where the interviewer asked me what kind of ejb would I use in an online shopping kind of application.
If I have to do it without ejbs, I create a HttpSession and then add the user interest in the session and then show him another page to continue or make the payment or exit.
If I want to accomplish the same using stateful ejbs, I dont understand why should I use stateful ejbs, what is its significance? Because once the request is completed the ejb is destroyed and the user interest/cart-details are destroyed.
Secondly what I am not able to understand about cdi is, suppose I am injecting the service class into my servlet, because injection happens only once there will be only one instance of the service class. When more than two requests come the instance variables of the stateful ejb get corrupted. So I guess when I am using stateful ejbs I have to use #RequestScoped annotation. Am I right?
Stateful session bean will allow you to store the same state as an http session. Few advantages over using http session that I can think of:
Scalability - Your SFSB can be deployed on another server and scale independently using remote interfaces
Non-web clients - You can use SFSB to maintain state for a non-web client where http session will not be available
The other benefits that come with using an EJB
To hold a reference to a stateful EJB in a servlet you should use #SessionScoped with #Inject as indicated in this answer
I use SSH for a some while, and some friends ask me what is bean, and difference between session bean and entity bean, and difference between stateful session bean and stateless session bean, is those concept only exists in EJB(I also want to ask is EJB some relation with SSH), or they are general concept?
and what are they?
what i mean SSH is Spring Struts and Hibernate, actually i do not know they three has some relationship with EJB?
And i want to know is that bean is concept in the context of EJB? And when we talks about other framework like SSH, we never said bean?
what is bean
In context of EJB, bean is a class managed by the container.
between session bean and entity bean
Session beans represent logic while entity beans represented persistent objects. These days entity beans aren't used anymore in favour to JPA entities.
difference between stateful session bean and stateless session bean
Once you obtain a reference to stateful session bean, you will always use that particular instance. Stateless session beans are pooled and returned to the clients at random.
those concept only exists in EJB
Yes, although beans are also present in Spring framework with a similar meaning but different design concepts.
is EJB some relation with SSH
You can deploy EJBs via SSH using SCP. But seriously, seems like you are confusing SSH with...?
I'm working on a Java webapp trying to combine the following technologies:
Java EE 6
CDI
JSF 2
EJB 3.1
Spring Security
I provide CDI-based backing beans (#ViewScoped, #Named) for my JSF pages.
I use #Stateless EJB beans for the actual work to be done.
I only need few session information like jSessionCookie (managed by container), internal username and some other internal IDs. Now, I wonder where to put this session information so that I can access it in the backing beans for JSF, but also provide it to the stateless EJBs? Should I use a #Stateful EJB session bean or should I create CDI-based POJO with #SessionScoped and #Named?
Are there any best practices?
For your particular use case, a stateful session bean would not be a good choice.
Do note that contrary to what people may claim, stateful session beans are surely not something you should generally avoid. However, they are for advanced use cases, for instance when dealing with JPA's extended persistence context.
The reason why stateful session beans would not work here, is that they are not automatically associated with the HTTP session, which seems to be your prime concern. You could add the #SessionScoped annotation to them, but then you could just as well use a regular managed bean. You would not use any of the particular features of a SFSB.
See alo:
Can I use EJB Stateless Bean with CDI to maintain user session?
Using a Stateful Session Bean to track an user's session
Calling a CDI session scoped producer method from an EJB stateless session bean
Contexts and Dependency Injection in Java EE 6
You can inject your stateless EJBs with a session scoped CDI bean, but you have to realize that within the same application your EJB bean would be dependent on the HTTP session then (something you sometimes want to avoid, e.g. if your bean has to be called from other contexts as well).
#Stateful EJB is something I'd try to stay away from. I believe behavior and state are things that should not be mixed.
I would also go for SJuan76's answer and use SessionScoped JSF backing bean.
Based on this post http://www.adam-bien.com/roller/abien/entry/ejb_3_1_killed_the I use in my app #Named #Stateless bean for communication with a database (injecting EntityManager here) and display information on a jsf page. It's great facilitation since Java EE 5, but I have one question.
Is it secure to use such beans for maintaining a user session (shopping cart etc)? I read a book about ejb 3.0 and I know that the same stateless bean could be used with many clients.
What's the best approach to use a managed bean with all ejb features (transactions, thread safety etc)? I mean any other way than managed bean + ejb interface with implementation + ejb injection as in Java EE 5?
I use GlassFish 3.1 WebProfile
Adding to the advice of duffymo; there are some additional considerations for using stateful session beans vs using the HTTP session.
The HTTP session basically has a map like structure. It's directly available to all threads (requests) that are part of the session. This makes manipulating several items a relatively unsafe action. It's possible to synchronize on the session itself, but this is a risky operation that can potentially dead-lock your entire application. The HTTP session does allow you to declare event listeners, which fire upon any kind of modification of the http session.
The Stateful session bean of course has a bean structure. It has a kind of auto synchronization feature, as only thread can be active in the bean at the same time. Via annotations you can declare if other threads wait (and if so, for how long) or immediately throw an exception in the face of concurrent access.
Where there is normally only one http session per user, a single user can make use of multiple stateful session beans at the same time. A particular advantage of stateful session beans is that they have a mechanism to passivate their state after some timeout, which can free up your server's memory (at the cost of disk space of course). Stateful session beans do not directly have the kind of event listeners that the http session does have.
I think that originally the "session" aspect of stateful session beans was to maintain a session with remote non-web clients (Swing, another AS, etc). This is much like the http session was created to maintain a session with remote web clients. Since a non-web client can request and hold on to multiple proxies for stateful session beans, the web analogy is actually more akin to that of the recently introduced conversation scope.
In the case of remote web clients talking to a server, where the server internally talks to a stateful session bean, the concepts greatly overlap. The remote web client only knows about the http session (via the JSESSIONID) and nothing about the stateful session bean's session. So if the http session was lost, you typically would not be able to connect the remote client with the specific stateful session bean again. The HTTP session in this case is thus always leading and you might as well store your shopping cart items inside a single (http) session scoped bean.
There is one specific case where stateful session beans come in handy for internal communication, and that's if you need JPA's extended persistence context. This can be used if e.g. locks on entities need to last between requests (which is possibly handy for a shopping cart if you have limited stock and don't want to confront the user with an "out of stock" message as soon as he actually checks out).
Stateless beans cannot maintain shopping carts or session; that's what "stateless" means.
You need either a stateful EJB or to do it in the web tier. Those are the only places where session is maintained.