Transaction 637

7/29/2019 Transaction 637

1/22

Transaction & Security

Chuyn Lp trnh Java & J2EE

Chng 16Bin son: Th.S Nguyn vn Lnh


2/22

Motivation for TransactionsAtomic Operations

Recovery after Network or Machine Failure

Multiple Users Sharing Data

avoid those problems by properly using

transactions.


3/22

The ACID Properties Atomicity guarantees that many operations are

bundled together and appear as one contiguous unitof work.

Consistency guarantees that a transaction leavesthe systems state to be consistentafter a transactioncompletes.

Isolation protects concurrently executing

transactions from seeing each others incompleteresults. Durability guarantees that updates to managed

resources, such as database records, survive failures.


4/22

Transactional Models Flat transaction is a series of

operations that are performed

atomically as a single unit of work.

Nested transactionallows to embedatomic units of work within other units

of work.


5/22

Transsaction demarcation Programmatic Transactions

youare responsible for issuing a beginstatementand either a commitor an rollbackstatement

BMT: do not alow for Entity bean Declarative Transactions

Specify transaction attributes in deploymentdescriptor

Container automatically handle transactionalissues CMT

Client-Initiated Transactions


6/22

Transaction attribute Required

RequiresNew

Supports

Mandatory

Never NotSupported


7/22


8/22

Required


9/22

Requires New


10/22

Mandatory


11/22

Never


12/22

Bean Managed Transaction


13/22


14/22

Java Transaction API (JTA) JTA can be used in client & bean code

to programmatically control

transactional boundaries.

The interface you use to

programmatically control transactions isjavax.transaction.UserTransaction.


15/22

UserTransactioninterface


16/22

Code sample


17/22

Transactional Isolation Concurrency Control

lockingon the database to prevent the two componentsfrom reading data

Four transaction isolation levels: READ UNCOMMITTED

does not offer any isolation guarantees (dirty read) but offersthe highest performance.

READ COMMITTED REPEATABLE READ

SERIALIZABLE: Use SERIALIZABLEfor mission-critical systems that absolutely

must have perfect transactional isolation.

Pessimistic and Optimistic Concurrency Control


18/22

Distributed Transactions Distributed flat transactions allow multiple

transaction participants, written by differentvendors, to collaborate under one

transactional context. Two-Phase Commit Protocol

Phase One begins by sending a before commitmessage to all resources involved in thetransaction.

Phase Two occurs only if Phase One completedwithout an abort. At this time, all of the resourcemanagers, which can all be located and controlledseparately, perform the actual data updates


19/22

2PC protocol


20/22

EJB Security Authentication verifies that the client

is who he claims to be.

Authorizationchecks to see if analready authenticated client is allowedto perform a task.


21/22

Authentication Basic authentication.

The Web client supplies a username and passwordto the Web server.

Form-based authentication. uses a customizable form, login screen.

Digest authentication. Web client supplies a special message digest to

the Web server. Certificate authentication.

The client can establish an identity with X.509certificates.


22/22

Authorization Programmatic authorization

you hard-code security checks into your bean

code. Declarative authorization

the container performs all authorization checks

Security Roles

a collection of client identities

Transaction 637

Documents

Transcript of Transaction 637