EJB context: The portal to the container exists as follows: 1. About the Home object and the information of the EJB object 2, the current transaction information of beans. 3, for the customer's authorized security information. BEAN can determine the security level required by the customer to perform the security level by querying the environment. 4, bean's environmental properties. The container saves all of this information in a target called EJB Context Object. The EJB context as the physical part of the container, can be accessed by bean. These accesss allow beans to get current status and change the current state. The context can be changed in the life of the bean. Ejb1.0 javax.ejb.ejbcontext interface:
public interface javax.ejb.EJBContext {public javax.ejb.EJBHome getEJBHome (); public java.util.Properties getEnvironment (); public java.security.Identity getCallerIdentity (); public boolean isCallerInRole (java.security.Identity); public Javax.jts.usertransaction getusertransaction (); public void setrollbackonly (); public boolean getRollbackOnly ();} Session bean context context is divided into: session context and entity context. They are used for session beans and entity beans, respectively.
javax.ejb.EJBContext public interface javax.ejb.SessionContext extends javax.ejb.EJBContext {public javax.ejb.EJBObject getEJBObject ();} Note: SessionContext EJBContext interface extends the interface methods defined in EJBContext provides session bean Access path. For session beans, setSessionContext, which is defined in the Javax.ejb.SessionBean interface. For entity beans, call setentityContext. SessionContext.GeteJBObject () In EJB, Beans can be used as a client of other beans. If a bean needs to call additional beans, the getEJBObject () method is required. In Java, the object can save its own reference using this keyword. In EJB, Bean cannot communicate objects using this keyword, because all methods on all customers call beans are indirectly calling the EJB objects of Beans. BEAN can pass itself to the EJB object using this keyword. Understanding the security of EJB First, the client must be identified. Second, the client must be authorized. Step 1: Differentially different EJB containers have different approaches client methods. For example: BEA's WebLogic, provides different usernames and passwords when different client code uses JNDL positioning home objects.
Properties props = System.getProperties (); props.put (Context.SECURITY_PRINCIPAL, "EmployeeA"); props.put (Context.SECURITY_CREDENTIALS, "myPassword1"); Context ctx = new InitialContext (props); // Use the initial context To lookup Home Objects ... EJB does not develop specific specifications, so this affects the portability. To understand this, check the documentation of various containers. When running this code, the application server will verify your username and password, which is the application server specification. Many application servers allow for setting usernames and passwords in the properties file. This file will be read by the application server at runtime. The high-level server supports the integration of the existing verification system. For example, store the username and password list in the LDAP server. Step 2: Authorization can only call methods in the bean only after authorized clients. There are two ways to verify authorization in EJB: Declarative, and Programmatical. That is, all authorization inspections are performed by the container, and an authorization check is performed in the program. When the Declarative Authorization Check, you must declare the authorization needs of Beans in the configuration descriptor. For example, an example using a configuration descriptor for a Wea's WebLogic server: (AccessControllentries SubmitpurchaseOrder [Employees] ApprovePurchaseOrder [Managers]; End AccessControlEntries container will automatically perform security checks at runtime. Point out the java.lang.securityException exception. Programmatic Authorization Check, you must query the EJB context to get the current client's authorization information. CallerinRole (Identity Role) and getCallerIdentity () are called by two methods.
isCallerInRole () import java.security.Identity; ... public class MyBean implements SessionBean {private SessionContext ctx; ... public void foo () {Identity id = new MyIdentity ( "administrators"); if (ctx.isCallerInRole (id )) {System.out.println ("An Admin Called Me"); Return;} System.out.Println ("a non-admin custom me");}}}}}}}} @}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}) {public MyIdentity (String id) {super (id);}} getCallerIdentity () import java.security.Identity; ... public class MyBean implements SessionBean {private SessionContext ctx; ... public void bar () {Identity id = CTX.getCallerIdentity (); string name = id.getname (); system.out.println ("the caller's name is" );}} Operation of objects Many EJB applications require clients with the ability to disconnect with beans, and have the ability to rebuild the connection with Beans. EJB provides EJB Object Handles. EJB object operation For EJB objects is a long life agent. It can be used to reconstruct the connection with the EJB object and ensure that the session state is not lost. Below is the code of the EJB object operation
. // First, get the EJB object handle from the EJB object javax.ejb.Handle myHandle = myEJBObject.getHandle (); // Next, serialize myHandle, and then save it in // permanent storage ObjectOutputStream stream = .... ; stream.writeObject (myHandle); // time passes ... // When we want to use the EJB object again, // deserialize the EJB object handle ObjectInputStream stream = ...; handle myHandle = (handle) stream.readObject (); // Convert the EJB object handle back into an EJB object MyRemoteInterface myEJBObject = (MyRemoteInterface) myHandle.getEJBObject (); // Resume calling methods again myEJBObject.callMethod (); examples: The Puzzle Game "Fazuul" (refer to the original )
