Saturday, August 16, 2008

EJB Programming Restrictions

In order for the container to properly carry out its duties, provide appropriate services, and manage the components within its environment, a number of restrictions apply to the design and creation of EJBs. These rules often cause much confusion and gnashing of teeth among developers, but it is best to understand and abide by them to avoid problems in your beans and applications.

"This section describes the programming restrictions that a Bean Provider must follow to ensure that the enterprise bean is portable and can be deployed in any compliant EJB 2.0 Container. The restrictions apply to the implementation of the business methods...

* An enterprise Bean must not use read/write static fields. Using read-only static fields is allowed. Therefore, it is recommended that all static fields in the enterprise bean class be declared as final.
* An enterprise Bean must not use thread synchronization primitives to synchronize execution of multiple instances.
* An enterprise Bean must not use the AWT functionality to attempt to output information to a display, or to input information from a keyboard.
* An enterprise bean must not use the java.io package to attempt to access files and directories in the file system.
* An enterprise bean must not attempt to listen on a socket, accept connections on a socket, or use a socket for multicast.
* The enterprise bean must not attempt to query a class to obtain information about the declared members that are not otherwise accessible to the enterprise bean because of the security rules of the Java language. The enterprise bean must not attempt to use the Reflection API to access information that the security rules of the Java programming language make unavailable.
* The enterprise bean must not attempt to create a class loader; obtain the current class loader; set the context class loader; set security manager; create a new security manager; stop the JVM; or change the input, output, and error streams.
* The enterprise bean must not attempt to set the socket factory used by ServerSocket, Socket, or the stream handler factory used by URL.
* The enterprise bean must not attempt to manage threads. The enterprise bean must not attempt to start, stop, suspend, or resume a thread; or to change a thread's priority or name. The enterprise bean must not attempt to manage thread groups.
* The enterprise bean must not attempt to directly read or write a file descriptor.
* The enterprise bean must not attempt to obtain the security policy information for a particular code source.
* The enterprise bean must not attempt to load a native library.
* The enterprise bean must not attempt to gain access to packages and classes that the usual rules of the Java programming language make unavailable to the enterprise bean.
* The enterprise bean must not attempt to define a class in a package.
* The enterprise bean must not attempt to access or modify the security configuration objects (Policy, Security, Provider, Signer, and Identity).
* The enterprise bean must not attempt to use the subclass and object substitution features of the Java Serialization Protocol.
* The enterprise bean must not attempt to pass this as an argument or method result. The enterprise bean must pass the result of SessionContext.getEJBObject(), SessionContext. getEJBLocalObject(), EntityContext.getEJBObject(), or EntityContext.getEJBLocalObject() instead."