Chapter 6. Transactions and security
This chapter covers
• The basics of transactions in EJBs
• When to use transactions
• Container-managed versus bean-managed transactions
• The basics of authentication and authorization in EJBs
• Using groups and roles in security
Transactions and security are the cornerstones upon which an Enterprise application is built.
In terms of development, transactions and security are probably the hardest to implement
correctly and nearly impossible to retrofit into an application once it's built. Both are system-
level concerns that crosscut through an application and are intrinsically assumed by the busi-
ness logic. EJB tackles both of these concerns and provides a framework for building robust
applications while enabling you to focus on the business logic.
If you're already familiar with the basics of JDBC, EJB provides another layer on top of
JDBC. This additional layer introduces abstractions that you'd otherwise have to invent.
JDBC is an abstraction for talking to a database generically using SQL; it's not a framework.
Building a scalable application that uses transactions involves much more than simply set-
ting auto-commit to false . Building a framework to manage transactions isn't a trivial
task, and there are many ways to do it wrong. In this chapter you'll learn how to use trans-
actions in EJB and also how to secure your application.
This chapter is split into two parts, with the first half tackling transactions and the second
half delving into security. Our coverage of transactions starts off by first reviewing the basics
and then looking at the two approaches that can be taken. Topics that we'll cover include
database transactions, two-phase commit with multiple databases, and declarative security
and programmatic security.
6.1. Understanding transactions
A transaction is a grouping of tasks that must be processed atomically. If any of the tasks
fail, the changes made by any of the successful tasks are rolled back. A failure results in the