Professional Documents
Culture Documents
Transaction & Security: Chuyên đề Lập trình Java & J2EE Chương 16
Transaction & Security: Chuyên đề Lập trình Java & J2EE Chương 16
transactions.
Atomicity guarantees that many operations are bundled together and appear as one contiguous unit of work. Consistency guarantees that a transaction leaves the systems state to be consistent after a transaction completes. Isolation protects concurrently executing transactions from seeing each others incomplete results. Durability guarantees that updates to managed resources, such as database records, survive failures.
Transactional Models
Flat transaction is a series of operations that are performed atomically as a single unit of work. Nested transaction allows to embed atomic units of work within other units of work.
Transsaction demarcation
Programmatic Transactions
you are responsible for issuing a begin statement and either a commit or an rollback statement
BMT: do not alow for Entity bean
Declarative Transactions
Client-Initiated Transactions
Specify transaction attributes in deployment descriptor Container automatically handle transactional issues CMT
Transaction attribute
Required
Requires New
Mandatory
Never
JTA can be used in client & bean code to programmatically control transactional boundaries. The interface you use to programmatically control transactions is javax.transaction.UserTransaction.
UserTransaction interface
Code sample
Transactional Isolation
Concurrency Control
READ UNCOMMITTED
does not offer any isolation guarantees (dirty read) but offers the highest performance.
Use SERIALIZABLE for mission-critical systems that absolutely must have perfect transactional isolation.
Distributed Transactions
Distributed flat transactions allow multiple transaction participants, written by different vendors, to collaborate under one transactional context. Two-Phase Commit Protocol
Phase One begins by sending a before commit message to all resources involved in the transaction. Phase Two occurs only if Phase One completed without an abort. At this time, all of the resource managers, which can all be located and controlled separately, perform the actual data updates
2PC protocol
EJB Security
Authentication verifies that the client is who he claims to be. Authorization checks to see if an already authenticated client is allowed to perform a task.
Authentication
Basic authentication.
Form-based authentication.
The Web client supplies a username and password to the Web server.
uses a customizable form, login screen. Web client supplies a special message digest to the Web server. The client can establish an identity with X.509 certificates.
Digest authentication.
Certificate authentication.
Authorization
Programmatic authorization
Declarative authorization
Security Roles