EJB.18.1 Bean Provider s Responsibilities

Previous page
Table of content
Next page

EJB.18.1 Bean Provider's Responsibilities

This section describes the view and responsibilities of the bean provider.

EJB.18.1.1 APIs Provided by Container

The EJB provider can rely on the EJB container provider to provide the following APIs:

  • JDK 1.1.x or Java 2

  • EJB 1.1 Standard Extension

  • JDBC 2.0 Standard Extension (support for row sets only)

  • JNDI 1.2 Standard Extension

  • JTA 1.0.1 Standard Extension (the UserTransaction interface only)

  • JavaMail 1.1 Standard Extension (for sending mail only)

The bean provider must take into consideration that while some containers will provide JDK 1.1.x APIs, other containers may provide the Java 2 (i.e., JDK 1.2) APIs. This means that the bean providers that want to deploy their enterprise beans in all containers must restrict the APIs used by the enterprise beans to those that are available in JDK 1.1 and the previously listed standard extensions.

EJB.18.1.2 Programming Restrictions

This section describes the programming restrictions that a bean provider must follow to ensure that the enterprise bean is portable and can be deployed in any compliant EJB container. The restrictions apply to the implementation of the business methods . Section EJB.18.2, which describes the container's view of these restrictions, defines the programming environment that all EJB containers must provide.

  • An enterprise bean must not use read/write static fields. Using read-only static fields is allowed. Therefore, it is recommended that all static fields in the enterprise bean class be declared as final .

This rule is required to ensure consistent runtime semantics because while some EJB containers may use a single JVM to execute all enterprise bean's instances, others may distribute the instances across multiple JVMs.

  • An enterprise bean must not use thread synchronization primitives to synchronize execution of multiple instances.

Same reason as above. Synchronization would not work if the EJB container distributed to enterprise bean's instances across multiple JVMs.

  • An enterprise bean must not use the AWT functionality to attempt to output information to a display, or to input information from a keyboard.

Most servers do not allow direct interaction between an application program and a keyboard/display attached to the server system.

  • An enterprise bean must not use the java.io package to attempt to access files and directories in the file system.

The file system APIs are not well suited for business components to access data. Business components should use a resource manager API, such as JDBC API, to store data.

  • An enterprise bean must not attempt to listen on a socket, accept connections on a socket, or use a socket for multicast.

The EJB architecture allows an enterprise bean instance to be a network socket client, but it does not allow it to be a network server. Allowing the instance to become a network server would conflict with the basic function of the enterprise bean ”to serve the EJB clients .

  • The enterprise bean must not attempt to query a class to obtain information about the declared members that are not otherwise accessible to the enterprise bean because of the security rules of the Java language. The enterprise bean must not attempt to use the Reflection API to access information that the security rules of the Java programming language make unavailable.

Allowing the enterprise bean to access information about other classes and to access the classes in a manner that is normally disallowed by the Java programming language could compromise security.

  • The enterprise bean must not attempt to create a class loader; obtain the current class loader; set the context class loader; set security manager; create a new security manager; stop the Java virtual machine; or change the input, output, and error streams.

These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions could compromise security and decrease the container's ability to properly manage the runtime environment.

  • The enterprise bean must not attempt to set the socket factory used by ServerSocket , Socket , or the stream handler factory used by URL.

These networking functions are reserved for the EJB container. Allowing the enterprise bean to use these functions could compromise security and decrease the container's ability to properly manage the runtime environment.

  • The enterprise bean must not attempt to manage threads. The enterprise bean must not attempt to start, stop, suspend, or resume a thread or to change a thread's priority or name . The enterprise bean must not attempt to manage thread groups.

These functions are reserved for the EJB container. Allowing the enterprise bean to manage threads would decrease the container's ability to properly manage the runtime environment.

  • The enterprise bean must not attempt to directly read or write a file descriptor.

Allowing the enterprise bean to read and write file descriptors directly could compromise security.

  • The enterprise bean must not attempt to obtain the security policy information for a particular code source.

Allowing the enterprise bean to access the security policy information would create a security hole.

  • The enterprise bean must not attempt to load a native library.

This function is reserved for the EJB container. Allowing the enterprise bean to load native code would create a security hole.

  • The enterprise bean must not attempt to gain access to packages and classes that the usual rules of the Java programming language make unavailable to the enterprise bean.

This function is reserved for the EJB container. Allowing the enterprise bean to perform this function would create a security hole.

  • The enterprise bean must not attempt to define a class in a package.

This function is reserved for the EJB container. Allowing the enterprise bean to perform this function would create a security hole.

  • The enterprise bean must not attempt to access or modify the security configuration objects (Policy, Security, Provider, Signer, and Identity).

These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions could compromise security.

  • The enterprise bean must not attempt to use the subclass and object substitution features of the Java Serialization Protocol.

Allowing the enterprise bean to use these functions could compromise security.

  • The enterprise bean must not attempt to pass this as an argument or method result. The enterprise bean must pass the result of SessionContext.getEJBObject() or EntityContext.getEJBObject() instead.

To guarantee portability of the enterprise bean's implementation across all compliant EJB containers, the bean provider should test the enterprise bean using a container with the security settings defined in Tables EJB.18-1 and EJB.18-2. The tables define the minimal functionality that a compliant EJB container must provide to the enterprise bean instances at runtime.


Previous page
Table of content
Next page
Java 2 Platform, Enterprise Edition. Platform and Component Specifications
Java 2 Platform, Enterprise Edition: Platform and Component Specifications
ISBN: 0201704560
EAN: 2147483647
Year: 2000
Pages: 399
Authors: Bill Shannon, Mark Hapner, Vlada Matena, James Davidson, Enterprise Team, Eduardo Pelegri-Llopart, The Enterprise Team
BUY ON AMAZON
Beginning Cryptography with Java
Absolute Beginner[ap]s Guide to Project Management
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Quantitative Methods in Project Management
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy