Hi,
da ich den text schon auf englisch geschrieben habe poste ich ihn auch so hier, ich hoffe es ist verständlich worum es mir geht!?
I am looking for some suggestions on the following problem:
In my system are Users and Services and a User has some rights for a Service, how do I keep track of my custom User object inside the ejbcontainer? Do I have to send the userId with each request?
I thought of two solutions:
1) I use one Stateless SessionBean that has a login method that returns a Stateful SessionBean and all subsequent communication is handled by this Bean. Thus I can safe the User object in the Stateful SessionBean and pass it to all other services that are used. What I do not like here, is that this SessionBean has to have ALL possible methods that have to be exposed to the client. Or can I return other SessionBeans that can be used remotelty but not direct. Eg:
StatefulBeanRemote myConn = ((StatelessBeanRemote)ctx.lookup("StatelessBeanRemote")).login();
StatefulSearchBeanRemote search = myConn.getSearchService();
search.search("*");
but ctx.lookup("StatefulSearchBeanRemote") should not be possible in this case.
2) What I initially preferred where multiple SessionBeans, each standing for one Service. E.g. one for Search, one for Accountmanagement and so on. And each of them is exposed by @Remote Interface to the client. But here I have the problem that I do not know who is calling the methods? I only know that the Caller has been logged in by my LoginModule. But to know who it is I would either have to send its username/id on every request or make a login on every SessionBean i use....
How is the "normal" design for this? Does anybody has an example application that shows this? I just cannot find anything on the net, alltough I think this scenario must exist a thousand times....
Any help would be appretiated,
Mathis
da ich den text schon auf englisch geschrieben habe poste ich ihn auch so hier, ich hoffe es ist verständlich worum es mir geht!?
I am looking for some suggestions on the following problem:
In my system are Users and Services and a User has some rights for a Service, how do I keep track of my custom User object inside the ejbcontainer? Do I have to send the userId with each request?
I thought of two solutions:
1) I use one Stateless SessionBean that has a login method that returns a Stateful SessionBean and all subsequent communication is handled by this Bean. Thus I can safe the User object in the Stateful SessionBean and pass it to all other services that are used. What I do not like here, is that this SessionBean has to have ALL possible methods that have to be exposed to the client. Or can I return other SessionBeans that can be used remotelty but not direct. Eg:
StatefulBeanRemote myConn = ((StatelessBeanRemote)ctx.lookup("StatelessBeanRemote")).login();
StatefulSearchBeanRemote search = myConn.getSearchService();
search.search("*");
but ctx.lookup("StatefulSearchBeanRemote") should not be possible in this case.
2) What I initially preferred where multiple SessionBeans, each standing for one Service. E.g. one for Search, one for Accountmanagement and so on. And each of them is exposed by @Remote Interface to the client. But here I have the problem that I do not know who is calling the methods? I only know that the Caller has been logged in by my LoginModule. But to know who it is I would either have to send its username/id on every request or make a login on every SessionBean i use....
How is the "normal" design for this? Does anybody has an example application that shows this? I just cannot find anything on the net, alltough I think this scenario must exist a thousand times....
Any help would be appretiated,
Mathis
Zuletzt bearbeitet: