> Is applying security checks in the entity beans for a
> second time overkill ? does it hit performance too
> much ?
It's not much of a performance issue. More it can become a maintenance issue if you're declaring many different roles (therefore having to modify them in sync between the facade and the entity). In that case, it might make sense to declare an "InternalUser" role for the entities and have your facade use that identity with the <run-as> element.
but that's not an issue... bean classes are XDoclet generated :) and the XDoclet code in turn is generated using AndroMDA (from the UML)
so no need for manual sync. as there is no security logic in the business implementation classes
I know that it hasn't relation whit the subject, but I'm very frustrated and I don't know where I can find the solution to my problem.
I have read that you have developped a J2EE application and it works well. I'm trying do the same (a J2EE application with AndroMDA) and I have an issue that I can't access to the facades ('services'). I have been looking for the trouble more than a week but my result is nothing.
Could you send me a code example about the way that you use to do it, in other words, the way that you use to call the facade, please???
Thanks in advace and sorry for the inconvenience.