I am new to J2EE. This is architecture question rather than an implementation question. I am building a new SOA web application that will obtain it's data from web service calls. The web service calls will access the database via PoJo. I am planning to create DAO and DTO in Pojo. I am also planning to use XML Serialization using Xstream. Front end will be in ExtJs , which will call the Servlet on Apache Container. Servlet will make a WebService Calls. Is this the right architecture? I was able to create a sample application following this architecture. In this Architecture i am planning to have two web applications one for Servlet and another for Web Service. They will run on Apache Tomcat. Two technology that confuses me are EJB and Hibernate. One of my friend suggested me not to use Hibernate right now and go with POJO and in future if you think your Database Access is slowing down then convert the PoJo to use Hibernate but as of right now just use JDBC to access database.
How do i handle Sessions in this Architecture? How do i do Authentication? What about the Security during the SOAP Request and Response?