You could used standard J2EE role based security
/s
Felipe Gaúcho wrote:
ok, some use cases:
- the professor mofidy (crud) questions into the database
- the student read a set of questions from the database
the question is: how can I control the access to the questions
using web-services?
On 7/13/06, Sameer Tyagi <Sameer.Tyagi@sun.com> wrote:
Hello.
In most large scale enterprise applications that I have been involved
in, the
web services layer is viewed as an abstraction to expose reusable
services
as "web services" using a particular transport.
In your case I would focus on your domain model and getting the right
granularity
in the services. How you expose the business logic, (EJB's of PoJos)
depends
on the use case, need for transactional context, security, reusability
etc.
In most application architects prefer to keep the business logic
separate from
the facade exposing it, and then depending on the use case, layer that
with
an EJB or other component.
For example if there is no transactional or security context in the
service, you could
expose the same class containing your business logic as a JAX-WS service
implementation
or as a stateless EJB web service endpoint.
I m not sure what you mean by controlling data access in your question
below.
Hope this helps.
/s
Felipe Gaúcho wrote:
> Dear friends,
>
> I am designing a new Enterprise Application here.. and I have some
> questions:
>
> the original idea is to use the following architecture:
>
> business > middleware > presentation
> JPA + EJB JAX-WS servlets/swing
>
>
> the questions are:
>
> - Where I can implement the business logic? only in the EJB? both
in
> EJB and JPA? or either both in EJB and JAX-WS ?
> - Can I control the data access from the user into the JAX-WS
> middleware? how? using role based JAAS? how to ?
>
> a lot of concepts and experiements, I know... but the best kickoff
> seems to be asking other developers...
>
> best regards,
>
> Felipe Gaucho
>
>