Jakarta Enterprise Beans

The EJB specification was originally developed in 1997 by IBM and later adopted by Sun Microsystems (EJB 1.0 and 1.1) in 1999^[2] and enhanced under the Java Community Process as JSR 19 (EJB 2.0), JSR 153 (EJB 2.1), JSR 220 (EJB 3.0), JSR 318 (EJB 3.1) and JSR 345 (EJB 3.2).

The EJB specification provides a standard way to implement the server-side (also called "back-end") 'business' software typically found in enterprise applications (as opposed to 'front-end' user interface software). Such software addresses the same types of problem, and solutions to these problems are often repeatedly re-implemented by programmers. Jakarta Enterprise Beans is intended to handle such common concerns as persistence, transactional integrity and security in a standard way, leaving programmers free to concentrate on the particular parts of the enterprise software at hand.

The EJB specification details how an application server provides the following responsibilities:

• Transaction processing
• Integration with the persistence services offered by the Jakarta Persistence (JPA)
• Concurrency control
• Event-driven programming using Jakarta Messaging (JMS) and Jakarta Connectors (JCA)
• Asynchronous method invocation
• Job scheduling
• Naming and directory services via Java Naming and Directory Interface (JNDI)
• Interprocess Communication using RMI-IIOP and Web services
• Security (JCE and JAAS)
• Deployment of software components in an application server

Additionally, the Jakarta Enterprise Beans specification defines the roles played by the EJB container and the EJBs as well as how to deploy the EJBs in a container. Note that the EJB specification does not detail how an application server provides persistence (a task delegated to the JPA specification), but instead details how business logic can easily integrate with the persistence services offered by the application server.

Businesses found that using EJBs to encapsulate business logic brought a performance penalty. This is because the original specification allowed only for remote method invocation through CORBA (and optionally other protocols), even though the large majority of business applications actually do not require this distributed computing functionality. The EJB 2.0 specification addressed this concern by adding the concept of local interfaces which could be called directly without performance penalties by applications that were not distributed over multiple servers.^[3]

The EJB 3.0 specification (JSR 220) was a departure from its predecessors, following a new light-weight paradigm. EJB 3.0 shows an influence from Spring in its use of plain Java objects, and its support for dependency injection to simplify configuration and integration of heterogeneous systems. EJB 3.0 along with the other version of the EJB can be integrated with MuleSoft-v4 using MuleSoft certified PlektonLabs EJB Connector. Gavin King, the creator of Hibernate, participated in the EJB 3.0 process and is an outspoken advocate of the technology. Many features originally in Hibernate were incorporated in the Java Persistence API, the replacement for entity beans in EJB 3.0. The EJB 3.0 specification relies heavily on the use of annotations (a feature added to the Java language with its 5.0 release) and convention over configuration to enable a much less verbose coding style. Accordingly, in practical terms EJB 3.0 is much more lightweight and nearly a completely new API, bearing little resemblance to the previous EJB specifications. ^{[citation needed]}

The following shows a basic example of what an EJB looks like in code:

@Stateless 
public class CustomerService { 

    private EntityManager entityManager; 
   
    public void addCustomer(Customer customer) { 
        entityManager.persist(customer); 
    } 
}

The above defines a service class for persisting a Customer object (via O/R mapping). The EJB takes care of managing the persistence context and the addCustomer() method is transactional and thread-safe by default. As demonstrated, the EJB focuses only on business logic and persistence and knows nothing about any particular presentation.

Such an EJB can be used by a class in e.g. the web layer as follows:

@Named	
@RequestScoped
public class CustomerBacking {
    @EJB 
    private CustomerService customerService;

    public String addCustomer(Customer customer) {
        customerService.addCustomer(customer);
        context.addMessage(...); // abbreviated for brevity
        return "customer_overview";
    }
}

The above defines a JavaServer Faces (JSF) backing bean in which the EJB is injected by means of the @EJB annotation. Its addCustomer method is typically bound to some UI component, such as a button. Contrary to the EJB, the backing bean does not contain any business logic or persistence code, but delegates such concerns to the EJB. The backing bean does know about a particular presentation, of which the EJB had no knowledge.

An EJB container holds two major types of beans:

• Session Beans^[4] that can be either "Stateful", "Stateless" or "Singleton" and can be accessed via either a Local (same JVM) or Remote (different JVM) interface or directly without an interface,^[5] in which case local semantics apply. All session beans support asynchronous execution^[6] for all views (local/remote/no-interface).
• Message Driven Beans (MDBs, also known as Message Beans). MDBs also support asynchronous execution, but via a messaging paradigm.

Stateful Session Beans^[7] are business objects having state: that is, they keep track of which calling client they are dealing with throughout a session and of the history of its requests, and thus access to the bean instance is strictly limited to only one client during its lifetime.^[8] If concurrent access to a single bean is attempted anyway the container serializes those requests, but via the @AccessTimeout annotation the container can instead throw an exception.^[9] Stateful session beans' state may be persisted (passivated) automatically by the container to free up memory after the client hasn't accessed the bean for some time. The JPA extended persistence context is explicitly supported by Stateful Session Beans.^[10]

Examples

• Checking out in a web store might be handled by a stateful session bean that would use its state to keep track of where the customer is in the checkout process, possibly holding locks on the items the customer is purchasing (from a system architecture's point of view, it would be less ideal to have the client manage those locks).

Stateless Session Beans^[11] are business objects that do not have state associated with them. However, access to a single bean instance is still limited to only one client at a time, concurrent access to the bean is prohibited.^[8] If concurrent access to a single bean is attempted, the container simply routes each request to a different instance.^[12] This makes a stateless session bean automatically thread-safe. Instance variables can be used during a single method call from a client to the bean, but the contents of those instance variables are not guaranteed to be preserved across different client method calls. Instances of Stateless Session beans are typically pooled. If a second client accesses a specific bean right after a method call on it made by a first client has finished, it might get the same instance. The lack of overhead to maintain a conversation with the calling client makes them less resource-intensive than stateful beans.

Examples

• Sending an e-mail to customer support might be handled by a stateless bean, since this is a one-off operation and not part of a multi-step process.
• A user of a website clicking on a "keep me informed of future updates" box may trigger a call to an asynchronous method of the session bean to add the user to a list in the company's database (this call is asynchronous because the user does not need to wait to be informed of its success or failure).
• Fetching multiple independent pieces of data for a website, like a list of products and the history of the current user might be handled by asynchronous methods of a session bean as well (these calls are asynchronous because they can execute in parallel that way, which potentially increases performance). In this case, the asynchronous method will return a Future instance.

Singleton Session Beans^[13][14] are business objects having a global shared state within a JVM. Concurrent access to the one and only bean instance can be controlled by the container (Container-managed concurrency, CMC) or by the bean itself (Bean-managed concurrency, BMC). CMC can be tuned using the @Lock annotation, that designates whether a read lock or a write lock will be used for a method call. Additionally, Singleton Session Beans can explicitly request to be instantiated when the EJB container starts up, using the @Startup annotation.

Examples

• Loading a global daily price list that will be the same for every user might be done with a singleton session bean, since this will prevent the application having to do the same query to a database over and over again...

Message Driven Beans^[15] are business objects whose execution is triggered by messages instead of by method calls. The Message Driven Bean is used among others to provide a high level ease-of-use abstraction for the lower level JMS (Java Message Service) specification. It may subscribe to JMS message queues or message topics, which typically happens via the activationConfig attribute of the @MessageDriven annotation. They were added in EJB to allow event-driven processing. Unlike session beans, an MDB does not have a client view (Local/Remote/No-interface), i. e. clients cannot look-up an MDB instance. An MDB just listens for any incoming message on, for example, a JMS queue or topic and processes them automatically. Only JMS support is required by the Java EE spec,^[16] but Message Driven Beans can support other messaging protocols.^[17][18] Such protocols may be asynchronous but can also be synchronous. Since session beans can also be synchronous or asynchronous, the prime difference between session- and message driven beans is not the synchronicity, but the difference between (object oriented) method calling and messaging.

Examples

• Sending a configuration update to multiple nodes might be done by sending a JMS message to a 'message topic' and could be handled by a Message Driven Bean listening to this topic (the message paradigm is used here since the sender does not need to know the number of consumers, their location, or even their exact type).
• Submitting a job to a work cluster might be done by sending a JMS message to a 'message queue' and could also be handled by a Message Driven Bean, but this time listening to a queue (the message paradigm and the queue is used, since the sender doesn't have to care which worker executes the job, but it does need assurance that a job is only executed once).
• Processing timing events from the Quartz scheduler can be handled by a Message Driven Bean; when a Quartz trigger fires, the MDB is automatically invoked. Since Java EE doesn't know about Quartz by default, a JCA resource adapter would be needed and the MDB would be annotated with a reference to this.^[19]

EJBs are deployed in an EJB container, typically within an application server. The specification describes how an EJB interacts with its container and how client code interacts with the container/EJB combination. The EJB classes used by applications are included in the javax.ejb package. (The javax.ejb.spi package is a service provider interface used only by EJB container implementations.)

Clients of EJBs do not instantiate those beans directly via Java's new operator, but instead have to obtain a reference via the EJB container. This reference is usually not a reference to the implementation bean itself, but to a proxy, which dynamically implements either the local or remote business interface that the client requested or a sub-type of the actual bean. The proxy can then be directly cast to the interface or bean respectively. A client is said to have a 'view' on the EJB, and the local interface, remote interface and bean sub-type itself respectively correspond to the local view, remote view and no-interface view.

This proxy is needed in order to give the EJB container the opportunity to transparently provide cross-cutting (AOP-like) services to a bean like transactions, security, interceptions, injections, and remoting. As an example, a client invokes a method on a proxy, which will first start a transaction with the help of the EJB container and then call the actual bean method. When the bean method returns, the proxy ends the transaction (i.e. by committing it or doing a rollback) and transfers control back to the client.

The EJB Container is responsible for ensuring the client code has sufficient access rights to an EJB.^[20] Security aspects can be declaratively applied to an EJB via annotations.^[21]

EJB containers must support both container managed ACID transactions and bean managed transactions.^[22]

Container-managed transactions (CMT) are by default active for calls to session beans. That is, no explicit configuration is needed. This behavior may be declaratively tuned by the bean via annotations and if needed such configuration can later be overridden in the deployment descriptor. Tuning includes switching off transactions for the whole bean or specific methods, or requesting alternative strategies for transaction propagation and starting or joining a transaction. Such strategies mainly deal with what should happen if a transaction is or isn't already in progress at the time the bean is called. The following variations are supported:^[23][24]

Alternatively, the bean can also declare via an annotation that it wants to handle transactions programmatically via the JTA API. This mode of operation is called Bean Managed Transactions (BMT), since the bean itself handles the transaction instead of the container.^[25]

JMS (Java Message Service) is used to send messages from beans to clients, to let clients receive asynchronous messages from these beans. MDBs can be used to receive messages from clients asynchronously using either a JMS Queue or a Topic.

As an alternative to injection, clients of an EJB can obtain a reference to the session bean's proxy object (the EJB stub) using Java Naming and Directory Interface (JNDI). This alternative can be used in cases where injection is not available, such as in non-managed code or standalone remote Java SE clients, or when it's necessary to programmatically determine which bean to obtain.

JNDI names for EJB session beans are assigned by the EJB container via the following scheme:^[26][27][28]

(entries in square brackets denote optional parts)

A single bean can be obtained by any name matching the above patterns, depending on the 'location' of the client. Clients in the same module as the required bean can use the module scope and larger scopes, clients in the same application as the required bean can use the app scope and higher, etc.

E.g. code running in the same module as the CustomerService bean (as given by the example shown earlier in this article) could use the following code to obtain a (local) reference to it:

CustomerServiceLocal customerService =
    (CustomerServiceLocal) new InitialContext().lookup("java:module/CustomerService");

For communication with a client that's written in the Java programming language a session bean can expose a remote-view via an interface annotated with @Remote.^[29] This allows those beans to be called from clients in other JVMs which may be running on other systems (from the point of view of the EJB container, any code in another JVM is remote).

Stateless and Singleton session beans may also expose a "web service client view" for remote communication via WSDL and SOAP or plain XML.^[30][31][32] This follows the JAX-RPC and JAX-WS specifications. JAX-RPC support however is proposed for future removal.^[33] To support JAX-WS, the session bean is annotated with @WebService, and methods that are to be exposed remotely with @WebMethod.

Although the EJB specification does not mention exposure as RESTful web services in any way and has no explicit support for this form of communication, the JAX-RS specification does explicitly support EJB.^[34] Following the JAX-RS spec, Stateless and Singleton session beans can be declared as root resources via the @Path annotation and EJB business methods can be mapped to resource methods via the @GET, @PUT, @POST and @DELETE annotations. This however does not count as a "web service client view", which is used exclusively for JAX-WS and JAX-RPC.

Communication via web services is typical for clients not written in the Java programming language, but is also convenient for Java clients who have trouble reaching the EJB server via a firewall. Additionally, web service based communication can be used by Java clients to circumvent the arcane and ill-defined requirements for the so-called "client-libraries"; a set of jar files that a Java client must have on its class-path in order to communicate with the remote EJB server. These client-libraries potentially conflict with libraries the client may already have (for instance, if the client itself is also a full Java EE server) and such a conflict is deemed to be very hard or impossible to resolve.^[35]

With EJB 2.1 and earlier, each EJB had to provide a Java implementation class and two Java interfaces. The EJB container created instances of the Java implementation class to provide the EJB implementation. The Java interfaces were used by client code of the EJB.

With EJB 2.1 and earlier, the EJB specification required a deployment descriptor to be present. This was needed to implement a mechanism that allowed EJBs to be deployed in a consistent manner regardless of the specific EJB platform that was chosen. Information about how the bean should be deployed (such as the name of the home or remote interfaces, whether and how to store the bean in a database, etc.) had to be specified in the deployment descriptor.

The deployment descriptor is an XML document having an entry for each EJB to be deployed. This XML document specifies the following information for each EJB:

• Name of the Home interface
• Java class for the Bean (business object)
• Java interface for the Home interface
• Java interface for the business object
• Persistent store (only for Entity Beans)
• Security roles and permissions
• Stateful or Stateless (for Session Beans)

Old EJB containers from many vendors required more deployment information than that in the EJB specification. They would require the additional information as separate XML files, or some other configuration file format. An EJB platform vendor generally provided their own tools that would read this deployment descriptor, and possibly generated a set of classes that would implement the now deprecated Home and Remote interfaces.

Since EJB 3.0 (JSR 220), the XML descriptor is replaced by Java annotations set in the Enterprise Bean implementation (at source level), although it is still possible to use an XML descriptor instead of (or in addition to) the annotations. If an XML descriptor and annotations are both applied to the same attribute within an Enterprise Bean, the XML definition overrides the corresponding source-level annotation, although some XML elements can also be additive (e.g., an activation-config-property in XML with a different name than already defined via an @ActivationConfigProperty annotation will be added instead of replacing all existing properties).

Starting with EJB 3.1, the EJB specification defines two variants of the EJB container; a full version and a limited version. The limited version adheres to a proper subset of the specification called EJB 3.1 Lite ^[36][37] and is part of Java EE 6's web profile (which is itself a subset of the full Java EE 6 specification).

EJB 3.1 Lite excludes support for the following features:^[38]

• Remote interfaces
• RMI-IIOP Interoperability
• JAX-WS Web Service Endpoints
• EJB Timer Service (@Schedule, @Timeout)
• Asynchronous session bean invocations (@Asynchronous)
• Message-driven beans

EJB 3.2 Lite excludes less features. Particularly it no longer excludes @Asynchronous and @Schedule/@Timeout, but for @Schedule it does not support the "persistent" attribute that full EJB 3.2 does support. The complete excluded list for EJB 3.2 Lite is:

• Remote interfaces
• RMI-IIOP Interoperability
• JAX-WS Web Service Endpoints
• Persistent timers ("persistent" attribute on @Schedule)
• Message-driven beans

EJB 4.0, final release (2020-05-22)

Jakarta Enterprise Beans 4.0, as a part of Jakarta EE 9, was a tooling release that mainly moved API package names from the top level javax.ejb package to the top level jakarta.ejb package.^[39]

Other changes included removal of deprecated APIs that were pointless to move to the new top level package and the removal of features that depended on features that were removed from Java or elsewhere in Jakarta EE 9. The following APIs were removed:

• methods relying on java.security.Identity which has been removed from Java 14.
• methods relying on Jakarta XML RPC to reflect the removal of XML RPC from the Jakarta EE 9 Platform.
• deprecated EJBContext.getEnvironment() method.
• "Support for Distributed Interoperability" to reflect the removal of CORBA from Java 11 and the Jakarta EE 9 Platform.

Other minor changes include marking the Enterprise Beans 2.x API Group as "Optional" and making the Schedule annotation repeatable.

EJB 3.2.6, final release (2019-08-23)

Jakarta Enterprise Beans 3.2, as a part of Jakarta EE 8, and despite still using "EJB" abbreviation, this set of APIs has been officially renamed to "Jakarta Enterprise Beans" by the Eclipse Foundation so as not to tread on the Oracle "Java" trademark.

EJB 3.2, final release (2013-05-28)

JSR 345. Enterprise JavaBeans 3.2 was a relatively minor release that mainly contained specification clarifications and lifted some restrictions that were imposed by the spec but over time appeared to serve no real purpose. A few existing full EJB features were also demanded to be in EJB 3 lite and functionality that was proposed to be pruned in EJB 3.1 was indeed pruned (made optional).^[40][41]

The following features were added:

• Passivation of a stateful session bean can be deactivated via attribute on @Stateful annotation (passivationCapable = false)
• TimerService can retrieve all active timers in the same EJB module (could previously only retrieve timers for the bean in which the TimerService was called)
• Lifecycle methods (e.g. @PostConstruct) can be transactional for stateful session beans using the existing @TransactionAttribute annotation
• Autocloseable interface implemented by embeddable container

EJB 3.1, final release (2009-12-10)

JSR 318. The purpose of the Enterprise JavaBeans 3.1 specification is to further simplify the EJB architecture by reducing its complexity from the developer's point of view, while also adding new functionality in response to the needs of the community:

• Local view without interface (No-interface view)
• .war packaging of EJB components
• EJB Lite: definition of a subset of EJB
• Portable EJB Global JNDI Names
• Singletons (Singleton Session Beans)
• Application Initialization and Shutdown Events
• EJB Timer Service Enhancements
• Simple Asynchrony (@Asynchronous for session beans)

EJB 3.0, final release (2006-05-11)

JSR 220 - Major changes: This release made it much easier to write EJBs, using 'annotations' rather than the complex 'deployment descriptors' used in version 2.x. The use of home and remote interfaces and the ejb-jar.xml file were also no longer required in this release, having been replaced with a business interface and a bean that implements the interface.

EJB 2.1, final release (2003-11-24)

JSR 153 - Major changes:

• Web service support (new): stateless session beans can be invoked over SOAP/HTTP. Also, an EJB can easily access a Web service using the new service reference.
• EJB timer service (new): Event-based mechanism for invoking EJBs at specific times.
• Message-driven beans accepts messages from sources other than JMS.
• Message destinations (the same idea as EJB references, resource references, etc.) has been added.
• EJB query language (EJB-QL) additions: ORDER BY, AVG, MIN, MAX, SUM, COUNT, and MOD.
• XML schema is used to specify deployment descriptors, replaces DTDs

EJB 2.0, final release (2001-08-22)

JSR 19 - Major changes: Overall goals:

• The standard component architecture for building distributed object-oriented business applications in Java.
• Make it possible to build distributed applications by combining components developed using tools from different vendors.
• Make it easy to write (enterprise) applications: Application developers will not have to understand low-level transaction and state management details, multi-threading, connection pooling, and other complex low-level APIs.
• Will follow the "Write Once, Run Anywhere" philosophy of Java. An enterprise Bean can be developed once, and then deployed on multiple platforms without recompilation or source code modification.
• Address the development, deployment, and runtime aspects of an enterprise application’s life cycle.
• Define the contracts that enable tools from multiple vendors to develop and deploy components that can interoperate at runtime.
• Be compatible with existing server platforms. Vendors will be able to extend their existing products to support EJBs.
• Be compatible with other Java APIs.
• Provide interoperability between enterprise Beans and Java EE components as well as non-Java programming language applications.
• Be compatible with the CORBA protocols (RMI-IIOP).

EJB 1.1, final release (1999-12-17)

Major changes:

• XML deployment descriptors
• Default JNDI contexts
• RMI over IIOP
• Security - role driven, not method driven
• Entity Bean support - mandatory, not optional

Goals for Release 1.1:

• Provide better support for application assembly and deployment.
• Specify in greater detail the responsibilities of the individual EJB roles.

EJB 1.0 (1998-03-24)

Announced at JavaOne 1998,^[42] Sun's third Java developers conference (March 24 through 27) Goals for Release 1.0:

• Defined the distinct "EJB Roles" that are assumed by the component architecture.
• Defined the client view of enterprise Beans.
• Defined the enterprise Bean developer’s view.
• Defined the responsibilities of an EJB Container provider and server provider; together these make up a system that supports the deployment and execution of enterprise Beans.