1   Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Servlet 3.1John Clingan, Principal Product Manager 2   Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
The following is intended to outline our general product direction.      It is intended for information purposes only, and...
Agenda    •  Servlet 3.0 recap    •  Servlet 3.1 Overview    •  NIO API    •  Protocol Upgrade    •  Security    •  Resour...
Servlet 3.0 recap    •  Part of Java EE 6    •  Focused on          –  Ease-of-Development          –  Pluggability       ...
Servlet 3.0 recap    Ease of Development    •  Annotations to declare          –  Servlets          –  Filters          – ...
Example    @WebServlet( urlPatterns = {“/foo”} )    public class SimpleSample extends HttpServlet {               public v...
Servlet 3.0 recap    Pluggability    •  Drag-and-drop model    •  Web frameworks as fully configured libraries    •  Conta...
Servlet 3.0 recap    Using pluggability    •  Bundle static resources and jsps in a jar that can be re-       used    •  L...
Agenda     •  Servlet 3.0 recap     •  Servlet 3.1 Overview     •  NIO API     •  Protocol Upgrade     •  Security     •  ...
The content described in the following slides are subject to changebased on expert group discussions11   Copyright © 2011,...
JAVA EE 7 THEME: CLOUD / PAASJava EE 7 platform to be ready for the cloud12   Copyright © 2011, Oracle and/or its affiliat...
Java EE 7 PaaS support     •  Provide customers and users ability to leverage cloud        environments     •  Enable mult...
Servlet 3.1     Feature set     •  Align with Java EE 7 for cloud support           –  For web container there will a virt...
Agenda     •  Servlet 3.0 recap     •  Servlet 3.1 Overview     •  NIO API     •  Protocol Upgrade     •  Security     •  ...
Expose NIO API     Overview: NonBlocking IO     •  Add two listeners: ReadListener, WriteListener     •  Add two interface...
Expose NIO API     javax.servlet.ReadListener     public interface ReadListener extends EventListener {                  p...
Expose NIO API     javax.servlet.WriteListener     public interface WriteListener extends EventListener {                 ...
Expose NIO API     javax.servlet.AsyncIOInputSource     public interface AsyncIOInputSource {                  public int ...
Expose NIO API     ServletInputStream, ServletReader                     InputStream                                      ...
Expose NIO API     javax.servlet.AsyncIOOutputSink     public interface AsyncIOOutputSink {                  public boolea...
Expose NIO API     NIOOutputStream, NIOWriter                  OutputStream                                               ...
Expose NIO API     ServletRequest, ServletResponse     •  ServletRequest           –  Public ServletInputStream getServlet...
Expose NIO API     Sample Usage     public class NIOSampleServlet extends HttpServlet          protected void doGet(HttpSe...
Expose NIO API     Sample Usage (cont’d)                              public void onAllDataRead(ServletRequest request) { ...
Expose NIO API     Sample Usage (cont’d 2)     •               response.addListener(new WriteListener() {                 ...
Expose NIO API     •  Discussion with expert group on alternate approach     •  Use NIO 2 approach27   Copyright © 2011, O...
Program Agenda     •  Servlet 3.0 recap     •  Servlet 3.1 Overview     •  NIO API     •  Protocol Upgrade     •  Security...
Upgrade •  HTTP 1.1 •  Connection •  Transition to some other, incompatible protocol •  For example,    Upgrade: HTTP/2.0,...
Upgrade     Example: WebSocket •  Protocol: IETF •  API: W3C (JavaScript) •  Bi-directional, full-duplex / TCP30   Copyrig...
UpgradeWebSocket Example•  GET /chat HTTP/1.1            •  HTTP/1.1 101 Switching Protocols   Host: server.example.com   ...
Upgrade     HTTP Request                                                                            Servlet               ...
Agenda     •  Servlet 3.0 recap     •  Servlet 3.1 Overview     •  NIO API     •  Protocol Upgrade     •  Security     •  ...
Security Enhancement     •  Made good progress in Servlet 3.0     •  Continue from where we left off     •  Include suppor...
Align with other Java EE JSRs     •  Integrate with Concurrency Utilities for Java EE           –  Utilize it Async progra...
Transparency     •  High level of transparency for all Java EE JSRs     •  Use java.net project to run our JSRs in the ope...
Agenda     •  Servlet 3.0 recap     •  Servlet 3.1 Overview     •  NIO API     •  Protocol Upgrade     •  Security     •  ...
Webtier related projects     •  https://servlet-spec.java.net     •  http://jcp.org/en/jsr/summary?id=340     •  webtier@g...
Tokyo 2012                                                                            April 4–6, 201239   Copyright © 2011...
Q&A40   Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
41   Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
42   Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Upcoming SlideShare
Loading in...5
×

Servlet 3.1

7,942

Published on

Servlet 3.1 at JavaOne Latin America 2011

Published in: Technology, Education
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
7,942
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
175
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Servlet 3.1

  1. 1. 1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  2. 2. Servlet 3.1John Clingan, Principal Product Manager 2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  3. 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.3 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  4. 4. Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  5. 5. Servlet 3.0 recap •  Part of Java EE 6 •  Focused on –  Ease-of-Development –  Pluggability –  Asynchronous support –  Dynamic registration of servlets, filters and listeners –  Security enhancements •  Adoption –  GlassFish 3.x, Tomcat 7, JBOSS, Caucho, IBM, Weblogic5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  6. 6. Servlet 3.0 recap Ease of Development •  Annotations to declare –  Servlets –  Filters –  Listeners –  Security •  Defaults for attributes of annotations6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  7. 7. Example @WebServlet( urlPatterns = {“/foo”} ) public class SimpleSample extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) { } }7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  8. 8. Servlet 3.0 recap Pluggability •  Drag-and-drop model •  Web frameworks as fully configured libraries •  Contain “fragments” of web.xml •  META-INF/web-fragment.xml •  Extensions can register servlets, filters, listeners dynamically •  Extensions can also discover and process annotated classes8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  9. 9. Servlet 3.0 recap Using pluggability •  Bundle static resources and jsps in a jar that can be re- used •  Look for ready-to-use frameworks, libraries •  Re-factor your libraries into re-usable, auto-configured frameworks9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  10. 10. Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  11. 11. The content described in the following slides are subject to changebased on expert group discussions11 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  12. 12. JAVA EE 7 THEME: CLOUD / PAASJava EE 7 platform to be ready for the cloud12 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  13. 13. Java EE 7 PaaS support •  Provide customers and users ability to leverage cloud environments •  Enable multi-tenancy –  One application instance per tenant –  Mapping to tenant done by container –  Isolation between applications •  Define metadata for services13 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  14. 14. Servlet 3.1 Feature set •  Align with Java EE 7 for cloud support –  For web container there will a virtual server mapping per tenant –  Ability to load custom web resources per tenant –  Use the services exposed in Java EE 7 •  Scale –  Expose NIO2 API •  Support newer technologies that leverage http protocol for the initial handshake –  Support general upgrade mechanism for protocols like WebSocket •  Security enhancements14 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  15. 15. Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources15 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  16. 16. Expose NIO API Overview: NonBlocking IO •  Add two listeners: ReadListener, WriteListener •  Add two interfaces: –  AsyncIOInputSource with abstract classes ServletInputStream, ServletReader –  AsyncIOOutputSink with abstract classes ServletOutputStream, ServletWriter •  Add APIs to ServletRequest, ServletResponse16 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  17. 17. Expose NIO API javax.servlet.ReadListener public interface ReadListener extends EventListener { public void onDataAvailable(ServletRequest request); public void onAllDataRead(ServletRequest request); public void onError(Throwable t); }17 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  18. 18. Expose NIO API javax.servlet.WriteListener public interface WriteListener extends EventListener { public void onWritePossible(ServletResponse response); public void onError(Throwable t); }18 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  19. 19. Expose NIO API javax.servlet.AsyncIOInputSource public interface AsyncIOInputSource { public int dataAvailable(); public boolean isFinished(); public isReady(); }19 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  20. 20. Expose NIO API ServletInputStream, ServletReader InputStream Reader ServletInputStream AsyncIOInputSource ServletReader20 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  21. 21. Expose NIO API javax.servlet.AsyncIOOutputSink public interface AsyncIOOutputSink { public boolean canWrite(int size); public void complete(); }21 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  22. 22. Expose NIO API NIOOutputStream, NIOWriter OutputStream Writer ServletOutputStream AsyncIOOutputSink ServletWriter22 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  23. 23. Expose NIO API ServletRequest, ServletResponse •  ServletRequest –  Public ServletInputStream getServletInputStream() –  Public ServletReader getServletReader() –  public void addListener(ReadListener listener) •  ServletResponse –  Public ServletOutputStream getServletOutputStream() –  Public ServletWriter getServletWriter() –  public addListener(WriteListener listener)23 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  24. 24. Expose NIO API Sample Usage public class NIOSampleServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) { request.addListener(new ReadListener() { public void onDataAvailable(ServletRequest request) { ServletInputStream nis = request.getServletInputStream(); try { nis.read(new byte[nis.dataAvailable()]); … }24 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  25. 25. Expose NIO API Sample Usage (cont’d) public void onAllDataRead(ServletRequest request) { try { request.getServletInputStream().close(); …. } public void onError(Throwable t) { … } }); final byte[] b = new byte[100]; ….25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  26. 26. Expose NIO API Sample Usage (cont’d 2) •  response.addListener(new WriteListener() { public void onWritePossible(ServletResponse response) { AsyncIOOutputStream nos = response.getAsyncIOOutputStream(); try { nos.write(b); nos.complete(); … } public void onError(Throwable t) { … } }); } }26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  27. 27. Expose NIO API •  Discussion with expert group on alternate approach •  Use NIO 2 approach27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  28. 28. Program Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  29. 29. Upgrade •  HTTP 1.1 •  Connection •  Transition to some other, incompatible protocol •  For example, Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.929 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  30. 30. Upgrade Example: WebSocket •  Protocol: IETF •  API: W3C (JavaScript) •  Bi-directional, full-duplex / TCP30 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  31. 31. UpgradeWebSocket Example•  GET /chat HTTP/1.1 •  HTTP/1.1 101 Switching Protocols Host: server.example.com Upgrade: websocket Upgrade: websocket Connection: Upgrade Connection: Upgrade Sec-WebSocket-Accept: Sec-WebSocket-Key: s3pPLMBiTxaQ9kYGzzhZRbK dGhlIHNhbXBsZSBub25jZQ== +xOo= Origin: http://example.com Sec-WebSocket-Protocol: chat Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 31 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  32. 32. Upgrade HTTP Request Servlet …. upgrade(…); ProtocolHandler32 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  33. 33. Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources33 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  34. 34. Security Enhancement •  Made good progress in Servlet 3.0 •  Continue from where we left off •  Include support for preventing against CSRF •  Provide an easy way to support denying all unlisted http methods •  Encoding / escaping support to prevent XSS34 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  35. 35. Align with other Java EE JSRs •  Integrate with Concurrency Utilities for Java EE –  Utilize it Async programming model •  Align with CDI •  Align with Bean Validation •  Align with Jcache (JSR 107)35 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  36. 36. Transparency •  High level of transparency for all Java EE JSRs •  Use java.net project to run our JSRs in the open –  One java.net project per specification •  Publicly viewable Expert Group mailing list archive •  Users observer list gets copies of all emails to the EG •  Download area •  JIRA for issue tracking •  Wiki and source repository at EG’s discretion •  JCP.org private mailing list for administrative / confidential info36 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  37. 37. Agenda •  Servlet 3.0 recap •  Servlet 3.1 Overview •  NIO API •  Protocol Upgrade •  Security •  Resources37 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  38. 38. Webtier related projects •  https://servlet-spec.java.net •  http://jcp.org/en/jsr/summary?id=340 •  webtier@glassfish.java.net –  For users of GlassFish webtier38 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  39. 39. Tokyo 2012 April 4–6, 201239 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  40. 40. Q&A40 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  41. 41. 41 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  42. 42. 42 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×