![JSON-‐P
JsonArray
contacts
=
Json.createArrayBuilder()
.add(Json.createObjectBuilder()
.add("name",
"Duke")
.add("gender",
"M")
.add("phones",
Json.createObjectBuilder()
.add("home",
"650-‐123-‐4567")
.add("mobile",
"650-‐234-‐5678")))
Copyright
©
2014,
Oracle
and/or
its
affiliates.
All
rights
reserved.
.add(Json.createObjectBuilder()
.add("name",
"Jane")
.add("gender",
"F")
.add("phones",
Json.createObjectBuilder()
.add("mobile",
"707-‐555-‐9999")))
.build();
19
!
[
{
"name":"Duke",
"gender":"M",
"phones":{
"home":"650-‐123-‐4567",
"mobile":"650-‐234-‐5678"}},
{
"name":"Jane",
"gender":"F",
"phones":{
"mobile":"707-‐555-‐9999"}}
]
!](https://image.slidesharecdn.com/jfalldelabasseejavaee8-141106020532-conversion-gate01/75/java-ee-8-an-instant-snapshot-19-2048.jpg?cb=1670113593)
![JSON-‐P
JsonArray
contacts
=
…
JsonPointer
p
=
Json.createPointer("/0/phones/mobile");
JsonValue
v
=
p.getValue(contacts);
Copyright
©
2014,
Oracle
and/or
its
affiliates.
All
rights
reserved.
!
[
{
"name":"Duke",
"gender":"M",
"phones":{
"home":"650-‐123-‐4567",
"mobile":"650-‐234-‐5678"}},
{
"name":"Jane",
"gender":"F",
"phones":{
"mobile":"707-‐555-‐9999"}}
]
!
20](https://image.slidesharecdn.com/jfalldelabasseejavaee8-141106020532-conversion-gate01/75/java-ee-8-an-instant-snapshot-20-2048.jpg?cb=1670113593)
![JSON-‐P:
Java
API
for
JSON
Processing
1.1
Copyright
©
2014,
Oracle
and/or
its
affiliates.
All
rights
reserved.
Tracking
new
standards
• JSON-‐Patch
–
IETF
RFC
6902
• Patch
is
a
JSON
document
– Array
of
objects
/
operations
for
modifying
a
JSON
document
– Must
have
"op"
field
and
"path"
field
– add,
replace,
remove,
move,
copy,
test
[
{"op":"replace","path":"/0/phones/mobile","value":"650-‐111-‐222"},
{"op":"remove","path":"/1"}
]
21](https://image.slidesharecdn.com/jfalldelabasseejavaee8-141106020532-conversion-gate01/75/java-ee-8-an-instant-snapshot-21-2048.jpg?cb=1670113593)
![Copyright
©
2014,
Oracle
and/or
its
affiliates.
All
rights
reserved.
JSON-‐P
[
{
"op":"replace",
"path":"/0/phones/mobile",
"value":"650-‐111-‐2222"},
{
"op":"remove",
"path":"/1"}
]
!
[
{
"name":"Duke",
"gender":"M",
"phones":{
"home":"650-‐123-‐4567",
"mobile":"650-‐234-‐5678"}},
{
"name":"Jane",
"gender":"F",
"phones":{
"mobile":"707-‐555-‐9999"}}
]
!
22](https://image.slidesharecdn.com/jfalldelabasseejavaee8-141106020532-conversion-gate01/75/java-ee-8-an-instant-snapshot-22-2048.jpg?cb=1670113593)
![Copyright
©
2014,
Oracle
and/or
its
affiliates.
All
rights
reserved.
JSON-‐P
[
{
"op":"replace",
"path":"/0/phones/mobile",
"value":"650-‐111-‐2222"},
{
"op":"remove",
"path":"/1"}
]
!
[
{
"name":"Duke",
"gender":"M",
"phones":{
"home":"650-‐123-‐4567",
"mobile":"650-‐111-‐2222"}},
{
"name":"Jane",
"gender":"F",
"phones":{
"mobile":"707-‐555-‐9999"}}
]
!
23](https://image.slidesharecdn.com/jfalldelabasseejavaee8-141106020532-conversion-gate01/75/java-ee-8-an-instant-snapshot-23-2048.jpg?cb=1670113593)
![Copyright
©
2014,
Oracle
and/or
its
affiliates.
All
rights
reserved.
JSON-‐P
[
{
"op":"replace",
"path":"/0/phones/mobile",
"value":"650-‐111-‐2222"},
{
"op":"remove",
"path":"/1"}
]
!
[
{
"name":"Duke",
"gender":"M",
"phones":{
"home":"650-‐123-‐4567",
"mobile":"650-‐111-‐2222"}}
]
!
24](https://image.slidesharecdn.com/jfalldelabasseejavaee8-141106020532-conversion-gate01/75/java-ee-8-an-instant-snapshot-24-2048.jpg?cb=1670113593)
Java EE 8 - An instant snapshot
•7 likes•1,721 views
Report
Share
Download to read offline
Presented at J-Fall (Nov. 2014)
More Related Content
Similar to Java EE 8 - An instant snapshot
Similar to Java EE 8 - An instant snapshot(20)
More from David Delabassee
More from David Delabassee(20)
Recently uploaded
Recently uploaded(12)
Java EE 8 - An instant snapshot
- 1. David Delabassee (@delabassee) Oracle Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Java EE 8 “An instant snapshot” J-‐Fall 2014 1
- 2. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 2
- 3. Preview of Java EE 8 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Program Agenda How did we get here? What do we want to do? How can you get involved? 1 2 3 3
- 4. DEVELOPER PRODUCTIVITY Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 7 ENTERPRISE EDITION ▪Batch ▪Concurrency ▪Simplified JMS ▪More annotated POJOs ▪Less boilerplate code ▪Cohesive integrated platform ▪WebSockets ▪JSON ▪Servlet 3.1 NIO ▪REST MEETING ENTERPRISE DEMANDS Java EE 7 4
- 5. Industry Trends We're Seeing Reactive Programming Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Cloud Mobile HTTP/2 User Experience SECURITY 5
- 6. Feedback from the Community Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Many sources – Users lists of java.net projects – JIRAs – JavaOne 2013 Java EE BOF and Java EE EG meeting – Outreach by evangelists • Consolidated into Community Survey 6
- 7. Java EE 8 Community Survey Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • 3 parts over 3½ months – 47 questions – 15 fill-‐ins – 1000’s of comments • 4500+ respondents • Prioritization of most-‐popular features 7
- 8. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 8
- 9. Community-‐Prioritized Features Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 9
- 10. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 8 ! ! Driven by Community Feedback You asked for it, you got it! 10
- 11. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 8 Themes • HTML5 / Web Tier Enhancements • Ease of Development / CDI alignment • Infrastructure for running in the Cloud 11
- 12. HTML5 Support / Web Tier Enhancements Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • JSON Binding • JSON Processing enhancements • Server-‐sent Events • Action-‐based MVC • HTTP/2 support 12
- 13. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-‐B Java API for JSON Binding Which of these APIs do you think is important to be included in Java EE 8? 13
- 14. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-‐B Java API for JSON Binding • API to marshal/unmarshal Java objects to/from JSON – Similar to JAXB runtime API in XML world • Default mapping of classes to JSON – Annotations to customize the default mappings – JsonProperty, JsonTransient, JsonNillable, JsonValue, … • Draw from best practices of existing JSON binding implementations – MOXy, Jackson, GSON, Genson, Xstream, … – Allow switch of JSON binding providers 14
- 15. JSON-‐B @Entity public class Person { ! @Id String name; { String gender; @ElementCollection Map<String,String> phones; ... // getters and setters } ! Person duke = new Person(); duke.setName("Duke"); duke.setGender("M"); phones = new HashMap<String,String>(); phones.put("home", "650-‐123-‐4567"); phones.put("mobile", "650-‐234-‐5678"); duke.setPhones(phones); ! Marshaller marshaller = new JsonContext().createMarshaller().setPrettyPrinting(true); marshaller.marshal(duke, System.out); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. "name":"Duke", "gender":"M", "phones":{ "home":"650-‐123-‐4567", "mobile":"650-‐234-‐5678"} } 15
- 16. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-‐B • All the way from client to database – JSON-‐B will provide JAX-‐RS a standard way to support “application/json” media type JPA JSON-‐B Data Source JSON JAX-‐RS Java Objects 16
- 17. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-‐P 1.1 Java API for JSON Processing • Keep JSON-‐P spec up-‐to-‐date • Track new standards • Add editing operations to JsonObject and JsonArray • Helper classes and methods to better utilize SE 8’s stream operations 17
- 18. JSON-‐P: Java API for JSON Processing 1.1 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Tracking new standards • JSON-‐Pointer – IETF RFC 6901 – String syntax for referencing a value "/0/phones/mobile" 18
- 19. JSON-‐P JsonArray contacts = Json.createArrayBuilder() .add(Json.createObjectBuilder() .add("name", "Duke") .add("gender", "M") .add("phones", Json.createObjectBuilder() .add("home", "650-‐123-‐4567") .add("mobile", "650-‐234-‐5678"))) Copyright © 2014, Oracle and/or its affiliates. All rights reserved. .add(Json.createObjectBuilder() .add("name", "Jane") .add("gender", "F") .add("phones", Json.createObjectBuilder() .add("mobile", "707-‐555-‐9999"))) .build(); 19 ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-‐123-‐4567", "mobile":"650-‐234-‐5678"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-‐555-‐9999"}} ] !
- 20. JSON-‐P JsonArray contacts = … JsonPointer p = Json.createPointer("/0/phones/mobile"); JsonValue v = p.getValue(contacts); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-‐123-‐4567", "mobile":"650-‐234-‐5678"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-‐555-‐9999"}} ] ! 20
- 21. JSON-‐P: Java API for JSON Processing 1.1 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Tracking new standards • JSON-‐Patch – IETF RFC 6902 • Patch is a JSON document – Array of objects / operations for modifying a JSON document – Must have "op" field and "path" field – add, replace, remove, move, copy, test [ {"op":"replace","path":"/0/phones/mobile","value":"650-‐111-‐222"}, {"op":"remove","path":"/1"} ] 21
- 22. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-‐P [ { "op":"replace", "path":"/0/phones/mobile", "value":"650-‐111-‐2222"}, { "op":"remove", "path":"/1"} ] ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-‐123-‐4567", "mobile":"650-‐234-‐5678"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-‐555-‐9999"}} ] ! 22
- 23. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-‐P [ { "op":"replace", "path":"/0/phones/mobile", "value":"650-‐111-‐2222"}, { "op":"remove", "path":"/1"} ] ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-‐123-‐4567", "mobile":"650-‐111-‐2222"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-‐555-‐9999"}} ] ! 23
- 24. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-‐P [ { "op":"replace", "path":"/0/phones/mobile", "value":"650-‐111-‐2222"}, { "op":"remove", "path":"/1"} ] ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-‐123-‐4567", "mobile":"650-‐111-‐2222"}} ] ! 24
- 25. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-‐P 1.1 • JsonObject and JsonArray are immutable • Need editing capability to implement JSON patch • Possible approach: use builder pattern – Builder creates mutable object for temporary editing – Convert to immutable object when done JSON Patch 25
- 26. JSON-‐P 1.1 JSON Query using Lambda Operations JsonArray contacts = ...; List<String> femaleNames = contacts.getValuesAs(JsonObject.class).stream() .filter(x-‐>"F".equals(x.getString("gender"))) .map(x-‐>(x.getString("name")) .collect(Collectors.toList()); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 26
- 27. JSON-‐P 1.1 JSON Query collecting results in JsonArray JsonArray contacts = ...; JsonArray femaleNames = contacts.getValuesAs(JsonObject.class).stream() .filter(x-‐>"F".equals(x.getString("gender"))) .map(x-‐>(x.getString("name")) .collect(JsonCollectors.toJsonArray()); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 27
- 28. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-‐sent Events Should we also standardize a Java API for server-‐sent events? 28
- 29. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-‐sent Events • Part of HTML5 standardization • Server-‐to-‐client streaming of text data • Mime type : “text/event-‐stream” • Long-‐lived HTTP connection – Client establishes connection – Server pushes update notifications to client – Commonly used for one-‐way transmission for period updates or updates due to events 29
- 30. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-‐sent Events • Several possibilities: Servlet; WebSocket; JAX-‐RS; standalone –We polled the experts • JAX-‐RS deemed most natural fit – Streaming HTTP resources already supported – Small extension • Server API: new media type; EventOutput • Client API: new handler for server side events – Convenience of mixing with other HTTP operations; new media type – Jersey (JAX-‐RS RI) already supports SSE 30
- 31. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-‐sent Events JAX-‐RS resource class @Path("tickers") public class StockTicker { @Get @Produces("text/event-‐stream") public EventOutput getQuotes() { EventOutput eo = new EventOutput(); new StockThread(eo).start() return eo; } } 31
- 32. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JAX-‐RS StockThread class class StockThread extends Thread { private EventOutput eo; private AtomicBoolean ab = new AtomicBoolean(true); ! public StockThread(EventOutput eo) { this.eo = eo; } public void terminate() { ab.set(false); } @Override public void run() { while (ab.get()) { try { // ... eo.send(new StockQuote("...")); // ... } catch (IOException e) { // ... } } } } 32 Server-‐sent Events
- 33. JAX-‐RS Client WebTarget target = client.target("http://example.com/tickers"); EventSource Copyright © 2014, Oracle and/or its affiliates. All rights reserved. eventSource = new EventSource(target) { @Override public void onEvent(InboundEvent inboundEvent) { StockQuote sq = inboundEvent.readData(StockQuote.class); // ... } }; eventSource.open(); 33 Server-‐sent Events
- 34. Model View Controller 1.0 (MVC) Should Java EE provide support for MVC alongside JSF? ! ! ! Is there any one de-‐facto standard technology in this space to which we should look for inspiration? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 34
- 35. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. MVC 1.0 • Action-‐based model-‐view-‐controller architecture • Glues together key Java EE technologies: – Model • CDI, Bean Validation, JPA – View • Facelets, JSP – Controller • Invent new technology? • Leverage existing technologies such as JAX-‐RS, … ? 35
- 36. Address the Limitations of HTTP 1.x Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 HTTP/2 expected as Proposed Standard from IETF in November • Reduce latency • Address the HOL blocking problem • Support parallelism (without requiring multiple connections) • Retain semantics of HTTP 1.1 • Define interaction with HTTP 1.x 36
- 37. HTTP 1.1 HTTP/2 stream 1 HEADERS stream 3 HEADERS Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 Multiplexed Binary Frames • One TCP Connection • Request -‐> Stream - Multiplexed - Prioritised • Binary Framing Layer - Prioritisation - Flow Control - Server Push • Header Compression 37 POST /upload HTTP/1.1 Host: www.test.com Content-‐Type: application/json Content-‐Length: 15 !{ “name”:“duke”} HEADERS frame DATA frame stream 1 DATA stream 3 DATA Client Server stream 4 DATA stream 6 DATA
- 38. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 38 Header Compression
- 39. Client Server Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 39 Server Push /index.html : stream 1 /style.css : stream 2 /script.js : stream 4 stream 1 HEADERS stream 1 FRAME x stream 2 PROMISE stream 4 PROMISE
- 40. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Servlet 4.0 HTTP/2 Features in Servlet API • Request/response multiplexing – Servlet Request as HTTP/2 message • Stream prioritization – Add stream priority to HttpServletRequest • Server push • Binary framing • Upgrade from HTTP 1.1 40
- 41. Ease of Development / CDI Alignment Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Security interceptors • Simplified messaging through CDI-‐based “MDBs” • JAX-‐RS injection alignment • WebSocket scopes • Pruning of EJB 2.x client view and IIOP interoperability 41
- 42. Security Simplifications / CDI Alignment Should we consider adding Security Interceptors in Java EE 8? ! ! ! Should we simplify authorization by introducing an EL-‐enabled authorization annotation? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 42
- 43. Authorization via CDI Interceptors Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 @IsAuthorized("hasRoles('Manager') && schedule.officeHrs") void transferFunds() ! @IsAuthorized("hasRoles('Manager') && hasAttribute('directReports', employee.id)") double getSalary(long employeeId); ! @IsAuthorized(ruleSourceName="java:app/payrollAuthRules", rule="report") void displayReport(); 43
- 44. New API to receive messages asynchronously Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JMS 2.1 • Alternative to EJB message-‐driven beans • Simpler JMS-‐specific annotations • Usable by any CDI bean • No need for MessageListener implementation 44
- 45. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JMS 2.1 JMS MDBs Today @MessageDriven(activationConfig = { @ActivationConfigProperty(propertyName="connectionFactoryLookup", propertyValue="jms/myCF"), @ActivationConfigProperty(propertyName="destinationLookup", propertyValue="jms/myQueue"), @ActivationConfigProperty(propertyName="destinationType", propertyValue="javax.jms.queue")}) ! public class MyMDB implements MessageListener { public void onMessage(Message message) { // extract message body String body = message.getBody(String.class)); // process message body } } 45
- 46. Allow any Java EE bean to be a listener Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JMS 2.1 @RequestScoped public class MyListenerBean { @JMSListener(destinationLookup="jms/myQueue") @Transactional public void myCallback(Message message) { ... } } 46
- 47. Candidates for Proposed Optional status Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Pruning Should we prune EJB 2.x remote and local client view (EJBObject, EJBLocalObject, EJBHome, and EJBLocalHome interfaces)? ! ! ! Should we prune CORBA, including support for interoperability by means of IIOP? 47
- 48. Modernize the Infrastructure For On-‐Premise and for in the Cloud Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Java EE Management 2.0 – REST-‐based APIs for Management and Deployment • Java EE Security 1.0 – Authorization – Password Aliasing – User Management – Role Mapping – Authentication – REST Authentication 48
- 49. Management and Deployment APIs Should we define new APIs to deploy and manage applications? ! ! ! Should such new Deployment and Management APIs be REST APIs or JMX APIs? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 49
- 50. Java EE Management 2.0 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Update to JSR 77 (“J2EE Management”) • REST-‐based interfaces to augment (or replace) current Management EJB APIs – Currently used OBJECT_NAME to become URL – Define CRUD operations over individual managed objects – Server-‐sent events used for event support • Simple deployment interfaces also to be considered as part of management API 50
- 51. Java EE Security 1.0 Candidate Areas to Enhance Portability, Flexibility, Ease-‐of-‐Use • Password Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Aliasing • User Management • Role Mapping • Authentication • REST Authentication • Authorization 51
- 52. Java EE Security 1.0 Enhance Portability, Flexibility, Ease-‐of-‐Use Should we add support for password aliases (including the ability to provision credentials along with the application)? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 52
- 53. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 Password Aliasing • Standardized syntax for password aliases – Avoids storing passwords in clear text in code, deployment descriptors, files • @DataSourceDefinition( name="java:app/MyDataSource", className="com.example.MyDataSource", ... user="duke", password="${ALIAS=dukePassword}") • Standardized secure credentials archive for bundling alias and password with App – Used by platform as credential store for resolving alias 53
- 54. Java EE Security 1.0 Enhance Portability, Flexibility, Ease-‐of-‐Use Should we standardize on requirements for simple security providers and their configuration? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 54
- 55. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 User Management • Allow application to manage its own users and groups –Without need to access server configuration • Users stored in application-‐specified repository (e.g., LDAP) • User service manipulates users from user source App LDAP UserInfo UserService LDAP UserSource 55
- 56. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 User Management • UserSourceDefinition • UserService – Create/delete users, create/delete groups, add user to group, load UserInfo by user name; etc… • UserInfo – get user name, password, get user’s roles, get user’s attributes, … 56
- 57. Java EE Security 1.0 User Management @LdapUserSourceDefinition( name="java:app/ldapUserSource", ldapUrl="ldap://someURL", ldapUser="ElDap", ldapPassword="${ALIAS=LdapPW}", ... ) public class MyAuthenticator { @Resource(lookup="java:app/ldapUserSource") private UserService userService; private boolean isAccountEnabled(String username) { return userService.loadUserByUsername(username).isEnabled(); } ... } Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 57
- 58. Java EE Security 1.0 Enhance Portability, Flexibility, Ease-‐of-‐Use Should we standardize group-‐to-‐role-‐mapping? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 58
- 59. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 Role Mapping • Standardize role service – Role mappings can be stored in app-‐specified repository (e.g., LDAP) – Application can assign roles to users and groups, based on application-‐specific model –Without need to access server configuration App LDAP RoleService LDAP RoleMapper 59
- 60. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 Role Mapping • RoleMapperDefinition – DataSource, Ldap, Memory/File, Custom, predefined • RoleService – grant/revoke roles for user/group, get roles for user/group, ... ! @Resource(lookup="java:app/devRoleMapper") RoleService roleService; List<String> getRoles(String username) { return roleService.getRolesForUser(username); } ... 60
- 61. Context and Dependency Injection 2.0 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Events – Asynchronous – Ordering – Range (war, ear, server, cluster) • Interceptors and Decorators enhancements • Parts – “CDI Light” • … 61
- 62. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 8 JSRs • Java EE 8 Platform • CDI 2.0 • JSON Binding 1.0 • JAX-‐RS 2.1 • MVC 1.0 • Java Servlet 4.0 • JSF 2.3 • JMS 2.1 • JSON-‐P 1.1 • Java EE Security 1.0 • Java EE Management 2.0 • … and more to follow … So far….. Coming soon ….. 62
- 63. Summary and Current Status • Tentative Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Delivery Schedule – Q3 2014: JSR 369 Expert Group formed – Q1 2015: early draft – Q3 2015: public review – Q4 2015: proposed final draft – Q3 2016: final release • Contribute! 63
- 64. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. How to Get Involved • Join an Expert Group project – http://javaee-‐spec.java.net • Adopt a JSR – http://glassfish.org/adoptajsr • The Aquarium – http://blogs.oracle.com/theaquarium • Java EE 8 Reference Implementation – http://glassfish.org 64
- 65. Thanks! Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 65
- 66. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 66