Java Reference
In-Depth Information
An application can use local transactions if it only updates a single database via
JDBC
,
JDO
, or Hibernate. However, applications that update multiple databases or
update a database and use
JMS
must use
JTA
.
Using JTA transactions
A
JTA
(or global) transaction is a transaction that involves multiple databases
and/or resources such as a
JMS
. An application uses
JTA
transaction either by
using the
JTA
API
s directly or by using
EJB
container-managed transactions that
call the
JTA
API
s internally. The
JTA
API
s call the transaction manager (not to be
confused with the Spring
PlatformTransactionManager
interface), which is typi-
cally provided by the application server. The transaction manager coordinates the
atomic commit and rollback of the multiple resources.
To use a
JTA
transaction in a Spring application, you simply configure the
TransactionInterceptor
with a
JtaTransactionManager
, which is a
PlatformTrans-
actionManager
that manages the transaction using the
JTA
API
s. However, one
important difference between the
JtaTransactionManager
and the
PlatformTrans-
actionManager
s that manage local transactions is that it does not manage a persis-
tence framework connection. You can either let the
ORM
template class open the
connection, or you can use a persistence framework-specific interceptor. For exam-
ple, a
HibernateInterceptor
binds a Hibernate
Session
to the thread and a
Jdo-
Interceptor
binds a
JDO
PersistenceManager
to the thread.
7.2.5
Implementing security
In the film
The Lord of the Rings
, the town of Bree has a gatekeeper who decides
who can enter the town. At night, when the gate is closed he looks through a
peephole to make sure that the visitor is not an enemy of the town. A façade that
encapsulates the business logic often plays the role of gatekeeper. It verifies that
the caller has permission to invoke a particular façade method. Hopefully, the
façades in your application will fare better than Bree's gatekeeper. Shortly after he
let in Frodo and his companions, the Black Riders sent the town's gate crashing
down on top of him.
An
EJB
can use the declarative security mechanism provided by the
EJB
con-
tainer, which verifies that the user has permission to execute a business method. It
also can call the
EJBContext
to get the identity of the caller and determine
whether the caller is in a particular role. A
POJO
façade does not use the
EJB
con-
tainer and so must adopt a different approach to security. It can either rely on the
presentation tier to provide security or, if the
POJO
façade must enforce security, it
can use a framework such as Acegi Security.
Search WWH ::
Custom Search