Servlet 3.1
Upcoming SlideShare
Loading in...5
×
 

Servlet 3.1

on

  • 7,731 views

Servlet 3.1 at JavaOne Latin America 2011

Servlet 3.1 at JavaOne Latin America 2011

Statistics

Views

Total Views
7,731
Views on SlideShare
7,704
Embed Views
27

Actions

Likes
3
Downloads
143
Comments
0

2 Embeds 27

http://blogs.oracle.com 26
http://www.linkedin.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Servlet 3.1 Servlet 3.1 Presentation Transcript

  • 1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Servlet 3.1John Clingan, Principal Product Manager 2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.3 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Servlet 3.0 recap •  Part of Java EE 6 •  Focused on –  Ease-of-Development –  Pluggability –  Asynchronous support –  Dynamic registration of servlets, filters and listeners –  Security enhancements •  Adoption –  GlassFish 3.x, Tomcat 7, JBOSS, Caucho, IBM, Weblogic5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Servlet 3.0 recap Ease of Development •  Annotations to declare –  Servlets –  Filters –  Listeners –  Security •  Defaults for attributes of annotations6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Example @WebServlet( urlPatterns = {“/foo”} ) public class SimpleSample extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) { } }7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Servlet 3.0 recap Pluggability •  Drag-and-drop model •  Web frameworks as fully configured libraries •  Contain “fragments” of web.xml •  META-INF/web-fragment.xml •  Extensions can register servlets, filters, listeners dynamically •  Extensions can also discover and process annotated classes8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Servlet 3.0 recap Using pluggability •  Bundle static resources and jsps in a jar that can be re- used •  Look for ready-to-use frameworks, libraries •  Re-factor your libraries into re-usable, auto-configured frameworks9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • The content described in the following slides are subject to changebased on expert group discussions11 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • JAVA EE 7 THEME: CLOUD / PAASJava EE 7 platform to be ready for the cloud12 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Java EE 7 PaaS support •  Provide customers and users ability to leverage cloud environments •  Enable multi-tenancy –  One application instance per tenant –  Mapping to tenant done by container –  Isolation between applications •  Define metadata for services13 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Servlet 3.1 Feature set •  Align with Java EE 7 for cloud support –  For web container there will a virtual server mapping per tenant –  Ability to load custom web resources per tenant –  Use the services exposed in Java EE 7 •  Scale –  Expose NIO2 API •  Support newer technologies that leverage http protocol for the initial handshake –  Support general upgrade mechanism for protocols like WebSocket •  Security enhancements14 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources15 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API Overview: NonBlocking IO •  Add two listeners: ReadListener, WriteListener •  Add two interfaces: –  AsyncIOInputSource with abstract classes ServletInputStream, ServletReader –  AsyncIOOutputSink with abstract classes ServletOutputStream, ServletWriter •  Add APIs to ServletRequest, ServletResponse16 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API javax.servlet.ReadListener public interface ReadListener extends EventListener { public void onDataAvailable(ServletRequest request); public void onAllDataRead(ServletRequest request); public void onError(Throwable t); }17 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API javax.servlet.WriteListener public interface WriteListener extends EventListener { public void onWritePossible(ServletResponse response); public void onError(Throwable t); }18 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API javax.servlet.AsyncIOInputSource public interface AsyncIOInputSource { public int dataAvailable(); public boolean isFinished(); public isReady(); }19 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API ServletInputStream, ServletReader InputStream Reader ServletInputStream AsyncIOInputSource ServletReader20 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API javax.servlet.AsyncIOOutputSink public interface AsyncIOOutputSink { public boolean canWrite(int size); public void complete(); }21 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API NIOOutputStream, NIOWriter OutputStream Writer ServletOutputStream AsyncIOOutputSink ServletWriter22 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API ServletRequest, ServletResponse •  ServletRequest –  Public ServletInputStream getServletInputStream() –  Public ServletReader getServletReader() –  public void addListener(ReadListener listener) •  ServletResponse –  Public ServletOutputStream getServletOutputStream() –  Public ServletWriter getServletWriter() –  public addListener(WriteListener listener)23 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API Sample Usage public class NIOSampleServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) { request.addListener(new ReadListener() { public void onDataAvailable(ServletRequest request) { ServletInputStream nis = request.getServletInputStream(); try { nis.read(new byte[nis.dataAvailable()]); … }24 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API Sample Usage (cont’d) public void onAllDataRead(ServletRequest request) { try { request.getServletInputStream().close(); …. } public void onError(Throwable t) { … } }); final byte[] b = new byte[100]; ….25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API Sample Usage (cont’d 2) •  response.addListener(new WriteListener() { public void onWritePossible(ServletResponse response) { AsyncIOOutputStream nos = response.getAsyncIOOutputStream(); try { nos.write(b); nos.complete(); … } public void onError(Throwable t) { … } }); } }26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Expose NIO API •  Discussion with expert group on alternate approach •  Use NIO 2 approach27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Program Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Upgrade •  HTTP 1.1 •  Connection •  Transition to some other, incompatible protocol •  For example, Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.929 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Upgrade Example: WebSocket •  Protocol: IETF •  API: W3C (JavaScript) •  Bi-directional, full-duplex / TCP30 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • UpgradeWebSocket Example•  GET /chat HTTP/1.1 •  HTTP/1.1 101 Switching Protocols Host: server.example.com Upgrade: websocket Upgrade: websocket Connection: Upgrade Connection: Upgrade Sec-WebSocket-Accept: Sec-WebSocket-Key: s3pPLMBiTxaQ9kYGzzhZRbK dGhlIHNhbXBsZSBub25jZQ== +xOo= Origin: http://example.com Sec-WebSocket-Protocol: chat Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 31 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Upgrade HTTP Request Servlet …. upgrade(…); ProtocolHandler32 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources33 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Security Enhancement •  Made good progress in Servlet 3.0 •  Continue from where we left off •  Include support for preventing against CSRF •  Provide an easy way to support denying all unlisted http methods •  Encoding / escaping support to prevent XSS34 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Align with other Java EE JSRs •  Integrate with Concurrency Utilities for Java EE –  Utilize it Async programming model •  Align with CDI •  Align with Bean Validation •  Align with Jcache (JSR 107)35 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Transparency •  High level of transparency for all Java EE JSRs •  Use java.net project to run our JSRs in the open –  One java.net project per specification •  Publicly viewable Expert Group mailing list archive •  Users observer list gets copies of all emails to the EG •  Download area •  JIRA for issue tracking •  Wiki and source repository at EG’s discretion •  JCP.org private mailing list for administrative / confidential info36 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources37 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Webtier related projects •  https://servlet-spec.java.net •  http://jcp.org/en/jsr/summary?id=340 •  webtier@glassfish.java.net –  For users of GlassFish webtier38 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Tokyo 2012 April 4–6, 201239 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • Q&A40 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 41 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 42 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.