tags:

views:

265

answers:

2
+1  Q: 

Keeping state with remote EJBs and Web Services

I have a web-based application which makes use of remote EJBs for its business logic. Some of these EJBs are also exposed as Web Services. I need to keep a small state for some of these calls in order to allow subsequent calls to function correctly. Which of the following would you recommend?

  • Stateful EJBs (will this work with Web Services?)
  • Return the state to the client (what if I want to prevent the client from altering the state?)
  • Reload the state from the DB on each method (should I worry about the overhead?)
+2  A: 

All three proposed solutions can be made to work, but the best solution will depend on the details of your application.

I don't use Stateful Session Beans (SFSBs) at all. SFSBs are designed to keep session state, but using them via a Web Service raises questions about what exactly is a session? If you have a complicated deployment environment or users use multiple instances of the application then this could be a fragile solution.

Returning state - as the question indicates, there could be security issues unless you are certain that the server can trust its clients. You could use encryption techniques to verify that the state object had not been modified, but it is much safer not to give sensitive data to a potentially hostile client. Another situation where this might be useful is if the client is permitted to alter the state, or if no harm can be done if the client does so. If client access to the system is always through a web-tier, this is a good place to store session state. The web-tier and application-tier can safely exchange state objects.

Reloading the state from the database is probably the most generally applicable approach. If you use an entity bean or an Object Relational Mapping library then the server should be able to reduce the number of database queries.

richj  2009-07-15 08:46:07
Could you please elaborate on the database state saving approach? How do you handle session timeouts (which would require some cleanup)?
Zecrates  2009-07-15 12:56:48
The database state approach works best with data that is tied to a user account rather than a session. Logically the data is reloaded on each request, however in practice either the entity bean or database or both will cache the state, so that the data is usually available on demand. The cache manages its own memory usage via an eviction policy, e.g. Least Recently Used. There is no need to manage cleanup yourself unless this approach is used to manage session state. Although it would be possible to remove old sessions with a Timer process, it is better to manage session state in the web tier.
richj  2009-08-20 10:50:34
+1  A: 

The only option you have is to store appropriate information associated with a certain UserId in the DB.

You can't expose Statefull bean as Webservice.

In case of exposing your Beans as Webservices you could try to send additional information back and forth by putting in the SOAP header to prevent modifications in the body. But in this case clients will be able to alter it.

Mykola Golubyev  2009-07-19 13:00:13

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?