I'm building an application using ejb3 and jboss 4, and I'm trying to understand what is the best way to handle the communication between a remote client in java (used by a GUI) and the jboss container. I thought about these two modelling solutions, and I'm trying to tell what are the pros and cons (in my opinion) :
1) The java client receives entity beans through a session bean, it manages and manipulates the objects and then it returns the object to the session bean (which merges the detached object).
- Easy to develop: the java client uses the entity bean methods
- Objects are distributed
- The business logic is in the client
- If the Entity Bean class is changed, the new .class must be copied into the client too
- Entity Bean's methods can be used by malicious code without control
2) The java client uses methods that return the object's ID, not the entire object. The ID is provided by methods in session beans that implement the business logic, and the client has only to call these methods (and catch the exceptions)
- The business logic is all in server side
- More control, trasparency and security in functionality is provided by the session beans to the client
- Apparently more laborious development
- Not a distributed object approach (without object benefits and necessity
to use API)
Are these two scenarios correct?
Are there any other way to organize communication between entity object and java client?
Considering security, flexibility, caching systems, and future developments, what could be a good scenario?
The scenario I'm modelling is aproximately represented by two hundred entity beans.
Where can I find more information and possibly some nontrivial example?
Thanks a lot for your help!