1 Reply Latest reply on May 28, 2008 3:06 PM by Mohammad Norouzi

    need suggestion in EJB based application design

    Mohammad Norouzi Novice

      Hi Experts,
      I need your suggestions and idea regarding the scenario we have designed for our EJB-based Banking system. I would appreciate if you give me advice and/or share your experience on this.

      In our Banking System, we've got a Central Bank Manager in which we have provided all the bank services such as transferring money, returning balance, paying bills etc. and other subsystems say, Internet Bank or Telephone Bank will be served through this Central Bank Manager. The old Manager was developed in a very poor designation and now we are going to develop it using EJB.

      The scenario we are currently consider is to developing each banking services as an session object. Actually, we have two kind of services, Loginless services that needs no authentication and even authorization and Loginfull services which requires that the customer first log in and then uses any available service that desires.

      I assume the former services as Stateless session bean while the later ones as stateful session beans.

      My Idea is that we can provide a Login SFSB in which we have a login() business method that have been tagged with @Init and a logout() method tagged with @Remove. Also, this SFSB has a getService(ServiceType) method in which we can lookup the actual service that the customer needs.

      as an example:

      
      //A servlet from Internet Bank that serves login process
      
      public void doGet(...){
       //acquire username and password
       String username = ...
       String password = ...
      
       // lookup Login SFSB remote interface
       BankSession bankSession = ctx.lookup(...);
      
       Boolean ok = bankSession.login(username,password);
       if(ok){
       httpSession.setAttribute("bankSession", bankSession);
       }else{
       //redirect to an error page
       throw new Exception("invalid username or password");
       }
      }
      


      now if user is authenticated then we store a bankSession in his/her session. but inside the BankSession we have a getService() method which is actually a service locator that looks up any desired service.

      @Statefull
      public class BankSession implements BankSessionRemote{
       // to assign a session id
       private String sessionId;
      
       @Init
       public boolean login(....){
       //code to logging in
       }
       public <T extends BankService> T getService(Class<T> klass){
       try{
       Context c = new InitialContext();
       Object sessionBean = c.lookup(klass.getName());
       ((BankService)sessionBean).setSessionId(sessionId);
       return (T) sessionBean;
       }catch(NamingException x){
       return null;
       }
       }
      
       @Remove
       public void logout(){
       sessionId = null;
       //rest of codes...
       }
      }
      


      now, consider in another servlet which is responsible for transferring money we have:

      public class TransferServlet....{
       public void doGet(...){
       BankSession bankSession = httpSession.getAttribute("bankSession");
       Transfer transfer = bankSession.getService(Transfer.class);
       transfer.execute(...);
       }
      }
      


      if point is each time the logout() is called or the EJB timed out exception is occurred or this session bean is disposed in any way the customer is no longer able to get any other service that requires authentication. so in this way, we can make sure that everything is working safely.

      And one more thing is that because we set the session id through the getService() method, neither of those services will work if they are acquired individually through the RMI rather than our BankSession SFSB.


      But the thing is that I don't know whether or not we can store the session bean as an attribute in HttpSession or generally, if we store it in any structure and pass that session bean to various classes and servlets, is it still keep its own relation with the remote server?

      And secondly, Does the locator we provide in getService() method work fine?

      I am anxious to know your valuable idea on this and again I appreciate any suggestion on this matter.

      Thank you very much in advance