Java Reference
In-Depth Information
Out of the box, EJBs default to container-managed persistence with a transaction encom-
passing a method invocation. On the security front, there are no security constraints on
beans. By default, the web tier can call any bean and any bean can invoke any other bean on
behalf of any user. The best approach for both managing transactions and security is to use
declarative transactions (CMT) and declarative security. Declarative security can be mixed
with the programmatic approach, but CMT and BMT can't be mixed in the same bean, and
using BMT for one bean and CMT for another bean will cause complications quickly if
one bean uses the other. With both transactions and security, additional configuration of the
application container will be necessary.
The discussion on security and transactions wraps up our coverage of session and message-
driven beans. In the next chapter we'll delve into scheduling and timers.
