Hi Experts, I need your suggestions and idea regarding the scenario we have designed for our EJB-based Banking system. I would appreciate if you give me advice and/or share your experience on this. In our Banking System, we've got a Central Bank Manager in which we have provided all the bank services such as transferring money, returning balance, paying bills etc. and other subsystems say, Internet Bank or Telephone Bank will be served through this Central Bank Manager. The old Manager was developed in a very poor designation and now we are going to develop it using EJB. The scenario we are currently consider is to developing each banking services as an session object. Actually, we have two kind of services, Loginless services that needs no authentication and even authorization and Loginfull services which requires that the customer first log in and then uses any available service that desires. I assume the former services as Stateless session bean while the later ones as stateful session beans. My Idea is that we can provide a Login SFSB in which we have a login() business method that have been tagged with @Init and a logout() method tagged with @Remove. Also, this SFSB has a getService(ServiceType) method in which we can lookup the actual service that the customer needs. as an example: | | //A servlet from Internet Bank that serves login process | | public void doGet(...){ | //acquire username and password | String username = ... | String password = ... | | // lookup Login SFSB remote interface | BankSession bankSession = ctx.lookup(...); | | Boolean ok = bankSession.login(username,password); | if(ok){ | httpSession.setAttribute("bankSession", bankSession); | }else{ | //redirect to an error page | throw new Exception("invalid username or password"); | } | } | now if user is authenticated then we store a bankSession in his/her session. but inside the BankSession we have a getService() method which is actually a service locator that looks up any desired service. | @Statefull | public class BankSession implements BankSessionRemote{ | // to assign a session id | private String sessionId; | | @Init | public boolean login(....){ | //code to logging in | } | public <T extends BankService> T getService(Class<T> klass){ | try{ | Context c = new InitialContext(); | Object sessionBean = c.lookup(klass.getName()); | ((BankService)sessionBean).setSessionId(sessionId); | return (T) sessionBean; | }catch(NamingException x){ | return null; | } | } | | @Remove | public void logout(){ | sessionId = null; | //rest of codes... | } | } | now, consider in another servlet which is responsible for transferring money we have: | public class TransferServlet....{ | public void doGet(...){ | BankSession bankSession = httpSession.getAttribute("bankSession"); | Transfer transfer = bankSession.getService(Transfer.class); | transfer.execute(...); | } | } | if point is each time the logout() is called or the EJB timed out exception is occurred or this session bean is disposed in any way the customer is no longer able to get any other service that requires authentication. so in this way, we can make sure that everything is working safely. And one more thing is that because we set the session id through the getService() method, neither of those services will work if they are acquired individually through the RMI rather than our BankSession SFSB. But the thing is that I don't know whether or not we can store the session bean as an attribute in HttpSession or generally, if we store it in any structure and pass that session bean to various classes and servlets, is it still keep its own relation with the remote server? And secondly, Does the locator we provide in getService() method work fine? I am anxious to know your valuable idea on this and again I appreciate any suggestion on this matter. Thank you very much in advance View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4152923#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...