How can one isolate logical layers of an Java EE application

Question

I'm not really sure if this is actually a real problem or a stupid beginner question. Maybe I have missed some point and this question is rather trivial, so please bear with me.

If I got it right, then the difference between layers and tiers is that layers relate to logical separation whereas tiers imply physical separation of portions of an application.

One can implement layers as separate tiers to shield the application from users making direct calls e.g. to data access objecs. But my intention is to conceal lower layers of an application practically from user clients in a logical fashion, meaning without actually using separate jvms or application servers. How can I do this, does this somehow relate to the way how the packaging takes place? (different archives like jar, war, ears to isolate logic...).

I'm actually interested in providing security for a layered server application, for which might exist various clients that are out of my control. If I'm providing client application programmers an interface for high level services, I have to protect the lower layers with EJB security annotations, too. What I'm hoping for is to do this in a more elegant manner through marking the lower layers as not accessible to application clients.

Answer 1

But my intention is to conceal lower layers of an application practically from user clients in a logical fashion, meaning without actually using separate jvms or application servers.

If those "user clients" are running within the same JVM, and even same application (e.g. same .war, same .ear), then the level of security you're seeking is only superficial. Basically, you are then protecting against your own co-worker or team mates (normally, "user clients" are external clients, running from different machines, reaching you via e.g. the Internet).

In a Java EE EAR application there is some layering, but the layers are there to prevent business logic from accessing view logic directly. E.g. a lower level layer cannot access a higher level layer. These layers are protected from each other via class loader isolation. Specifically, each web module is at the bottom of the hierarchy and other modules (not even other web modules) can't directly access code in it. EJB modules are one layer down, and all web modules as well as other EJB modules can access the code in it. Finally there's the top level EAR, which doesn't count as a module, but can contain utility code that should not be able to access code in the modules directly, but can be used by all modules (cross-layer thus, the web modules can access this directly too).

The module system in Java EE seems to work the other way than what you want. It conceals higher layers, not lower layers.

An extra level of module isolation can be reached by deploying multiple "co-operating" applications to the same application server. You can then define remote interfaces for EJB beans as gateways (facades) to the logic that you are trying to conceal. Take care though that many application servers also allow other applications deployed to the same AS to request local EJBs from JNDI, even though the EJB spec does not require this (but it does not forbid it either).

Furthermore there is the usual mechanism of private and protected access modifiers, but these are more in place to shield you from coding errors. Reflection tricks will easily get pass them.

Then there are security managers. If you don't trust the code from your own team mates ("user clients"), you might want to look into using these. They can be challenging to use, but may be what you are looking for.