If I want to build a secure java web application --- it lets user login from web page, then they can simply update the database tables by entering new data. These tables are accessible by other applications, in other words, another different application may be retrieving data from the table at the same time.
For this scenario, should I
1. use stateful or stateless session bean to implement the user updating database process ? 2. should I use transaction for the database updating part ? 3. can I just implement the database updating part in my session bean (I can use JDBC to connect to database and run query) without introducing any EJB ?
1. Depends on your requirements, does the update need to happen after multiple calls to the Session Bean? - if not use stateless
2. Depends on your requirements, but generally you don't want people accessing records you are updating - and you may want to roll the operation back on an error
3. You mean can you use JDBC calls in a Session Bean instead of creating a Entity Bean to do the work - yes you can... but Entity Beans exist in the spec for a reason - they do the ORM (object relational mapping) fairly easily. There are also other persistance mechanisms you can use instead of Entity Beans.