Java Reference
In-Depth Information
In bean-managed transaction demarcation, the EJB bean uses
UserTransaction
. Only session beans can choose to use
bean-managed transactions. In container-managed transaction
demarcation, the EJB container is responsible for transaction
demarcation. Moreover, you should use container-managed
transaction demarcation because it is less prone to error, and
you should let the container handle transaction demarcation
automatically. It frees the component provider from writing
transaction demarcation code in the component. It is easier to
group enterprise beans to perform a certain task with specific
transaction
behavior.
The
application
assembler
can
customize
the
transaction
attributes
in
the
deployment
descriptor without modifying the code.
However,
programmatic
(procedural)
access
control
is
sometimes
necessary
to
satisfy
fine-grained
or
application-specific conditions.
Bean Managed Vs Container Managed Security
To simplify the development process for the enterprise bean
provider, the implementation of the security infrastructure is
left to the EJB container provider and the task of defining
security policies is left to the bean deployer. By avoiding
putting hard-coded security policies inside bean code, EJB
applications gain flexibility when configuring and
reconfiguring security policies for complex enterprise
applications. Applications also gain portability across
different EJB servers that may use different security
mechanisms. EJB framework specifies flexibility with regard
to security management, allowing it to be declarative
(container-managed) or programmatic (bean-managed).
