book

Head First EJB

by Kathy Sierra, Bert Bates

October 2003

Beginner

734 pages

16h 56m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Head First EJB™
Dedication
A Note Regarding Supplemental Files
Advance praise for Head First EJB™
Praise for the Head First approach and Head First Java™
Praise for the Head First approach
Perpetrators of the Head First series (and this book)
How to Use This Book: Intro
Who is this book for?
Who should probably back away from this book?
We know what you’re thinking

And we know what your brain is thinking
Metacognition: thinking about thinking
Here’s what WE did
Here’s what YOU can do to bend your brain into submission
What you need for this book
Last-minute things you need to know
About the SCBCD exam
Technical Reviewers
Other people to credit:
1. Intro to EJB: Welcome to EJB
What is EJB all about?
What does EJB really give me?
No more vendor lock-in!
How does it all work?
Behind the scenes...
Beans come in three flavors
Session beans can be stateless or stateful
Example: The Advice Guy bean
Five things you do to build a bean:
EJB Roles and Responsibilities
Tutorial:
Organize your project directory
Organizing your terminal / command-line
Compile the two interfaces and the bean class
Start the server
You’ll see something like this
Start deploytool
you’ll see something like this
Make a new Application
Name and save the new application
What you’ll see after you create and name the application
Now let’s make the new enterprise bean (the ejb-jar and the DD)
Now we’re in the really cool New Enterprise Bean Wizard
Create the new ejb-jar
Add the three class files (including their package directory) to the JAR
Confirm that you added ONLY the package directory and the class files
Make it a Stateless Session bean
Tell it which of the three class files in the JAR is the actual BEAN class
Tell it which is the Home interface, and which is the Component interface
Verify everything on this screen!
You’re done, click Finish
Meanwhile back on the main deploytool screen...
Run your bean through the deploytool verifier
Close your eyes and click OK
Whew! No failed tests
Time to Deploy
Make it Return a Client Jar
Give it a name, so clients can look it Up
Watch the progress bars go up, then celebrate
Now you’ll see the AdviceApp inside the server
Now all we need is a client...
Organizing your project directory for the client
Run the client!
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
2. Architectural Overview: EJB Architecture
You remember this picture...
Making a remote method call
There’s a “helper” on the server as well...
What about arguments and return values?
What really gets passed when you pass an object to a remote method?
Passing a Remote object through a remote method call
What must the Remote object and the stub have in common?
The client calls business methods on the stub through the Remote business interface
How EJB uses RMI
The Remote object is not the bean, it’s the bean’s bodyguard—the EJBObject
The Component interface
Who writes the class that really DOES implement the component interface? In other words, who makes the EJBObject class?
Who creates what?
The bean Home
Architectural overview: Session beans
Architectural overview: Entity beans
Architectural overview: Creating a Stateful Session bean
Architectural overview: Creating a Stateless Session bean
Who creates the stateless session bean, and when?
Stateless session beans are more scalable
Architectural overview: Message-driven beans
3. The Client View: Exposing Yourself
What the client really wants
It all starts with the home interface
How a client uses a session bean: create, use, and remove
But first, we have to get a home interface reference
In other words, we have to get the stub to the home object... the thing we use to call create(), so that we can get what we really want—the EJB object stub!What’s JNDI?
Let’s take another look at the complete client code
Just when you thought a simple cast would be enough...
But NO. You have to narrow the object as well!
OK, I’ll bite. Why can’t you just do a plain old cast?
PortableRemoteObject.narrow()
Writing the Remote home interface for a session bean
Remote home interface examples for session beans
But enough about the home... let’s talk about the EJB object. The component interface. The thing you REALLY want.
Imagine what else you might want to do with your EJB object reference...
Online shopping should not be rushed...
Thankfully, we’ve got handles
isIdentical?
how to find out if two stubs refer to the same bean
A bean’s client interfaces can be local
Which methods make sense for the local client interfaces?
Do we need handles with local interfaces?Do we need EJBMetaData with local interfaces?Do we need isIdentical() with local interfaces?Do we need primary key information with local interfaces?Do we need remove methods with local interfaces?
When you think handle, think Remote
Local clients don’t need handles!
Who needs EJBMetaData when you’ve got reflection?
Local clients don’t need EJBMetaData!
Do you need isIdentical() when there’s equals()?
Local clients still need isIdentical()
Why so many remove methods?
For Remote clients, two in the home, plus one in the component interfaceHow can you use a remove that takes a handle when you don’t have a handle?Local clients don’t have handles, so local homes don’t have a remove() that takes a handle.
Comparing Remote vs. Local interfaces
Writing the local client interfaces
You can have both a Remote and local client view for a bean, but you probably won’t.
Exceptions in client interfaces: what the client might get
Local client code
What has to change inside the bean class?
Arguments to Remote vs. local methods
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
4. Session Bean Lifecycle: Being a Session Bean
Exploring the session bean lifecycle
You remember how it all works, right?
Getting and using a stateful session bean
There’s obviously more to the bean’s lifecycle than just creation and business methods...
Container Callbacks, for the special moments in a bean’s life...
Container Callbacks come from TWO places
Implementing the container callbacks
We have to look at the transitions
Bean Creation: when an object becomes a bean
Bean things you can do during creation
Bean Use: what happens AFTER creation...
Bean things you can do within business methods
Passivation: a stateful bean’s chance at scalability...
Your job for passivation: make your state passivatable!
Bean things you can do in ejbActivate() and ejbPassivate()
Bean Removal: when beans die
Complaints about bean removal
Bean things you can do in ejbRemove()
Implementing the AdviceBean as a stateFUL bean
Things you can add if the bean is stateFUL
AdviceStatefulBean code
AdviceStatefulBean CLIENT code
Deploying a stateful bean
Compared to stateful beans, stateless beans have a simple life
Bean things you can do from stateless bean methods
Writing a Session Bean: your job as Bean Provider
SessionContext
You need it more than it needs you
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
5. Entity Bean Intro: Entities are Persistent
What’s an entity bean?
Entities vs. Entity Beans
Entity beans from the client’s point of view
A very simple Customer entity bean
An entity bean’s client view
Entity bean Remote component interface
Entity bean Remote component interface
Entity bean Remote home interface
How it’s different from a session bean home interface:
What does the client really want from an entity bean home?
Entity bean Remote home interface
When finders have a dark side...
Home business methods to the rescue
Session bean create() vs. entity bean create()
Session bean remove() vs. entity bean remove()
Entity/bean/instance death
Entity bean client view
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
6. Bean/Entity Synchronization: Being an Entity Bean
The real power of entity beans is synchronization
The only question is WHO does the work when it’s time to synchronize
Container-managed vs. bean-managed persistence
A brief history on the evolution of CMP 2.0
The EntityBean interface adds three new container callbacks (including two just for synchronization)
Even the methods that are the same, don’t behave the same
But wait... there’s more! Entity beans have new home container callbacks, too
Writing a CMP entity bean: make it abstract
You put three kinds of things in your bean class:
PLUS... (ok, that’s four things...)
Virtual fields are NOT instance variables!
Complete code for the CustomerBeanCMP class
So how DID the client get a reference to the EJB object for #28?
Bean things you can do during entity construction:
Object identity: the primary key
Bean things you can do during entity creation:
Bean things you can do in home business methods
Bean things you can do during activation and loading
Bean things you can do during passivation and storing
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
7. Entity Relationships: When Beans Relate
Beanifying your movie database
But we don’t want to think in TABLES We want to think in CLASSES
We need relationships between the Movie bean and the Director bean
Why should the Director be a bean? Why can’t it just be data?
Relationships and multiplicity
Multiplicity in Bean Classes
Multiplicity affects return type!
Defining virtual fields for persistent data fields and relationship fields
Defining your “abstract persistence schema” (virtual fields aren’t enough)
The Container needs these TWO things to know you have a CMP field “title”
Persistent CMP fields in the DD
Using relationships in your code
Defining relationships in your abstract persistence schema (in the DD)
Relationship definition for the Director-to-Movie relationshipDirector-to-Movie relationshipRelationships can be one-way (unidirectional)The dark side of a unidirectional (one-way) relationshipCascade delete can propagateDirector-to-Movie relationshipMovie-to-Trailer relationshipThe abstract schema is in the <entity> element and the <ejb-relation> is in the <relationships> elementMovieBean code with a CMR fieldThe MovieBean’s home interface
Mapping from abstract schema to a real database
Writing your portable queries, for select and finder methodsEJB-QL for the MovieBeanUsing an optional WHERE clauseNavigating to another related beanSelecting a value rather than the whole beanEJB-QL SELECTEJB-QL SELECT — when to use Object ( )What does it MEAN to return an abstract schema type?SELECT and FROM are mandatory!IdentifiersThe WHERE clauseThe WHERE clauseThe problem with using Collection typesCollections don’t bark()!The IN operator lets you say “For an individual element IN the Collection...”The BETWEEN expressionThe other “IN”The IS EMPTY comparison expressionThe IS NOT EMPTY comparison expressionThe LIKE expressionThe NOT LIKE expressionRelationship assignmentsIf the multiplicity of the relationship field is ONE, it’s a MOVE If the multiplicity is MANY, it’s a COPY
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
8. Message-Driven Beans: Getting the Message
Imagine this scenario...
Too bad these guys aren’t message-driven beans
Don’t they look a lot like stateless session beans?
Message-driven bean class
Writing a message-driven bean: your job as Bean Provider
Notice something missing from the code?
We never said what kind of messages we’re listening for, or where they might be coming from.Complete DD for a message-driven bean
Topics and Queues
Only ONE bean per pool gets a copy of a topic message
With a queue, only one bean gets the message. Period.
MessageDrivenContext
MessageDrivenContext
What if something goes wrong?
Message acknowledgement
That’s all well and good, but let’s go back and see how our earlier scenario ended...
Think about it.
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
9. EJB Transactions: The Atomic Age
The ACID test
Is your transaction safe?
Distributed transactions: two-phase commit
How it works in EJB
Transactions can propagate through method calls
Some transactions don’t propagate
The caller’s transaction might be suspended
How do I make (or get) a transaction?
Two ways: code it or declare it
Transaction-related methods are in two interfaces
Making a BMT transaction
Call stack of the checkOut() method
Things you must NOT do with BMT
What does it mean to suspend a transaction?
The UserTransaction interface
setRollbackOnly()
The sound of a transaction’s death
setRollbackOnly() lives in TWO interfaces
getRollbackOnly()
Because life’s too short for a bean to waste time
BMT beans use getStatus() instead of getRollbackOnly()
BMT can be a really BAD idea. BMT hurts bean reuse
Container-managed transactions
How attributes work
Know your attributes
Transaction attributes that require a transaction
Transaction attributes that do not require a transaction
These are the methods you MUST mark with an attribute (for a CMT bean)
“Unspecified Transaction Context”
Burn these in
Marking transactions in the DD
DD example for CMT
More DD examples for CMT
Summary of Bean-managed demarcation
Entity beans have ejbLoad() to stay synchronized, even if the transaction rolls back.
Session Synchronization
because session beans don’t have ejbLoad and ejbStore
SessionSynchronization “special moments”
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
10. Exceptions in EJB: When beans go bad
What can go wrong?
Remember, Java exceptions can be checked or unchecked
It’s all about expectations...
In EJB, exceptions come in two flavors: application and system
With an Application Exception, the Container will...
With a System Exception, the Container will...
Warning! RemoteException is checked, but not expected!
A Remote entity bean home interface declares application exceptions and one system exception (RemoteException)A local entity bean home interface declares only application exceptions
RemoteException goes to remote clients EJBException goes to local clients
Bean Provider’s responsibilities
The Container’s responsibilities
The five standard EJB application exceptions
The five standard application exceptions from the client’s point of view
Common system exceptions
Common system exceptions
Scenarios: what do you think happens?
Scenario Summary
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
11. Security in EJB: Protect Your Secrets
Imagine you’re writing a payroll application...
What can you do?
How to do security in EJB
The Application Assembler’s job: access control
Defining the roles
The <security-role> element
Defining the roles... a better way
The <security-role> element with descriptions
Defining the method permissions
The <method-permission> element
Defining the method permissions
Three different ways to specify methods
Method permissions interact with one another as a union!
Watch out for <unchecked/>
The Deployer’s job: mapping actual humans to abstract roles
Principals and Roles, Users and Groups
Class-level vs. instance-level security
When declarative security is not enough, you might need programmatic security to restrict access to a specific instance of a bean.
Using programmatic security to custom-tailor a method
The problem with isCallerInRole()...
the Bean Provider hard codes a role name, but how does he know what roles the App Assembler will use? And what if there’s more than one Bean Provider?
Map declarative security roles to the programmer’s hard-coded (fake) roles
Use <run-as> security identity to pretend someone else is calling...
Security context propagation with <run-as>
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
12. A Bean’s Environment: The Joy of Deployment
A bean’s special place- java:comp/env
But it’s not per bean instance... It’s per bean home
It’s simple... if the programmer puts a made-up JNDI name in code, he has to announce that to the deployer in the DD.
Bean Provider and Application Assembler responsibility for the Deployment Descriptor
Deployer responsibility for the Deployment Descriptor
Remembering who does what
Now let’s look at the bean’s runtime environment
Which APIs does EJB 2.0 guarantee?
What MUST be in an ejb-jar?
Structure of an ejb-jar
Programming restrictions
Coffee Cram: Mock Exam
Coffee Cram: Mock Exam Answers
A. Final Mock Exam
Coffee Cram
Coffee Cram: Master Mock Exam
Coffee Cram: Master Mock Exam Answers
This isn’t goodbye
Cover Rough Drafts for the series
B. Interface summary
Index
About the Authors
Copyright

Content preview from Head First EJB

What can you do?

Who really is responsible for making the program secure? How does it happen? There’s good news and bad news with EJB security.

Security in EJB is easy. It’s about AUTHORIZATION.
- Most of the time, you don’t put any security-related code into your bean classes.
- In fact, the Bean Provider does not even think about security, except in very special cases we’ll look at in the last part of this chapter.
- Security in EJB is about saying WHO can call WHAT. You can restrict access for each individual method in your application, to only those individuals that are in a privileged ‘role’ (Director, Payroll Admin, Payroll Assistant, etc.)
- The EJB part of the security—the part that specifies the roles, and the methods those roles can access—is done declaratively, in the deployment descriptor, using simple XML tags.
- At the EJB level, it really is as simple as saying, “The setSalary() method can be accessed by ONLY Directors and Payroll Administrators.”
Security in EJB is abstract. It’s NOT about AUTHENTICATION.
- The EJB spec makes it very easy to define roles, and to assign roles to methods in order to control access to the methods. But the spec says NOTHING about how the system will KNOW which real human beings belong to those roles. Somewhere outside of the EJB deployment descriptor (and outside the specification) you still have to say that Jack O’Bryan is in the Director role (and probably other roles as well). Or say that all Payroll Managers in company XYZ are qualified to be in the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596005717Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Head First EJB

by Kathy Sierra, Bert Bates

What can you do?

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

EJB 3 in Action, Second Edition

Beginning EJB in Java EE 8: Building Applications with Enterprise JavaBeans

Learning Java EE 8

Beginning EJB 3: Java EE 7 Edition

Publisher Resources