I attend in process of designing JEE web application. It consist of: - backend module (EJB 3.0) - 3 web modules (JSF)
Our application must be secure, so some colleagues claim that it must be splitted into two or more separate servers - backend in one server, webapps in other(s). In our case performance isn't a problem but this architecure demands using remote interfaces in EJB layer.
We are planning also to incorporate Seam to simplify development, but there is one drawback. So we miss out some really cool features of Seam e.g. - extended persistence context in SFSB
Does use of architecure with two or more separate servers/machines for each layer of JEE web application is a really a must in aspects of high security? I didn't find resources explaining pros and cons of this configuration. What are other project configuration options/security patterns that I should consider that facilitate using Seam? In others words should we stick with this architecture and add Seam as it is or apply another solution?
If it helps we can use Spring instead of EJB, but EJB is more preferable.