Hi Experts,
I need your suggestions and idea regarding the scenario we have designed for
our EJB-based Banking system. I would appreciate if you give me advice and/or
share your experience on this.
In our Banking System, we've got a Central Bank Manager in which we have
provided all the bank services such as transferring money, returning balance,
paying bills etc. and other subsystems say, Internet Bank or Telephone Bank
will be served through this Central Bank Manager. The old Manager was developed
in a very poor designation and now we are going to develop it using EJB.
The scenario we are currently consider is to developing each banking services
as an session object. Actually, we have two kind of services, Loginless
services that needs no authentication and even authorization and Loginfull
services which requires that the customer first log in and then uses any
available service that desires.
I assume the former services as Stateless session bean while the later ones as
stateful session beans.
My Idea is that we can provide a Login SFSB in which we have a login() business
method that have been tagged with @Init and a logout() method tagged with
@Remove. Also, this SFSB has a getService(ServiceType) method in which we can
lookup the actual service that the customer needs.
as an example:
|
| //A servlet from Internet Bank that serves login process
|
| public void doGet(...){
| //acquire username and password
| String username = ...
| String password = ...
|
| // lookup Login SFSB remote interface
| BankSession bankSession = ctx.lookup(...);
|
| Boolean ok = bankSession.login(username,password);
| if(ok){
| httpSession.setAttribute("bankSession", bankSession);
| }else{
| //redirect to an error page
| throw new Exception("invalid username or password");
| }
| }
|
now if user is authenticated then we store a bankSession in his/her session.
but inside the BankSession we have a getService() method which is actually a
service locator that looks up any desired service.
| @Statefull
| public class BankSession implements BankSessionRemote{
| // to assign a session id
| private String sessionId;
|
| @Init
| public boolean login(....){
| //code to logging in
| }
| public <T extends BankService> T getService(Class<T> klass){
| try{
| Context c = new InitialContext();
| Object sessionBean = c.lookup(klass.getName());
| ((BankService)sessionBean).setSessionId(sessionId);
| return (T) sessionBean;
| }catch(NamingException x){
| return null;
| }
| }
|
| @Remove
| public void logout(){
| sessionId = null;
| //rest of codes...
| }
| }
|
now, consider in another servlet which is responsible for transferring money we
have:
| public class TransferServlet....{
| public void doGet(...){
| BankSession bankSession =
httpSession.getAttribute("bankSession");
| Transfer transfer =
bankSession.getService(Transfer.class);
| transfer.execute(...);
| }
| }
|
if point is each time the logout() is called or the EJB timed out exception is
occurred or this session bean is disposed in any way the customer is no longer
able to get any other service that requires authentication. so in this way, we
can make sure that everything is working safely.
And one more thing is that because we set the session id through the
getService() method, neither of those services will work if they are acquired
individually through the RMI rather than our BankSession SFSB.
But the thing is that I don't know whether or not we can store the session bean
as an attribute in HttpSession or generally, if we store it in any structure
and pass that session bean to various classes and servlets, is it still keep
its own relation with the remote server?
And secondly, Does the locator we provide in getService() method work fine?
I am anxious to know your valuable idea on this and again I appreciate any
suggestion on this matter.
Thank you very much in advance
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4152923#4152923
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4152923
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
