Chapter 6. Transactions and security
This chapter covers
- The basics of transactions in EJBs
- When to use transactions
- Container-managed versus bean-managed transactions
- The basics of authentication and authorization in EJBs
- Using groups and roles in security
Transactions and security are the cornerstones upon which an Enterprise application is built. In terms of development, transactions and security are probably the hardest to implement correctly and nearly impossible to retrofit into an application once it’s built. Both are system-level concerns that crosscut through an application and are intrinsically assumed by the business logic. EJB tackles both of these concerns and provides a framework for building robust applications while enabling you to focus on the business logic.
If you’re already familiar with the basics of JDBC, EJB provides another layer on top of JDBC. This additional layer introduces abstractions that you’d otherwise have to invent. JDBC is an abstraction for talking to a database generically using SQL; it’s not a framework. Building a scalable application that uses transactions involves much more than simply setting auto-commit to false. Building a framework to manage transactions isn’t a trivial task, and there are many ways to do it wrong. In this chapter you’ll learn how to use transactions in EJB and also how to secure your application.