Is using data transfer objects in ejb3 considered best practice

Question

Although obviously not all scenarios can be covered by a single design, is it generally felt now that ORM classes should be passed to and fro between the presentation and busine

Answer 1

I have several issues against using entities at presentation layer:

• Lock-in: This eventually creates tight lock-in between your presentation and model. It becomes expensive to change either, in large projects, even impossible. Modern tools are not quite there yet.

• Security: With model objects you easily transfer various database id information to your web pages. This is a clear security issue. Using dto:s you may hide these at the server with very simple session maps.

• Difference of needs: GUI views are rarely direct lists of model objects. More often they are something more, combined beasts, guish. The needs of the GUI tend to creep-in to your model obscuring it.

• Speed: With entities, every field is processed every time you read/write them. Since you are passing them directly to presentation layer you have a hard time trying to optimize your JPA -queries - almost impossible. I'm definitely going back to direct JDBC -access - like myBatis in future projects. Thus eliminating ORM.

I have a issues against DTO:s too:

• Extra DAO code.

Things considered, I'll vote for using dto:s for all projects, eliminating JPA too. So, my stack becomes something like:

• myBatis for database access
• POJO as DTO:s
• Stateless EJB for my DAO services.
• StatefulEJB for GUI backend.
• JSF for presentation.