如何隔离Java EE应用程序的逻辑层 [英] How can one isolate logical layers of an Java EE application

问题描述

我不太确定这是否真的是一个真正的问题，还是一个愚蠢的初学者问题。也许我错过了一点，这个问题是微不足道的，所以请与我一起。

如果我说得对，那么层和层之间的区别是层涉及逻辑分离，而层次意味着应用程序的部分的物理分离。

可以将层作为单独的层来实现，以将应用程序屏蔽到进行直接调用的用户到数据访问对象。但是我的意图是以逻辑方式实际上从用户客户端隐藏应用程序的较低层次，这意味着没有实际使用单独的jvms或应用程序服务器。我该怎么做，这是否与包装发生的方式有关？ （不同的档案像jar，战争，耳朵隔离逻辑...）。

我实际上有兴趣为分层服务器应用程序提供安全性，可能存在各种不能控制的客户端。如果我为客户端应用程序员提供高级服务的接口，那么我也必须使用EJB安全注解来保护较低层。我希望的是通过将较低层标记为应用程序客户端无法访问的方式，以更优雅的方式执行此操作。

解决方案

blockquote>

但我的目的是以逻辑方式从用户客户端隐藏应用程序的较低层次，这意味着没有实际使用单独的jvms或应用程序服务器。

如果这些用户客户端在同一个JVM中运行，甚至是同一个应用程序（例如同一个.war，同一个.ear），那么你所要求的安全级别是只有表面。基本上，您正在保护自己的同事或团队合作伙伴（通常，用户客户端是外部客户端，从不同的机器运行，通过例如Internet 到达您）。

在Java EE EAR应用程序中有一些层次结构，但是这些层是为了防止业务逻辑直接访问视图逻辑。例如。较低级别的层无法访问较高级别的层。这些层通过类加载器隔离来保护彼此。具体来说，每个Web模块位于层次结构的底部，其他模块（甚至其他Web模块）都不能直接访问其中的代码。 EJB模块是一层，所有Web模块以及其他EJB模块都可以访问其中的代码。最后还有顶级的EAR，它不算作一个模块，但可以包含不能直接访问模块中的代码的实用程序代码，但可以被所有模块使用（跨层，因此，Web模块可以直接访问这个）。

Java EE中的模块系统似乎以比您想要的方式工作。它隐藏了较高层，而不是较低的层。

通过将多个协作应用程序部署到同一个应用程序服务器，可以实现额外级别的模块隔离。然后，您可以将EJB Bean的远程接口定义为您要隐藏的逻辑的网关（外观）。尽管许多应用程序服务器还允许部署到同一个AS的其他应用程序从JNDI请求本地EJB，尽管EJB规范不需要（但也不禁止它）。

此外，还有私有和受保护的访问修饰符的通常机制，但是这些机制更适用于屏蔽编码错误。反思技巧很容易得到通过。

然后有安全管理员。如果您不信任您自己的队友（用户客户端）中的代码，则可能需要查看使用这些代码。它们可能具有挑战性，但可能是您正在寻找的。

I'm not really sure if this is actually a real problem or a stupid beginner question. Maybe I have missed some point and this question is rather trivial, so please bear with me.

If I got it right, then the difference between layers and tiers is that layers relate to logical separation whereas tiers imply physical separation of portions of an application.

One can implement layers as separate tiers to shield the application from users making direct calls e.g. to data access objecs. But my intention is to conceal lower layers of an application practically from user clients in a logical fashion, meaning without actually using separate jvms or application servers. How can I do this, does this somehow relate to the way how the packaging takes place? (different archives like jar, war, ears to isolate logic...).

I'm actually interested in providing security for a layered server application, for which might exist various clients that are out of my control. If I'm providing client application programmers an interface for high level services, I have to protect the lower layers with EJB security annotations, too. What I'm hoping for is to do this in a more elegant manner through marking the lower layers as not accessible to application clients.

解决方案

But my intention is to conceal lower layers of an application practically from user clients in a logical fashion, meaning without actually using separate jvms or application servers.

If those "user clients" are running within the same JVM, and even same application (e.g. same .war, same .ear), then the level of security you're seeking is only superficial. Basically, you are then protecting against your own co-worker or team mates (normally, "user clients" are external clients, running from different machines, reaching you via e.g. the Internet).

In a Java EE EAR application there is some layering, but the layers are there to prevent business logic from accessing view logic directly. E.g. a lower level layer cannot access a higher level layer. These layers are protected from each other via class loader isolation. Specifically, each web module is at the bottom of the hierarchy and other modules (not even other web modules) can't directly access code in it. EJB modules are one layer down, and all web modules as well as other EJB modules can access the code in it. Finally there's the top level EAR, which doesn't count as a module, but can contain utility code that should not be able to access code in the modules directly, but can be used by all modules (cross-layer thus, the web modules can access this directly too).

The module system in Java EE seems to work the other way than what you want. It conceals higher layers, not lower layers.

An extra level of module isolation can be reached by deploying multiple "co-operating" applications to the same application server. You can then define remote interfaces for EJB beans as gateways (facades) to the logic that you are trying to conceal. Take care though that many application servers also allow other applications deployed to the same AS to request local EJBs from JNDI, even though the EJB spec does not require this (but it does not forbid it either).

Furthermore there is the usual mechanism of private and protected access modifiers, but these are more in place to shield you from coding errors. Reflection tricks will easily get pass them.

Then there are security managers. If you don't trust the code from your own team mates ("user clients"), you might want to look into using these. They can be challenging to use, but may be what you are looking for.

这篇关于如何隔离Java EE应用程序的逻辑层的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！