2

I am fresher to EJB, working on a maintenance application that is using EJB2.0. I am just going through the application code and trying to understand it. It has got ejb-jar.xml with some session beans as shown below.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 
2.0//EN' 'http://java.sun.com/dtd/ejb-jar_2_0.dtd'>
<ejb-jar>
<enterprise-beans>
  <session>
     <ejb-name>StatelessBean</ejb-name>
     <home>com.example.interfaces.StatelessBeanHome</home>
     <remote>com.example.interfaces.StatelessBean</remote>
     <local-home>com.example.interfaces.StatelessBeanLocalHome</local-home>
     <local>com.example.interfaces.StatelessBeanLocal</local>
     <ejb-class>com.example.interfaces.StatelessBeanSession</ejb-class>
     <session-type>Stateless</session-type>
     <transaction-type>Container</transaction-type>

     <security-identity> 
        <use-caller-identity>
     </security-identity>

     <resource-ref>
        <res-ref-name>eis/SAPFactory</res-ref-name>
        <res-type>javax.resource.cci.ConnectionFactory</res-type>
        <res-auth>Application</res-auth>
        <re-sharing-scope>Shareable</re-sharing-scope>
     </resource-ref>

  </session>
</enterprise-beans> 
</ejb-jar>

I see that the resource authentication can be either Application or Container based, in the above snippet it is Application, in some other applications I have seen it being mentioned as Container, what exactly is the difference between them? When to use over other. Also, the transaction type is also specified as Container, please throw some light on this as well.

srk
  • 4,857
  • 12
  • 65
  • 109

1 Answers1

1

<res-auth>Application</res-auth> means that the application will perform login to the resource. For example, for JDBC, that means the application will use getConnection(user, password). <res-auth>Container</res-auth> allows the login credentials to be supplied by the application server, typically through configuration provided by the server administrator. Container-managed authentication is generally preferred to avoid hard-coding user/password information in the application or needing to invent a secondary mechanism for providing configuration to the application.

<transaction-type>Container</transaction-type> for an EJB means that by default the EJB container will implicitly begin transactions when an EJB method is called and commit/rollback (depending on exceptions thrown) when the EJB method ends. Additionally, per-method transaction attributes can be used to modify the behavior of the container-managed transaction (suspend/reject existing transactions when a method is called, and choose not to start a global transaction at all). <transaction-type>Bean</transaction-type> means that the EJB must begin/commit/rollback itself using UserTransaction.

Brett Kail
  • 33,593
  • 2
  • 85
  • 90
  • For Container authentication, can't we provide harcoded user name and password like getConnection(user,password)? – srk Mar 29 '15 at 04:24
  • You could, but avoiding that is the whole point of container-managed authentication. – Brett Kail Mar 30 '15 at 03:16