• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Shin J2 Ee Programming Half Day
 

Shin J2 Ee Programming Half Day

on

  • 3,352 views

 

Statistics

Views

Total Views
3,352
Views on SlideShare
3,350
Embed Views
2

Actions

Likes
0
Downloads
48
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Shin J2 Ee Programming Half Day Shin J2 Ee Programming Half Day Presentation Transcript

    • 12/12/2003 J2EE Platform TM Sang Shin sang.shin@sun.com Architecture www.javapassion.com/j2ee Technology Evangelist Sun Microsystems, Inc. 1 2 Courses I teach Agenda ? XML (2001) ? What is J2EE? ? Distributed programming using Jini and TM ? History of Distributed Computing JavaSpaces technology (2002) TM ? Evolution of Enterprise Application ? Web services programming using XML and Java TM Development Frameworks technology (2002) ? J2EE APIs and Technologies ? J2EE programming with Passion! (It is free!) TM – Servlet, JSP, EJB, Connector, J2EE Security www.javapassion.com/j2ee ? RI, Compatibility Test Suite (CTS) ? Advanced J2EE programming with Passion! (It is ? J2EE and Web Services free!) ? How to get started with J2EE programming www.javapassion.com/j2eeadvanced ? Web application framework 3 4
    • 12/12/2003 Enterprise Computing Challenges Key Products Portability Technologie App Servers s Diverse Web Servers Environments J2SE™ ™ Components Time-to-market J2EE What is J2EE? Databases Core JMS Competence Object to DB Servlet tools Assembly JSP Integration Connector Legacy XML Systems Data Databases Binding TP Monitors XSLT EIS Systems 5 6 What Is the J2EE? The Java™ 2 Platform l Open and standard based platform for l developing, deploying and managing Java Technology Java Technology Workgroup High-End l n-tier, Web-enabled, server-centric, and Enabled Devices Enabled Desktop Server Server component-based enterprise applications 7 8
    • 12/12/2003 The JavaTM 2 Platform What Do You Get from J2EE? Java 2 Platform Micro Edition (J2ME TM ) ? API and Technology specifications Optional ? Development and Deployment Platform Packages ? Reference implementation Optional Packages ? Compatibility Test Suite (CTS) Java 2 Java 2 Personal Basis Profile Personal Profile ? J2EE brand Enterprise Edition Standard Edition Foundation Profile MIDP ? J2EE BluePrints (J2EE) (J2SE) Java CDC CLDC Card APIs JVM KVM CardVM 9 10 * Under development in JCP Platform Evolution The Network The Network The Computer Network of The Computer Network of Catch Catch Is the Computer Is the Computer Legacy to Legacy to Is the Is the Embedded Embedded Network Network Phrase Phrase Objects Objects the Web the Web Network Network Things Things of Things of Things Scale Scale 100s 100s 1,000s 1,000s 1,000,000s 10,000,000s 100,000,000s 1,000,000s 10,000,000s 100,000,000s 100,000,000s 100,000,000s When/Peak When/Peak 1984/1987 1984/1987 1990/1993 1990/1993 1996/1999 2001/2003 1996/1999 2001/2003 1998/2004 1998/2004 2004/2007 2004/2007 History of Leaf Leaf Protocol(s) Protocol(s) X X X X +HTTP +HTTP (+JVM) (+JVM) +XML +XML Portal Portal +RM +RM Unknown Unknown Distributed Computing Directory(s) Directory(s) Session Session NS, NS+ NS, NS+ RPC, XDR RPC, XDR +CDS +CDS +CORBA +CORBA +LDAP(*) +LDAP(*) +CORBA, +CORBA, +UDDI +UDDI +SOAP, +SOAP, +Jini +Jini +RM/Jini +RM/Jini +? +? +? +? RM RM XML XML Schematic Schematic 11
    • 12/12/2003 TM Communication Patterns Communication Patterns: Java 2 Client- Web Web Hybrid Server 3-Tier Application Services P2P Fractal Business Systems Business Systems DB Server DB Server App Server App Server J2EE J2EE Web Server Web Server Browser Browser J2SE/ J2SE/ Client Client J2ME J2ME Web Application Communication Patterns: Sun ONE Bus. Bus. Sys. Sys. Evolution of XML XML DB DB (UDDI, (UDDI, SOAP) SOAP) App App J2EE J2EE Web Web J2SE/ J2SE/ Enterprise Application Browser Browser Context and Identity Context and Identity J2ME J2ME Frameworks (LDAP, Policy, Liberty) (LDAP, Policy, Liberty) Web Service 16
    • 12/12/2003 Evolution of Enterprise Single Tier (Mainframe-based) Application Framework ? Single tier ? Two tier ? Three tier ? Centralized model (as opposed distributed – RPC based model) – Remote object based ? Dumb terminals are directly connected to ? Three tier (HTML browser and Web server) mainframe ? Proprietary app server ? Presentation, business logic, and data access are intertwined in one monolithic mainframe ? Standard app server application 17 18 Single-Tier: Pros & Cons Two-Tier ? Pros: SQL request – No client side management is required Database SQL response – Data consistency is easy to achieve ? Cons: – Functionality (presentation, data model, business logic) intertwined, difficult for updates and maintenance and ? Fat clients talking to backend database code reuse – SQL queries sent, raw data returned ? Presentation,Business logic and Data Model processing logic in client application 19 20
    • 12/12/2003 Two-Tier Three-Tier (RPC based) ? Pro: – DB product independence (compared to single-tier model) RPC request SQL request ? Cons: RPC response SQL response Database – Presentation, data model, business logic are intertwined (at client side), difficult for updates and maintenance ? Thinner client: business & data model separated – Data Model is “tightly coupled” to every client: If DB from presentation Schema changes, all clients break – Business logic and data access logic reside in middle – Updates have to be deployed to all clients making System tier server while client handles presentation maintenance nightmare ? Middle tier server is now required to handle system – DB connection for every client, thus difficult to scale services – Raw data transferred to client for processing causes high – Concurrency control, threading, transaction, security, network traffic 21 persistence, multiplexing, performance, etc. 22 Three-tier (RPC based): Pros & Three-Tier (Remote Object based) Cons ? Pro: Object request SQL request – Business logic can change more flexibly than 2-tier Database Object response SQL response model ? Most business logic reside in the middle-tier server ? Cons: ? Business logic and data model captured in – Complexity is introduced in the middle-tier server objects – Client and middle-tier server is more tightly-coupled – Business logic and data model are now described in (than the three-tier object based model) “abstraction” (interface language) – Code is not really reusable (compared to object ? Object models used: CORBA, RMI, DCOM model based) – Interface language in CORBA is IDL 23 – Interface language in RMI is Java interface 24
    • 12/12/2003 Three-tier (Remote Object based): Pros & Cons ? Pro: – More loosely coupled than RPC model – Code could be more reusable ? Cons: – Complexity in the middle-tier still need to be addressed 25 Three-tier (Web Server based): Pros & Cons Trends ? Pro: ? Moving from single-tier or two-tier to multi- – Ubiquitous client types tier architecture – Zero client management ? Moving from monolithic model to object- – Support various client devices based application model J2ME-enabled cell-phones ? ? Moving from application-based client to ? Cons: HTML-based client – Complexity in the middle-tier still need to be addressed 27 28
    • 12/12/2003 Single-tier vs. Multi-tier Monolithic vs. Object-based Single tier Multi-tier Monolithic Object-based l No separation among l Separation among l 1 Binary file l Pluggable parts presentation, business presentation, business logic, database logic, database l Recompiled, l Reusable l Hard to maintain l More flexible to change, relinked, l Enables better i.e. presentation can redeployed design change without affecting other tiers everytime there is l Easier update a change l Implementation can be separated from interface l Only interface is published 29 30 Outstanding Issues & Solution Proprietary Solution ? Comlexity at the middle tier server still remains ? Use "component and container" model in ? Duplicate system services still need to be which container provides system services in provided for the majority of enterprise a well-defined but with proprietary manner applications ? Problem of proprietary solution: Vendor – Concurrency control, Transactions – Load-balancing, Security lock-in – Resource management, Connection pooling ? Example: Tuxedo, .NET ? How to solve this problem? – Commonly shared container that handles the above system services – Proprietary versus Open-standard based 31 32
    • 12/12/2003 Open and Standard Solution ? Use "component and container" model in which container provides system services in a well-defined and as industry standard J2EE is that standard that also provides Why J2EE? ? portability of code because it is based on Java technology and standard-based Java programming APIs 33 34 Platform Value to Developers Platform Value to Vendors ? Can use any J2EE implementation for development and deployment ? Vendors work together on specifications and – Use J2EE RI or Sun ONE Platform Edition which are then compete in implementations free for development/deployment and then use – In the areas of Scalability, Performance, Reliability, high-end commercial J2EE products for actual Availability, Management and development tools, deployment and so on ? Vast amount of J2EE community resources ? Freedom to innovate while maintaining the – Many J2EE related books, articles, tutorials, quality portability of applications code you can use, best practice guidelines, design patterns etc. ? Do not have create/maintain their own ? Can use off-the-shelf 3rd-party business proprietary APIs components 35 36
    • 12/12/2003 Platform Value to Business Customers ? Application portability ? Many implementation choices are possible J2EE API's & based on various requirements – Price (free to high-end), scalability (single CPU to Technologies clustered model), reliability, performance, tools, and more (page 14, 1st slide) – Best of breed of applications and platforms ? Large developer pool 37 38 J2EE 1.3 APIs and Technologies J2EE 1.4 Contents Version Java 2 SDK, Standard Edition 1.3 ? J2SE 1.4 (improved) ? Servlet 2.4 RMI/ IIOP 1.0 ? JAX-RPC (new) ? JSP 2.0 JDBC™ 3.0 Java Messaging Service 1.0.2b ? Web Service for J2EE ? EJB 2.1 JNDI 1.2.1 Servlet 2.3 ? J2EE Management ? JAXR JavaServer Pages™ 1.2 JavaMail 1.2 ? J2EE Deployment ? Connector 1.5 JavaBeans™ Activation Framework 1.0.1 ? JMX 1.1 ? JACC Enterprise JavaBeans 2.0 Java Transaction API 1.0.1 ? JMS 1.1 ? JAXP 1.2 Java Transaction Service 1.1 Connector Architecture 1.0 ? JTA 1.0 ? JavaMail 1.3 ECPerf™ 1.0 ? JAF 1.0 39 40
    • 12/12/2003 What is a Servlet? ? Java™ objects which extend the functionality of a HTTP server ? Dynamic contents generation ? Better alternative to CGI, NSAPI, ISAPI, etc. – Efficient Servlet – – Platform and server independent Session management – Java-based 41 42 CGI versus Servlet Servlet vs. CGI CGI Servlet Request CGI1 Request CGI1 Child for CGI1 Child for CGI1 l Written in C, C++, Visual l Written in Java Request CGI2 CGI CGI Request CGI2 Based Child for CGI2 Basic and Perl l Powerful, reliable, and Based Child for CGI2 l Difficult to maintain, efficient Webserver Webserver Request CGI1 non-scalable, non- l Improves scalability, Request CGI1 Child for CGI1 Child for CGI1 manageable reusability (component l Prone to security based) Request Servlet1 Request Servlet1 Servlet Based Webserver problems of l Leverages build-in security Servlet Based Webserver programming language of Java programming language Request Servlet2 Servlet1 l Resource intensive and Request Servlet2 Servlet1 inefficient l Platform independent and JVM JVM l Platform and portable Request Servlet1 Servlet2 Servlet2 application-specific 43 44
    • 12/12/2003 Servlets Request and What does Servlet Do? Response Servlet Container ? Receives client request (mostly in the form Request of HTTP request) ? Extract some information from the request Browser ? Do content generation or business logic HTTP Request Servlet process (possibly by accessing database, Response invoking EJBs, etc) Web ? Create and send response to client (mostly Response Server in the form of HTTP response) or forward the request to another servlet 45 46 HTTP GET and POST Requests and Responses ? The most common client requests ? What is a request? – HTTP GET & HTTP POST – Information that is sent from client to a server ? GET requests: ? Who made the request – User entered information is appended to the URL in a ? What user-entered data is sent query string ? Which HTTP headers are sent – Can only send limited amount of data ? What is a response? ? .../servlet/ViewCourse?FirstName=Sang&LastName=Shin – Information that is sent to client from a server ? POST requests: ? Text(html, plain) or binary(image) data – User entered information is sent as data (not appended ? HTTP headers, cookies, etc to URL) 47 – Can send any amount of data 48
    • 12/12/2003 First Servlet import javax.servlet.*; import javax.servlet.http.*; import java.io.*; Public class HelloServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) Session Tracking throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<title>First Servlet</title>"); out.println("<big>Hello Code Camp!</big>"); } } 49 50 Why Session Tracking? Session Tracking Use Cases ? Need a mechanism to maintain state across a series of requests from the same ? When clients at an on- line store add an user (or originating from the same item to their shopping cart, how does browser) over some period of time the server know what’s already in the – Example: Online shopping cart cart? ? Yet, HTTP is stateless protocol ? When clients decide to proceed to – Each time, a client talks to a web server, it opens checkout, how can the server determine a new connection which previously created shopping cart is theirs? 51 52
    • 12/12/2003 Sessions Three Session Tracking Mechanisms Client 1 ? Cookies server Session 1 ? URL rewriting Session ID 1 ? Hidden form fields ? Note that these are just underlying Client 2 Session ID 2 mechanisms and do not provide high-level Session 2 programming APIs 53 54 What is Cookie? Cookies as Session Tracking ? Cookie is a small amount of information sent by a servlet to a Web browser ? Advantages: ? Saved by the browser, and later sent back to – Very easy to implement the server in subsequent requests – Highly customizable ? A cookie's value can uniquely identify a client – Persist across browser shut-downs – So cookies are commonly used for session ? Disadvantages: management – Often: users turn off cookies for privacy or ? A cookie has a name, a single value, and security reason optional attributes – Not quite universal browser support 55 56
    • 12/12/2003 URL Rewriting URL Rewriting as Session Tracking Mechanism ? URLs can be rewritten or encoded to include session information. ? Advantages: – Let user remain anonymous ? URL rewriting usually includes a session id – They are universally supported(most styles) ? Session id can be sent as an added parameter: ? Disadvantages: – http://.../servlet/Rewritten?sessionid=688 – Tedious to rewrite all URLs – Only works for dynamically created documents 57 58 Now Without “Session “ Session Tracking” Feature of Tracking” Feature of Servlet Servlet ? You have to perform the following tasks yourself ? Provides higher-level API for session tracking by using one of three session-tracking mechanisms – Built on top of Cookie or URL rewriting – Generating and maintaining a session id for each ? Servlet container maintains session – internal hashtable of session id's – Passing session id to client via either cookie or URL – session information in the form of HttpSession – Extracting session id information either from cookie or URL ? Generates and maintains session id transparently – Creating and maintaining a hashtable in which session ? Provides a simple API for adding and removing id and session information are stored session information (attributes) to HttpSession – Coming up with a scheme in which session information can be added or removed ? Could automatically switch to URL rewriting if 59 cookies are unsupported or explicitly disabled 60
    • 12/12/2003 What are Java Servlet Filters? What Can a Filter Do? ? New component framework for intercepting ? Examine the request headers and modifying requests and responses ? Customize the request object if it wishes to – Filters can be chained and plugged in to the system modify request headers or data during deployment time ? Customize the response object if it wishes to ? Allows range of custom activities: modify response headers or data – Marking access, blocking access ? Invoke the next entity in the filter chain – Caching, compression, logging ? Examine response headers after it has invoked – Authentication, access control, encryption the next filter in the chain – Content transformations ? Throw an exception to indicate an error in ? Introduced in Servlet 2.3 (Tomcat 4.0) 61 processing 62 How Servlet Filter Work? Servlet Servlet Container Filter Chain Filter 1 Filter 2 Filter N JSP doFilter( User Servlet service( ServletRequest, implemented container ServletRequest, ServletResponse, filters filter ServletResponse)63 64 FilterChain)
    • 12/12/2003 What is JSP Technology? What is JSP page? ? Enables separation of business logic from ? A text-based document capable of presentation returning dynamic content to a client – Presentation is in the form of HTML or browser XML/XSLT – Business logic is implemented as Java Beans or ? Contains both static and dynamic custom tags content – Better maintainability, reusability – Static content: HTML, XML ? Extensible via custom tags – Dynamic content: programming code, and JavaBeans, custom tags ? Builds on Servlet technology 65 66 JSP Sample Code Servlets and JSP - Comparison <html> Servlets JSP Hello World! <br> <jsp:useBean id="clock" • HTML code in Java • Java-like code in HTML class=“calendar.JspCalendar” /> • Any form of Data • Structured Text Today is • Not easy to author a • Very easy to author a <ul> web page web page <li>Day of month: <%= clock.getDayOfMonth() %> <li>Year: <%= clock.getYear() %> • Code is compiled into a </ul> servlet </html> 67 68
    • 12/12/2003 JSP Benefits ? Content and display logic are separated ? Simplify development with JSP, JavaBeans and custom tags ? Supports software reuse through the use of components ? Recompile automatically when changes are made to the source file Web-Tier Security ? Easier to author web pages Issues ? Platform-independent 69 70 General Security Issues Security Issues at Web-Tier ? Authentication for identity verification ? Preventing unauthorized users from – Making sure a user is who he claims he is accessing “access controlled” web resource – If unauthenticated user tries to access “access ? Authorization (Access control) controlled” web resource, web container will – Making sure a resource gets access only by user who automatically ask the user to authenticate himself as access priviledge first – The user has to be authenticated first – Once authenticated, web container (and/or web components) enforces access control ? Confidentiality (Privacy) – ? Preventing attackers from changing or Making sure nobody can read the sensitive data while it is on the wire reading sensitive data while it is on the wire – Data can be protected via SSL 71 72
    • 12/12/2003 HTTP Basic Authentication ? Web server collects user identification (user name and password) through a browser provided dialog box ? Not secure since user name and password are HTTP Basic in “easily decode'able” form over the wire Authentication- – – Encoding scheme is Base64 Someone can easily decode it based ? – Not encrypted Would need SSL for encrypting password Web tier Security 73 74 Steps for Basic Authentication- Step 1: Set up username, based Web-tier Security passwords, and roles (Realms) 1. Set up username, passwords, and roles ? Schemes, APIs, and tools for setting up usernames, (realms) passwords, and roles (realms) are web container and operational environment specific 2. Tell web container that you are using Basic – Flat-file based, Database, LDAP server authentication – Passwords could in encrypted or unencrypted form 3. Specify which URLs (web resources) should be ? Tomcat 4.0 can work with the following realms access-controlled (password-protected) – default: file, unencrypted form 4. Specify which URLs should be available only – Relational database (via JDBCRealm) with SSL (data integrity and confidentiality – LDAP server (via LDAPRealm) protected) 75 76
    • 12/12/2003 Example: Tomcat's default Step 2: Tell web container that you ? <install-dir>/config/tomcat-users.xml are using Basic authentication ? Unencrypted: not secure but easy to set up ? In web.xml file of your web application and maintain <web-app> ... <security-constraint>...</security-constraint> <?xml version='1.0'?> <login-config> <tomcat-users> <auth-method>BASIC</auth-method> <role rolename="manager"/> <realm-name>realm name</realm-name> <role rolename="employee"/> </login-config> ... <role rolename="admin"/> </web-app> <user username="sang" password="sangPassword" roles="manager,employee"/> </tomcat-users> 77 78 Step 3: Specify which URLs should Step 4: Specify which URLs should be access-controlled be available only with SSL <web-app> <web-app> ... ... <security-constraint> <security-constraint> <web-resource-collection> <web-resource-collection> <web-resource-name>WRCollection</web-resource-name> <web-resource-name>WRCollection</web-resource-name> <url-pattern>/loadpricelist</url-pattern> <url-pattern>/loadpricelist</url-pattern> <http-method>GET</http-method> <http-method>GET</http-method> </web-resource-collection> </web-resource-collection> <auth-constraint> <auth-constraint> <role-name>admin</role-name> <role-name>admin</role-name> </auth-constraint> </auth-constraint> <user-data-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </user-data-constraint> </security-constraint> </security-constraint> <login-config> <login-config> <auth-method>BASIC</auth-method> <realm-name></realm-name> <auth-method>BASIC</auth-method> <realm-name></realm-name> </login-config> </login-config> ... ... </web-app> 79 </web-app> 80
    • 12/12/2003 Form-based Authentication ? Web application collects user identification (user name, password, and other information) through a custom login page ? Not secure since user name and password are Form-based in “easily decode'able” form over the wire Authentication – – Encoding scheme is Base64 Someone can easily decode it based ? – Not encrypted Would need SSL for encrypting password Web-tier Security 81 82 Steps for Form-based Authentication based Web-tier Security 1.Set up username, passwords, and roles (realms) 2. Tell web container that you are using Form-based authentication 3. Create Login page 4. Create Login failure error page 5.Specify which URLs (web resources) should be access-controlled (password-protected) 6.Specify which URLs should be available only with SSL (data integrity and confidentiality protected) 84
    • 12/12/2003 Step 1: Set up username, Step 2: Tell web container that you passwords, and roles (Realms) are using Form-based authentication ? Same as in Basic-authentication ? In web.xml file of your web application <web-app> ... <security-constraint>...</security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>realm name</realm-name> </login-config> ... </web-app> 85 86 Step 3: Create Login Page Step 4: Create Login Failure page ? Can be HTML or JSP page ? Can be HTML or JSP page ? Contains HTML form like following ? No specific content is mandated <FORM ACTION="j_security_check" METHOD="POST"> … <INPUT TYPE="TEXT" NAME="j_username"> … <INPUT TYPE="PASSWORD" NAME="j_password"> … </FORM> 87 88
    • 12/12/2003 Step 5: Specify which URLs should be Step 6: Specify which URLs should be access-controlled (Same as Basic Auth) available only with SSL (Same as Basic Auth) <web-app> <web-app> ... ... <security-constraint> <security-constraint> <web-resource-collection> <web-resource-collection> <web-resource-name>WRCollection</web-resource-name> <web-resource-name>WRCollection</web-resource-name> <url-pattern>/loadpricelist</url-pattern> <url-pattern>/loadpricelist</url-pattern> <http-method>GET</http-method> <http-method>GET</http-method> </web-resource-collection> </web-resource-collection> <auth-constraint> <auth-constraint> <role-name>admin</role-name> <role-name>admin</role-name> <role-name>executive</role-name> </auth-constraint> </auth-constraint> <user-data-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </user-data-constraint> </security-constraint> </security-constraint> <login-config> <login-config> <auth-method>FORM</auth-method> <realm-name></realm-name> <auth-method>FORM</auth-method> <realm-name></realm-name> </login-config> </login-config> ... ... </web-app> </web-app> 89 90 Basic vs. Form-based Authentication Basic Form-based • Uses “browser provided • Uses “web application dialog box” to get provided login page” to get username and password username and password • Only username and • Custom data can be password can be collected collected • Might result in different • Can enforce consistent look look and feel and feel • HTTP Authentication header is used to convey • Form data is used to convey username and password EJB • username and password No good way to enter a new user name • Can enter a new user name via login page (Enterprise Java Beans) 91 92
    • 12/12/2003 What is EJB Technology? Why EJB Technology? ? Cornerstone of J2EE ? Leverages the benefits of component- ? A server-side component technology model on the server side ? Easy development and deployment of ? Separates business logic from system code Java technology-based application that ? Provides framework for portable are: components – Transactional, distributed, multi-tier, portable, – Over different J2EE-compliant servers scalable, secure, … – Over different operational environments ? Enables deployment-time configuration – Deployment descriptor 93 94 Do You Need an EJB Tier? EJB Architecture ? Yes, if you want to leverage middleware features provided by container – Resource management, instance life-cycle management, concurrency control and threading – Persistence, transaction and security management – Messaging, scalability, availability ? Yes, if you want to build portable and reusable business components ? Maybe not, for a simple application whose main function is reading database tables 95 96
    • 12/12/2003 EJB Architecture Contracts Client View Contract ? Contracts are specified in EJB specification ? Client of an EJB can be ? Client view contract – Web tier components: Servlet and JSP – Contract between client and container – Standalone Java application – Applet ? Component contract – Another EJB in same or different container – Contract between an Enterprise Bean and its Container – Web services client (in EJB 2.1) ? Provides development model for clients using EJB services 97 98 Client View Contract (Contd.) Component Contract: What Container does (for Beans) ? Client view contract is comprised of ? Enables EJB method invocations from clients – Home interface ? Manage the life cycle of EJB bean instances ? For local or remote clients ? Contains methods for creating and locating beans ? Implements home and remote interfaces – Remote interface ? Provide persistence for CMP entity beans ? For local or remote clients ? Provide runtime context information to beans ? Contains business methods ? Manage transactions, security, exceptions, etc... – Object identity ? Implements callbacks – Metadata interface – Handle 99 100
    • 12/12/2003 EJB Contracts Types of Beans ? Session Beans – Stateful session beans Client Client view contract Enterprise – Stateless session beans bean instances ? Entity Beans EJB Component Container contract – Bean Managed Persistence (BMP) – Container Managed Persistence (CMP) EJB server ? Message Driven Beans – JMS – JAXM 101 102 Session Beans When to Use Session ? Does work on behalf of a single client Beans? ? Is not persistent and hence relatively short ? Use Session beans to model process or control objects specific to a particular client. lived – Is removed when the EJB™ server crashes ? To model workflow, processes or tasks, manage activities (make reservation, ? Does not represent data in data store, purchase...). although can access/update such data ? To Coordinate processes between entity beans, ? Bean class implements control interactions of beans. javax.ejb.SessionBean interface ? To Move business application logic from Client to the Server Side. 103 104
    • 12/12/2003 2 Types of Session Beans Examples of Session Beans ? Stateless: execute a request and return a result without saving any client specific ? Stateless session beans state information – Catalog – transient ? No client specific state needs to be preserved – temporary piece of business logic needed by a – Interest calculator specific client for a limited time span ? No client specific state needs to be preserved ? Stateful: maintains client specific state ? Business logic with no need for database access Stateless Session bean Stateful Session bean ? Staeful session beans State instance data – Shopping cart ? Client specific state needs to be preserved 105 106 Entity Beans Entity Beans ? Provides object view of data in data store ? Clients normally look up (find) an existing – Its lifetime not related to the duration of entity EJB interaction with clients – Creation means adding a row to a database table – Lives as long as data exists in database i.e. Long – Finding means finding a row in a existing database lived table – In most cases, synchronized with relational ? Entity bean instance has unique identifier databases called primary key ? Shared access among clients – Primary key can be any class ? Bean class implements javax.ejb.EntityBean interface 107 108
    • 12/12/2003 Examples of Entity Beans 2 Types of Entity Beans ? Customer ? CMP (Container Managed Persistence) – Customer data has to persist, thus is maintained – Persistence is managed by Container in the database – Persistence requirements are specified in – Customer data has to survive server crash deployment descriptor – Customer data is shared by many clients – Bean developer does not have to worry about providing persistence logic in his code – Each customer has unique identification such as customer number ? BMP (Bean Managed Persistence) – Persistence logic code is provided by Bean developer 109 110 When to Use CMP vs. BMP? Session Beans and Entity Beans ? CMP entity beans Session Beans Entity Beans – With CMP 2.0, there is no reason not to use CMP ? Represent a business ? Represent business data – Database independence process ? Shared instance for – Higher performance ? One instance per client multiple clients – Easy to develop and deploy ? Short-lived: Life of ? Long-lived: as long as client is life of bean data in database ? BMP entity beans ? Transient ? Persistent – More programmatic control is desired ? Doesn’t survive server ? Survive server crashes crashes ? Always transactional ? May be transactional 111 112
    • 12/12/2003 Entity and Session Beans— Typical Architecture Entity and Session Beans 113 114 Message-Driven Beans (MDB) ? Acts as a consumer of asynchronous messages ? Cannot be called directly by clients – Activated upon message arrival – No home or remote interface ? Clients interact with MDB by sending messages to the queues or topics to which JMS they are listening (Java Message Service) ? Stateless 115 116
    • 12/12/2003 Java Message Service (JMS) ? Messaging systems (MOM) provide – Decoupled communication – Asynchronous communication – Plays a role of centralized post office ? Benefits of Messaging systems – Flexible, Reliable, Scalable communication systems ? Point-to-Point, Publish and Subscribe Connector Architecture ? JMS defines standard Java APIs to messaging systems 117 118 m x n Problem Before Connector Connector Architecture Architecture ? Defines standard SPI for integrating J2EE m n technology with EIS systems App SAP – CICS, SAP, PeopleSoft, etc. Server1 ? Before Connector architecture, each App App EIS2 server has to provide an proprietary adaptor Server2 for each EIS system App EIS3 – m (# of App servers) x n (# of EIS'es) Adaptors Server3 ? With Connector architecture, same adaptor App EIS4 works with all J2EE compliant containers Server – 1 (common to all App servers) x n (# of EIS'es) Adaptors 119 120
    • 12/12/2003 Connector Architecture ? Defines – Connection pooling – Security – Transaction Other J2EE APIs & Technologies 121 122 JNDI JDBC ? Java Naming and Directory Interface ? Provides standard Java programming API ? Utilized by J2EE applications to locate to relational database resources and objects in portable fashion – Uses SQL – Applications use symbolic names to find object ? Vendors provide JDBC compliant driver references to resources via JNDI which can be invoked via standard Java – The symbolic names and object references have programming API to be configured by system administrator 123 124
    • 12/12/2003 J2EE Management (JSR-77) J2EE Management (JSR-77) - J2EE 1.4 ? Management applications should be able ? Management information model to discover and interpret the managed data • example: J2EE app server, EJB beans of any J2EE platform ? Mapping the information model to ? Single management platform can manage • CIM (Common Information Model) multiple J2EE servers from different vendors • SNMP MIB (Management Information Base) ? Management protocol specifications ensure • Java APIs for J2EE Management EJB component a uniform view by SNMP and WBEM (MEJB) • Exposes managed objects as JMX Managed Beans management stations (Mbeans) ? Leverages JMX 125 126 J2EE Deployment (JSR-88) - J2EE 1.4 JMX Tools J2EE Platforms JMX API into Standard the J2EE 1.4 platform Dynamic Deployment IDEs Deployment API (Universal Remote) JMX Vendor Deploy JMX Tools App J2EE App Server Management Tools JMX de-facto A single technology for the J2EE platform 127 128
    • 12/12/2003 JACC (Java Authorization Contract for Containers) - J2EE 1.4 ? Defines contract between J2EE containers and authorization policy modules – – Provider configuration subcontract Policy configuration subcontract J2EE as End-to-End – Policy enforcement subcontract Architecture ? Enable application servers to integrate with enterprise user registries and authorization policy infrastructure 129 130 The J2EE Platform Architecture J2EE is End-to-End Solution Firewall J2EE Application B2B Server Applications Client Enterprise Existing Enterprise Information JavaBeans™ B2C Applications Client Systems (EIS): Applications Client Relational Database, Web Enterprise Legacy Client Server JavaBeans Applications, Web JSP, Services Servlets ERP Systems Client Application Server HTML/XML Wireless Enterprise Other Services: Enterprise JNDI, JMS, Applications Information Client Middle JavaMail™ Information Systems Tier Tier Tier 131 132
    • 12/12/2003 N-tier J2EE Architecture J2EE Component & Container Architecture Web Tier EJB Tier 133 134 J2EE Containers & Components Containers and Components Applet Container Web Container EJB Container Containers Components Applet HTTP/ Handle Handle JSP Servlet RMI EJB HTTPS J2SE l Concurrency l Presentation RMI/IIOP RMI/IIOP JavaMail JavaMail Security Business Logic JDBC JDBC l l JMS JTA JNDI JMS JTA JNDI App Client JAF JAF Container l Availability App HTTP/ J2SE Client HTTPS l Scalability RMI l Persistence RMI/IIOP Transaction JDBC JMS JNDI l J2SE J2SE l Lifecycle management l Management Database 135 136
    • 12/12/2003 Containers & Components ? Containers do their work invisibly – No complicated APIs – They control by interposition J2EE Application ? Containers implement J2EE Development & Deployment – Look the same to components Life Cycle – Have great freedom to innovate 137 138 J2EE Application Lifecycle Illustration Development Lifecycle Creation Assembly Deployment Assembled Created by J2EE Modules and Augmented J2EE APP Processed ? Write and compile component code Component Developer by Application Assembler by Deployer – Servlet, JSP, EJB Deploy ? Write deployment descriptors for components J2EE Container ? Assemble components into ready-to- deploy'able package Enterprise Components ? Deploy the package on a server 139 140
    • 12/12/2003 J2EE Roles The Deployment Descriptor ? Component provider ? Gives the container instructions on how to manage and control behaviors of the J2EE – Bean provider components ? Application assembler – Transaction ? Deployer – Security ? Platform provider – Persistence – Container provider ? Allows declarative customization (as opposed to programming customization) ? Tools provider – XML file ? System administrator ? Enables portability of code 141 142 Possible J2EE Application Anatomies Web Server EJB Server DB & EIS J2EE Application Resources Anatomies Browser Web Server EJB Server Stand-alone 143 144
    • 12/12/2003 J2EE Application Anatomies Which One to Use? ? 4-tier J2EE applications ? Depends on several factors – Requirements of applications – HTML client, JSP/Servlets, EJB, JDBC/Connector – Availability of EJB tier ? 3-tier J2EE applications – Availability of developer resource – HTML client, JSP/Servlets, JDBC ? 3-tier J2EE applications – EJB standalone applications, EJB, JDBC/Connector ? B2B Enterprise applications – J2EE platform to J2EE platform through the exchange of JMS or XML-based messages 145 146 What and Why a Reference Implementation? ? Validates specification ? Fully-compliant J2EE ? Fully-functional Reference Implementation, ? Not commercial quality – Scalability Compatibility Suite, Brand – Performance ? Use it for prototyping ? Java Web Services Developer Pack is 147 production quality, however 148
    • 12/12/2003 Compatibility Test Suite J2EE Application Verification Kit (CTS) (J2EE AVK) ? Ultimate Java™ technology mission: ? How can I test my J2EE application portability? – Write Once, Run Anywhere ™ • Obtain the J2EE RI 1.3.1 and the J2EE Application – My Java-based application runs on any Verification Kit (J2EE AVK) compatible Java virtual machines ? Self verification of application – My J2EE based technology-based application will run on any J2EE based Compatible – Static verification platforms – Dynamic verification ? Obtain the tests results, verify that all criteria are met 149 150 Compatible Products J2EE™ Technology Licensees for the J2EE Platform (Brand) AOL Gemstone NEC Sonic ATG Hitachi Nokia Sybase ATG iPlanet BEA Systems IBM Merant Secant Bea Systems Macromedia HP Bluestone Interworld Oracle Corp. SpiritSoft Borland NEC BroadVision In-Q-My Cape Clear Talarian Computer Oracle Borland IONA Persistence TIBCO Associates Compaq iPlanet Pramati TMAX Soft Pramati CA Lutris SAS Institute TogetherSoft Fujitsu SilverStream Fujitsu Macromedia Silverstream Trifork Hitachi Sybase WebGain HP Talarian IBM Trifork IONA 151 152
    • 12/12/2003 The J2EE Platform “Ecosystem,” Major Investment in Application Servers and… Compatibility by the Industry ? Tools ? Sun has spent scores of engineer years – IDE’s: Borland JBuilder Enterprise, WebGain Visual developing tests Cafe’, IBM Visual Age for Java™, Forte™ for Java™, Oracle JDeveloper, Macromedia Kawa ? Licensees have spent scores of engineer – Modeling, Performance, Testing, etc. years passing the tests ? Enterprise Integration: Connectors, ? Testing investment on top of specification Java Message Service (JMS) API, XML investment, implementation investment, ? Components business investments ? Frameworks ? In total, tens of millions of dollars invested in ? Applications J2EE platform compatibility by the industry 153 154 J2EE BluePrint ? Best practice guidelines, design patterns and design principles – MVC pattern J2EE Blueprint & ? Covers all tiers – Client tier Pet Store Application – Web tier – Business logic (EJB) tier – Database access tier ? Sample code – Java Pet Store 155 156
    • 12/12/2003 J2EE 1.4 Theme ? Major theme is Web Services ? Allow J2EE applications to be exposed as SOAP/HTTP based Web services Web Services ? Integrate with existing Web services Ensure interoperability Support in J2EE 1.4 ? • SOAPBuilder effort • Will support WS-I Basic profile 157 158 Design Goals J2EE Web Services What Is a J2EE Web Service? Framework ? A set of endpoints (ports) operating on ? Portability of Web services component messages – Over different vendor platform ? Ports are operating within a container – Over different operational environment – Container provides runtime environment – Contract for runtime environment are specified in ? Leveraging existing J2EE programming models JAX-RPC, EJB 2.1, JSR 109 for service implementation ? Service is described abstractly in WSDL ? Easy to program and deploy document and published to a registry – High-level Java APIs – WSDL specifies a contract between service provider – Use existing deployment model and client 159 160
    • 12/12/2003 Web Service Component and Web Service Components Container Web services ? Container vs. Component model components – Web services components get executed within a container – Components are portable (under J2EE 1.4) ? Web service components – Web-tier (Servlet-based endpoint) – EJB-tier (Stateless session bean-based endpoint) 161 Source: Web Services for J2EE (JSR 109), V1.0 162 Web Services for J2EE (JSR 109) ? Addresses overall Web services architecture over J2EE – Deployment requirements for Web service clients and Java APIs for – endpoints Standard deployment descriptors Web Services over J2EE – JAX-RPC programming model – JNDI lookup of service objects – Container-managed security – Declaration of handlers and serializers 163 164
    • 12/12/2003 JAX-RPC JAX-RPC Architecture Diagram ? Servlet-based Web service endpoint model JAX-RPC JAX-RPC Client WSDL Document Service Endpoint ? XML data types to/from Java types mapping JavaïWSDL WSDLóJava Generated Code ? WSDL to/from Java mapping Container Container ? JAX-RPC Client Programming Models ? SOAP Message Handler framework Client-side JAX-RPC Runtime System Server-side JAX-RPC Runtime System ? Extensible type mapping SOAP HTTP 165 166 Relationship to WSDL SOAP Message Handlers ? Handlers let you access/modify SOAP JAX-RPC describes a Web Service as a collection request and response messages of remote interfaces and methods – Typically used to process service contexts in SOAP header blocks Tools are used to convert between WSDL – Can be used to extend functionality of Web services documents and sets of Java remote interfaces runtime system (“Generate Web Services Files” menu in Sun ONE Studio 5, “wscompile” in Java WSDP) ? J2EE containers (which provide Web services runtime) are likely to use them internally to provide session/transaction propagation WSDL describes a Web Service as a ? Example handlers: collection of ports and operations – encryption, decryption, authentication, 167 authorization, logging, auditing, caching 168
    • 12/12/2003 SOAP Message Handlers SOAP Message Handlers ? Pluggable and chainable – Through standardized programming API – Portable across implementations SOAP Message Handler Chain ? Has its own lifecycle <Request> Service – JAX-RPC runtime system calls init(), destroy() of a Handler Handler Endpoint (Port) handler ? Handler instances can be pooled ? MessageContext is used to share properties SOAP Message <Response> among handlers in a handler chain 169 170 JAX-RPC Client Programming Service Implementation Models public class AttachmentServiceImpl extends AttachmentService { ? Stub-based (least dynamic) public String storeImageService(DataHandler dh, String imageFileName){ – Both interface (WSDL) and implementaion (stub) ... created at compile time BufferedInputStream in = ? Dynamic proxy new BufferedInputStream (dh.getInputStream()); ... – Interface (WSDL) created at compile time – Implementation (dynamic proxy) created at runtime } ? Dynamic invocation interface (DII) – Both interface (WSDL) and implementaion created at runtime 171 172
    • 12/12/2003 Client sending Attachment SAAJ public class AttachmentServiceClient { public static void main(String[] args) { ? Handles low-level SOAP message handling ... • Contains the API for creating and populating a SOAP DataHandler dh = messages conforming to SOAP 1.1 and SOAP with new DataHandler(new FileDataSource(filename)); Attachment specifications AttachmentService myProxy = ... String response = myProxy.storeImageService(dh, filename); • Used by high-level APIs (such as JAX-RPC runtime) ... ? Contains API necessary for sending request- } } response (non-provider-model) messages ? Separated out from JAXM 1.0 into JAXM 1.1 and SAAJ 1.1 173 174 Web Services Support in EJB 2.1 JAXR ? Defines Stateless Session Bean-based Web ? Standard Java API for performing registry services endpoint model operations over diverse set of registries – Stateless session bean can be web services implementation – Web service publication & discovery – Web services endpoint interface (service definition ? A unified information model for describing interface) for Stateless session bean business registry content – Can implement SOAP Message Handlers for Stateless session bean based endpoint ? Provides multi-layered API abstractions – Level 0: for UDDI – Level 1: for ebXML registry/repository 175 176
    • 12/12/2003 JAXR Architecture How to Get Started 177 178 Step1: How to Get Started (for Step2: How to Get Started (for Beginners) for Web-tier Beginners) for EJB tier and Others ? Download and run Java Web Services Developer ? Download and run J2EE 1.3.1 Reference Pack (Java WSDP) and its tutorial for web-tier Implementation (RI) programming (Servlet and JSP) – In the future course, we will use Sun ONE App Server 7 Platform Edition, which is production quality and is also ? Java Web Services Developer Pack Download freely downloadable – java.sun.com/webservices/downloads/webservicespack.html ? Study J2EE Tutorial from java.sun.com ? Java Web Services Developer Pack Tutorial – developer.java.sun.com/developer/onlineTraining/J2EE – java.sun.com/webservices/downloads/webservicestutorial.ht /Intro2/j2ee.html ml 179 180
    • 12/12/2003 Step3: Next Step (For Step4: Next Step (For Advanced Intermediate J2EE Programmers) J2EE Programmers) ? Leverage J2EE Blueprint ? Try J2EE IDE of your choice. Sun ONE Studio 4 EE has 60 day free license with bunch of sample ? Download and read J2EE Blueprint to learn programs you can try the best practice guidelines and design ? Sun ONE Studio 4 EE patterns – wwws.sun.com/software/sundev/jde/buy/index.html ? Download and run Java Pet Store as an ? Sun ONE Studio 4 EE tutorial example of J2EE application based on best – wwws.sun.com/software/sundev/jde/examples/index.html practice guidelines ? Other vendors also have good quality J2EE IDE's – java.sun.com/blueprints/guidelines/designing_e – BEA, IBM, Borland nterprise_applications_2e/index.html 181 182 Step5: Next Step (For Advanced Step6: Next Step (For J2EE 1.4 J2EE Programmers) Features) ? There is no shortage of quality J2EE online ? We will use J2EE 1.4 Beta Reference resources Implementation for building J2EE – java.sun.com/j2ee applications that use 1.4 features (or we – www.theserverside.com might use individually released packages) – JAXP, JAX-RPC, JAXR, SAAJ – JMX – Management and Deployment – JACC – ... 183 184
    • 12/12/2003 Next Step (For J2EE 1.4 Features) ? J2EE Application Verification Kit ? EcPerf (SPECJAppServer) Evolution of Web Application Frameworks 185 186 Evolution of MVC Architecture Evolution of Web Application Design before MVC Model 2 1. No MVC 2. MVC Model 1 3. MVC Model 2 4. Web application framework (based on MVC Model 2) ? Struts, Sun ONE Application framework 5. Web application framework ? JavaServer Faces (JSR-127) No MVC Model 1 architecture 187 188
    • 12/12/2003 MVC Model 1 Architecture Why MVC Model 2 Architecture? ? What if you want to present different JSP pages depending on the data you receive? – JSP technology alone even with JavaBeans and Browser JavaBeans custom tags (Model 1) cannot handle it well (Model) JSP (Controller+View) ? Solution – Use Servlet and JSP together (Model 2) – Servlet handles initial request, partially process the Enterprise servers/ data, set up beans, then forward the results to one Client Tier Middle Tier Data sources of a number of different JSP pages 189 190 MVC Model 2 Architecture Web Application Frameworks ? Based on MVC Model 2 architecture Servlet ? Web-tier applications share common set of (Controller) functionality Browser Selection of view Access to – Dispatching HTTP requests Model JSP – Invoking model methods (View) – Selecting and assembling views Client Tier Enterprise servers/ ? Provide classes and interfaces that can be Middle Tier Data sources used/extended by developers 191 192
    • 12/12/2003 Why Web Application Framework? Web Application Frameworks ? De-coupling of presentation tier and business logic into separate components ? Apache Struts ? Provides a central point of control ? Sun ONE Application Framework ? Provides rich set of features ? JavaServer Faces (JSR-127) ? Facilitates unit-testing and maintenance – Standard-based Web application framework ? Availability of compatible tools ? Provides stability ? Enjoys community-supports ? Simplifies internationalization ? Simplifies input validation 193 194 Summary ? J2EE is the platform of choice for development and deployment of n-tier, web-based, transactional, component- Summary & ? based enterprise applications J2EE is standard-based architecture Resources ? J2EE is all about community ? J2EE evolves according to the needs of the industry 195 196
    • 12/12/2003 Resources Resources ? J2EE Home page ? Java Web Services Developer Pack Download – java.sun.com/j2ee – java.sun.com/webservices/downloads/webservicespack.html ? J2EE Reference Implementation ? Java Web Services Developer Pack Tutorial – java.sun.com/webservices/downloads/webservicestutorial.html – http://java.sun.com/downloads/ ? Sun ONE Studio 4 EE ? J2EE Tutorial – wwws.sun.com/software/sundev/jde/buy/index.html – developer.java.sun.com/developer/onlineTraining/J2 EE/Intro2/j2ee.html ? Sun ONE Studio 4 EE tutorial – wwws.sun.com/software/sundev/jde/examples/index.html ? J2EE Blueprint ? Sang Shin's free J2EE Programming course – java.sun.com/blueprints/guidelines/designing_enter prise_applications_2e/index.html – www.javapassion.com/j2ee 197 198 Evaluation Course # ISUN2SN 199