Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Hybrid Mobile Development 
with Apache Cordova and 
Java EE 7 
Ryan Cuprak, Dassault Systemès 
Michael Finocchiaro, Dassau...
Who wants to be the next AppStore 
billionaire?
Exponential Growth – particularly in China 
http://www.statista.com/topics/1416/smartphone-market-in-china/
Agenda 
• Demo Application 
• Mobile Overview 
• Tooling 
• Apache Cordova 
• Java EE 7 + Cordova 
• JQuery 
• Security 
•...
Demo Application 
Overview 
• Mobile 
• Apache Cordova 
• Infrastructure 
• Node.js 
• User interface 
• JQuery Mobile 
• ...
Demo Application 
Sailboat Racing 
Start/Finish
Demo Application 
Racing Overview 
• Committee boat sets the course and announces it. 
• Boats register via radio specifyi...
Demo Application 
Functional Requirements 
• Broadcast race course 
• Boat registration 
• Time check and start notificati...
Demo Application 
High Level Architecture 
Interface 
Application 
Entities 
Infrastructure 
Apache 
Cordova 
JAX-RS WebSo...
Demo Application 
HTML5 SPA 
Java EE 7 Server 
App 
Postgresql 
Database 
NOAA 
Weather/Tides 
HTML5 SPA 
HTML5 SPA
Demo Application 
Data Model
Available on GitHub 
https://github.com/rcuprak/n34sailor
Demo Application 
N34 Sailor
Demo Application 
What Java EE? 
• Resource management 
• Object pooling 
• Concurrency 
• Database connection 
• Transact...
Demo Application 
Why Java EE?
Mobile Overview
Mobile Platforms 
Status 2014 
• Dominated by Google’s Android and Apple’s iOS 
platforms. 
• Android’s US market share is...
Mobile Overview 
Development Models 
• Native App 
• Built for a specific platform 
• Downloadable app 
• Objective-C/Swif...
Mobile Overview 
Development Models… 
• Native App 
• Best user experience 
• Access all device/hardware capabilities 
• B...
Mobile Overview 
Native HTML5 Apps 
• Single Page Application (SPA) 
wrapped in Native application. 
• Native application ...
Mobile Overview 
Native HTML5 vs. Web Apps 
HTTP Session 
JSF/JSP/Facelets
Mobile Overview 
SPA – Single Page Application 
index.html 
<html><body> 
<div id=“page”> 
<a href=“menu.html”> 
Menu 
</a...
Mobile Overview 
Framework License 
jQuery Mobile 
http://jquerymobile.com 
MIT 
Sencha Touch 
http://sencha.com 
Commerci...
Mobile Overview 
Secha Architect
Mobile Overview 
Sencha Touch Setup & Cordova Integration 
Creating an initial application: 
• Download Sencha Touch (http...
Tooling
Tooling 
Overview 
• Tooling is very important: 
Cordova, Java EE, App Servers, Phones, Simulators 
Unit testing framework...
Tooling 
What do we need? 
• Platform SDK 
• Certificates to test on devices ($$) 
• Ant (ant.apache.org) 
• NodeJS (nodej...
Tooling 
Platform Tools and SDKs 
• iOS (xCode) 
Apple App Store – search for XCode 
• Android (Android Studio) 
https://d...
Tooling 
iOS Setup
Tooling 
NodeJS 
• Cross-platform runtime environment for server-side and 
networking applications. 
• Supported on MacOS ...
Tooling 
NodeJS
Tooling 
Apache Cordova 
• Installing Cordova: 
• Mac/Linux: sudo npm install –g cordova 
• Windows: npm install –g cordov...
Tooling 
NetBeans <-> Chrome Integration 
Install NetBeans Connector (chrome.google.com) 
NetBeans enables you to debug in...
Tooling 
Configure SDKs NetBeans 
This is why you need the Apple 
developer license in order to run 
on a physical device!
Tooling 
Creating Cordova Project 
• Cordova is an HTML Project 
• Start with Cordova Project 
• Start with HTML5 and add ...
Demo
Apache Cordova
Apache Cordova 
Overview 
• Originally named PhoneGap. 
• Mobile development framework 
• Development started in 2009. 
• ...
Apache Cordova 
Plugins 
Common Plugins 
Battery Status Geolocation 
Camera Globalization 
Contacts InAppBrowser 
Device M...
Apache Cordova 
Phone Quirks 
• HTML5 apps will not match platform UI exactly. 
• Not all hardware features are accessible...
Apache Cordova 
Project Creation in NetBeans
Apache Cordova 
Platform Specific Directories
Apache Cordova 
Index.html
Apache Cordova 
Index.js
Apache Cordova 
config.xml 
Danger!! – cross 
site script (XSS) 
exploit risk! 
Based on W3C Packaged Web Apps (Widgets) 
...
Apache Cordova 
White Listing 
• Default security policy allows access to ANY site. 
• Access should be restricted when go...
Run Target
Apache Cordova 
Plugin: Network Status
Apache Cordova 
Plugin: Device Information 
Don’t always believe what you see: 
• Simulators and actual phones return 
dif...
Apache Cordova 
Plugin: Network Type
Apache Cordova 
Development Best Practices 
• Start with HTML5 project in NetBeans without Cordova. 
• Test in Simulator b...
Apache Cordova 
Testing in Chrome != Testing on device 
Ouch! 
http://caniuse.com
Apache Cordova 
Enabling CORS: JAX-RS 2.0 Interceptor 
Chrome will now allow you to test your HTML5 app.
Apache Cordova 
Plugin: Camera 
• Capturing a picture is easy – can use AJAX to send the picture 
to a RESTful web service...
Apache Cordova 
Plugin: Camera
Apache Cordova 
Uploading Pictures via JAX-RS 2.0
Apache Cordova 
Handling Camera Picture Upload
Apache Cordova 
JAX-RS Configuration for Large Uploads 
JAX-RS needs additional configuration to handle file uploads. 
Con...
Apache Cordova 
Splash Screens
Java EE 7 & Apache Cordova
Java EE 7 + Cordova 
Overview 
What’s the connection between Java EE 7 & Cordova? 
• Cordova applications are Single Page ...
Java EE 7 + Cordova 
Device/Server Connectivity 
Java EE 7 
App Server 
REST 
Request/Response 
Web Sockets 
Bidirectional...
Java EE 7 + Cordova 
Device/Server Connectivity 
RESTful Web Services: 
• Client/server communication from mobile applicat...
Java EE 7 + Cordova 
Web Sockets 
• Introduced with HTML5. 
http://www.html5rocks.com/en/tutorials/websockets/basics/ 
• O...
Java EE 7 + Cordova 
Exchanging Data using JSON 
Data is exchanged using JSON (JavaScript Object Notation) 
• Two data str...
Java EE 7 + Cordova 
Java EE 7 Availability 
• Released June 12, 2013! 
• Supported containers: 
• GlassFish 4 - https://g...
Java EE 7 + Cordova 
Technology Layers 
EJB 3 
Mobile Device (running Cordova) 
Servlet 
CDI 
JAX-RS 
JPA 
Bean Validation...
Java EE 7 + Cordova 
Relating Java EE 7 to Mobile 
Mobile Device (running Cordova) 
JAX-RS 
Java API for 
JSON 
Java API f...
Java EE 7 + Cordova 
Connectivity Technologies 
• RESTful web services. 
• Requests performed using HTTP Methods: 
GET/DEL...
Java EE 7 + Cordova 
REST 
• JAX-RS 2.0 is the REST development API for Java 
• Major upgrade with Java EE 7. (JSR-339) 
•...
Java EE 7 + Cordova 
REST Example with JAX-RS 
HTTP POST to http://<server>/n34/race/join/<id>/<class>
Java EE 7 + Cordova 
REST Parameter Annotations 
• Six types of parameters that can be extracted: 
• Query Parameters - @D...
Java EE 7 + Cordova 
REST in Cordova App + JQuery
Java EE 7 + Cordova 
JSON to POJOs 
• JAX-RS uses JAXB for JSON <-> POJO conversion** 
• JAX-RS integrates with Bean Valid...
Java EE 7 + Cordova 
Bean Validation Annotations 
Constraint Constraint 
@AssertFalse @Min 
@AssertTrue @NotNull 
@Decimal...
Custom Validation
Java EE 7 + Cordova 
JAX-RS Gotchas 
Be careful when returning POJOs! 
Oops! 
Use either: 
• DTO – Data Transfer Object 
•...
Java EE 7 + Cordova 
Compressing JSON Responses
Java EE 7 + Cordova 
Web Sockets 
Java API for WebSockets 
• High level declarative API for WebSocket 
• API similar to Ja...
Java EE 7 + Cordova 
Web Sockets – Annotated Endpoint
Java EE 7 + Cordova 
Web Sockets: onMessage Parameters 
Type Parameter Type Partial Message Notes 
Text String No 
Text in...
Java EE 7 + Cordova 
Web Socket in JavaScript 
Creating WebSocket in JavaScript:
Java EE 7 + Cordova 
Sending JSON via WebSockets
Java EE 7 + Cordova 
Server Load: Web Sockets vs. REST 
Java EE 7 Server 
Java EE 7 Server 
REST 
WebSockets
Java EE 7 + Cordova 
HTTP Handshake 
HTTP Handshake Request
Java EE 7 + Cordova 
HTTP Handshake Response 
HTTP Handshake Response
Java EE 7 + Cordova 
Two Types of Web Socket Endpoints 
• Programmatic (powerful) 
• Life-cycle and message handling can b...
Java EE 7 + Cordova 
Web Sockets: Session 
• javax.websocket.Session most important object. 
• Represents the connection t...
Java EE 7 + Cordova 
Web Sockets: RemoteEndpoint 
• RemoteEndpoint instance retrieved from the Session: 
• public RemoteEn...
Java EE 7 + Cordova 
Web Sockets: Message Handler 
• MessageHandler used for programmatic endpoints. 
• Two types of messa...
Java EE 7 + Cordova 
Web Sockets: Programmatic Endpoint
Java EE 7 + Cordova 
Web Sockets: Annotated Endpoint 
Synchronously sends a message back to the client.
Java EE 7 + Cordova 
Java API for JSON 
• Defined in JSR 353 – required for Java EE 7 
• Provides ability to parse, transf...
Java EE 7 + Cordova 
Java API for JSON 
• WebSocket connection processes many types of messages. 
AbstractMessage 
ChatMes...
Java EE 7 + Cordova 
Java API for JSON 
Decoders/encoders 
Message Object
Java EE 7 + Cordova 
Encoding JSON
Java EE 7 + Cordova 
Decoding JSON
Java EE 7 + Cordova 
Decoding JSON 
• WebSocket implementation will check with each decoder until 
it finds one that can d...
Java EE 7 + Cordova 
Web Sockets and Java EE 
• WebSockets can be Singleton Bean or a Stateful Session Bean. 
• With State...
Java EE 7 + Cordova 
Web Sockets (generically) 
• No compression supported by default! 
• Binary data is transmitted using...
JQueryMobile
JQueryMobile 
Overview 
• JavaScript framework is 
needed for mobile 
development. 
• Mobile UIs are different. 
• Touch b...
JQueryMobile 
Configuration 
• Use NetBeans to install JQuery and JQuery Mobile. 
• Don’t use CDN – all content must be pa...
JQueryMobile 
Quick Introduction
JQueryMobile 
Navigation 
• Changing to another page: 
• Processing a page before rendering:
Security
Security 
Overview 
• Apache Cordova App != Webapp 
• No HTTP session 
• Different usage pattern 
• Apache Cordova App con...
Security 
User Interaction Timeline 
Cordova App Java EE Server 
Retrieve account info 
Retrieve race info 
Join race 
Upd...
Security 
Java EE Security 
Goal is to use Java EE security on the server side: 
JAX-RS 
Endpoint 
EJBs 
(roles)
Security 
Typical Java EE Configuration 
Won’t Work!
Security 
Basic Authentication
Security 
Token Authentication/Authorization 
• Token based security (generated UUID) 
• User authenticates once using use...
Security 
Token Verification via Filter 
Bad idea!
Security 
Token Verification via Filter 
Drawbacks: 
• Authentication performed on each request 
• Client must cache crede...
Security 
Server Authentication Module 
• JASPIC puzzle pieces 
• ServletContextListener – initial registration of AuthCon...
Security 
JASPIC Pieces
Security 
JASPIC Pieces 
Produced by the AuthConfigProviderImpl 
This then produces…
Security 
JASPIC Pieces 
Almost to the module that 
does the work!
Security 
JASPIC Pieces 
ServerAuthModule Implementation 
What is this code doing? 
1) Specifying we are interested in HTT...
Security 
JASPIC Pieces 
WebSocket Handling 
Setup Principals…
Security 
Authorize Bean 
Token is cached!
Security 
Authentication Process 
JAX-RS 
Endpoint 
AuthorizeBea 
n EJB 
Auth 
Module 
Race EJB 
/join/race 
Check token 
...
Testing
Testing 
Overview 
• Testing must be done on both JavaScript and Java EE code. 
• Use Arquillian to test Java EE code 
• R...
Testing 
Karma & Jasmine 
• Install Karma 
npm install karma 
• Install launcher (Karma) and unit test framework (Jasmine)...
Deployment
Summary 
App Store Distribution 
Store Owner Platform Cost 
AppStore Apple iOS $99/year 
Android Market Google Android $20...
Summary 
Best Practices 
• REST vs. WebSocket 
• REST for the most part, WebSocket only for full-duplex, 
bidirectional 
•...
Summary 
• Apache Cordova/PhoneGap provide true standards 
based cross-platform mobile development. 
• Java EE 7 fundament...
Summary 
Resources 
• Java EE 
• http://oracle.com/javaee 
• Java EE Tutorial 
• http://docs.oracle.com/javaee/7/tutorial/...
Summary 
References 
• Email contact: 
• Michael.FINOCCHIARO@gmail.com 
• rcuprak@gmail.com 
• Twitter: @ctjava 
• Other S...
Upcoming SlideShare
Loading in …5
×

Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)

13,500 views

Published on

Java EE 7 provides a strong foundation for developing the back end for your HTML5 mobile applications. This heavily code-driven session shows you how you can effectively utilize Java EE 7 as a back end for your Apache Cordova mobile applications. The session demonstrates Java EE 7 technologies such as JAX-RS 2.0, WebSocket, JSON-P, CDI, and Bean Validation. It provides an overview of the basics of Apache Cordova as well as the tooling support added in NetBeans 8. The session also demonstrates an integrated approach to rapidly developing HTML5 mobile applications with Java EE 7 and NetBeans and concludes with best practices and pitfalls.

Published in: Technology
  • Be the first to comment

Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)

  1. 1. Hybrid Mobile Development with Apache Cordova and Java EE 7 Ryan Cuprak, Dassault Systemès Michael Finocchiaro, Dassault Systemès
  2. 2. Who wants to be the next AppStore billionaire?
  3. 3. Exponential Growth – particularly in China http://www.statista.com/topics/1416/smartphone-market-in-china/
  4. 4. Agenda • Demo Application • Mobile Overview • Tooling • Apache Cordova • Java EE 7 + Cordova • JQuery • Security • Testing • Deployment • Summary • Q&A https://github.com/rcuprak/n34sailor Both designed and engineered using Dassault Systèmes CATIA software!
  5. 5. Demo Application Overview • Mobile • Apache Cordova • Infrastructure • Node.js • User interface • JQuery Mobile • Android dev tools • iOS dev tools
  6. 6. Demo Application Sailboat Racing Start/Finish
  7. 7. Demo Application Racing Overview • Committee boat sets the course and announces it. • Boats register via radio specifying their class. • Start sequence for class: • Warning horn is sounded • Start horn is sounded (boats cross start line) • Start sequence repeated for next class. • Committee boat monitors progress and weather. • Race course altered if wind dies or conditions deteriorate. • Finish time for each boat is registered at the end of the race • Final results are calculated – boats have ratings which allows different boats to be compared.
  8. 8. Demo Application Functional Requirements • Broadcast race course • Boat registration • Time check and start notification • Boat tracking • Race announcements • Results • Weather information
  9. 9. Demo Application High Level Architecture Interface Application Entities Infrastructure Apache Cordova JAX-RS WebSocket EJB JPA Entities JMS CDI
  10. 10. Demo Application HTML5 SPA Java EE 7 Server App Postgresql Database NOAA Weather/Tides HTML5 SPA HTML5 SPA
  11. 11. Demo Application Data Model
  12. 12. Available on GitHub https://github.com/rcuprak/n34sailor
  13. 13. Demo Application N34 Sailor
  14. 14. Demo Application What Java EE? • Resource management • Object pooling • Concurrency • Database connection • Transactions • Security • Scalability • Architecture • Rich feature set
  15. 15. Demo Application Why Java EE?
  16. 16. Mobile Overview
  17. 17. Mobile Platforms Status 2014 • Dominated by Google’s Android and Apple’s iOS platforms. • Android’s US market share is about 52% against iOS’s 42% • Windows Phone is at a distance 3rd place with about 4% share. • Globally, Android’s market share is even higher.
  18. 18. Mobile Overview Development Models • Native App • Built for a specific platform • Downloadable app • Objective-C/Swift/xCode, Java/Android Studio etc. • Mobile Web App • Service side apps that run in the device’s web browser • HTML 5, CSS3, JavaScript • jQuery Mobile, Sencha Touch • Responsive and Adaptive Web Designs • Hybrid App • Developed mostly using Mobile Web App technologies, but are executed like a native app in a native (wrapper) container • Apache Cordova (PhoneGap), ADF Mobile, IBM Worklight, AeroGear, Appcelerator
  19. 19. Mobile Overview Development Models… • Native App • Best user experience • Access all device/hardware capabilities • But, development/maintenance will have to be done for every target mobile platform • Mobile Web App • Target multiple platforms from a singe code base • Low barrier to entry – low learning curve, nothing to download for users • But, native development may still be needed and performance may also suffer slightly • Hard to access – user must browse to the ‘site’ • Native HTML5 Apps • Target multiple platforms from a single code base. • Requires development tools for each platform. • Access to device features but with limitations.
  20. 20. Mobile Overview Native HTML5 Apps • Single Page Application (SPA) wrapped in Native application. • Native application displays a WebView – embedded browser. • Logic: • JavaScript • JavaScript platform extensions • UI • HTML5 markup • SVG • Canvas • WebGL • All assets are bundled with the application.
  21. 21. Mobile Overview Native HTML5 vs. Web Apps HTTP Session JSF/JSP/Facelets
  22. 22. Mobile Overview SPA – Single Page Application index.html <html><body> <div id=“page”> <a href=“menu.html”> Menu </a> </div> </body></html> menu.html <html><body> <div id=“page”> <a href=“info.html”> Info </a> </div> </body></html> <a href=“info.html”> Info </a> info.html <html><body> <Info div id=“page”> Info </div> </body></html>
  23. 23. Mobile Overview Framework License jQuery Mobile http://jquerymobile.com MIT Sencha Touch http://sencha.com Commercial(Free) & Open Source (GPLv3) Intel App Framework http://app-framework-software.intel.com MIT Ionic http://ionicframework.com MIT M-Project http://www.the-m-project.org MIT Kendo UI http://www.telerik.com Commercial Twitter Bootstrap 3 http://getbootstrap.com MIT Mobile Frameworks
  24. 24. Mobile Overview Secha Architect
  25. 25. Mobile Overview Sencha Touch Setup & Cordova Integration Creating an initial application: • Download Sencha Touch (http://www.sencha.com) Creating initial app structure • sencha -sdk <sdk path> generate app TestApp TestApp • sencha cordova init • sencha --debug app build -run native NetBeans will have trouble with Sencha files.
  26. 26. Tooling
  27. 27. Tooling Overview • Tooling is very important: Cordova, Java EE, App Servers, Phones, Simulators Unit testing frameworks, build systems, etc. • NetBeans has integrated support: • Java EE 7 • Project templates, Servers, Debugging, Profiling • Apache Cordova • Uses Cordova installation • Platform independent – Android and/or iOS support / WebBrowser • JavaScript libraries and unit testing • Grunt build support
  28. 28. Tooling What do we need? • Platform SDK • Certificates to test on devices ($$) • Ant (ant.apache.org) • NodeJS (nodejs.org) • Install Apache Cordova (cordova.apache.org) • Chrome • Java 8 (java.oracle.com) • NetBeans 8.0.1 (netbeans.org) What might we want to install? Maven (maven.apache.org) • Karma (karma-runner.github.io) • Jasmine (jasmine.github.io) • Grunt (gruntjs.com)
  29. 29. Tooling Platform Tools and SDKs • iOS (xCode) Apple App Store – search for XCode • Android (Android Studio) https://developer.android.com/tools/index.html • Windows Phone http://dev.windows.com/en-us/develop/downloads • Tizen https://developer.tizen.org/downloads/tizen-sdk • BlackBerry http://developer.blackberry.com Note: NetBeans has integration with Android/iOS tooling. Thanks to PhoneGap, we can also build in the cloud!
  30. 30. Tooling iOS Setup
  31. 31. Tooling NodeJS • Cross-platform runtime environment for server-side and networking applications. • Supported on MacOS X, Windows, and Linux. • Runs on top of Google V8 JavaScript engine • JavaScript compiled to machine code via JIT. • npm – package manager pre-installed with Node.js. • Installs packages from the npm registry. https://www.npmjs.org • Used for Apache Cordova, Karma, Mocha, etc. • Download from http://nodejs.org. Only hijacking the package manager - npm
  32. 32. Tooling NodeJS
  33. 33. Tooling Apache Cordova • Installing Cordova: • Mac/Linux: sudo npm install –g cordova • Windows: npm install –g cordova • Adding Platforms: • cordova platform add ios • cordova platform add amazon-fireos • cordova platform add android • cordova platform add blackberry10 • cordova platform add firefoxos • Creating a project (without NetBeans) • cordova create hello com.example.hello HelloWorld
  34. 34. Tooling NetBeans <-> Chrome Integration Install NetBeans Connector (chrome.google.com) NetBeans enables you to debug in Chrome
  35. 35. Tooling Configure SDKs NetBeans This is why you need the Apple developer license in order to run on a physical device!
  36. 36. Tooling Creating Cordova Project • Cordova is an HTML Project • Start with Cordova Project • Start with HTML5 and add Cordova
  37. 37. Demo
  38. 38. Apache Cordova
  39. 39. Apache Cordova Overview • Originally named PhoneGap. • Mobile development framework • Development started in 2009. • Wraps HTML5 applications in a native wrapper. • Purchased by Adobe in 2011. • Code donated to Apache as Apache Cordova. • PhoneGap built on Cordova • Adobe provides cloud build system for PhoneGap.
  40. 40. Apache Cordova Plugins Common Plugins Battery Status Geolocation Camera Globalization Contacts InAppBrowser Device Media Device Motion Media Capture Device Orientation Network Information Dialogs Splashscreen File System Vibrate File Transfer Supports custom plugins!
  41. 41. Apache Cordova Phone Quirks • HTML5 apps will not match platform UI exactly. • Not all hardware features are accessible. • Each platform has its quirks: • iOS network information is Cellular or Ethernet. • iOS fires network available after application startup. • Windows 7 phone emulator reports network connection Unknown. • Device UID on iOS is app specific (to block tracking) • Camera unavailable in iOS simulator • Altitude accuracy not supported on Android • Windows phone doesn’t provide battery level information
  42. 42. Apache Cordova Project Creation in NetBeans
  43. 43. Apache Cordova Platform Specific Directories
  44. 44. Apache Cordova Index.html
  45. 45. Apache Cordova Index.js
  46. 46. Apache Cordova config.xml Danger!! – cross site script (XSS) exploit risk! Based on W3C Packaged Web Apps (Widgets) http://www.w3.org/TR/widgets/
  47. 47. Apache Cordova White Listing • Default security policy allows access to ANY site. • Access should be restricted when going to production. • Whitelist is configured in config.xml. • NetBeans: config.xml found on Files tab. • Examples: 1. <access origin=“http://google.com”/> 2. <access origin=“https://google.com”/> 3. <access origin=“https://maps.google.com”/> 4. <access origin=“https://*.google.com”/> 5. <access origin=“*”/> • Whitelisting can vary by platform: • iOS: <access origin=“*.google.*”> • BlackBerry 10: <preference name=“websecurity” value=“disable”/>
  48. 48. Run Target
  49. 49. Apache Cordova Plugin: Network Status
  50. 50. Apache Cordova Plugin: Device Information Don’t always believe what you see: • Simulators and actual phones return different values. • You should probably test both ARM and Intel-based phones!
  51. 51. Apache Cordova Plugin: Network Type
  52. 52. Apache Cordova Development Best Practices • Start with HTML5 project in NetBeans without Cordova. • Test in Simulator browser(s). • Profile code using Chrome Profiler • Test with Chrome: • Chrome will refuse to invoke WebSocket and RESTful web services on the Java EE app. (CORS) • Cordova automatically allows cross site scripting! • To enable testing in Chrome, DO NOT DISABLE Chrome’s security settings!
  53. 53. Apache Cordova Testing in Chrome != Testing on device Ouch! http://caniuse.com
  54. 54. Apache Cordova Enabling CORS: JAX-RS 2.0 Interceptor Chrome will now allow you to test your HTML5 app.
  55. 55. Apache Cordova Plugin: Camera • Capturing a picture is easy – can use AJAX to send the picture to a RESTful web service. • Picture is transmitted as Base64 and must be decoded. • Java 8 included Base64 decode support. • Requires special JAX-RS configuration to receive the multi-part MIME request.
  56. 56. Apache Cordova Plugin: Camera
  57. 57. Apache Cordova Uploading Pictures via JAX-RS 2.0
  58. 58. Apache Cordova Handling Camera Picture Upload
  59. 59. Apache Cordova JAX-RS Configuration for Large Uploads JAX-RS needs additional configuration to handle file uploads. Configuration specified in web.xml.
  60. 60. Apache Cordova Splash Screens
  61. 61. Java EE 7 & Apache Cordova
  62. 62. Java EE 7 + Cordova Overview What’s the connection between Java EE 7 & Cordova? • Cordova applications are Single Page Apps. • JavaScript/HTML5 embedded in the application. • No JSF/GWT/Struts/JSPs/Facelets/JSTL/etc. • No HTTP Session • No network connection might exist? Answer: • Java EE 7 provides data and backend infrastructure. • Talks to the database • Coordinates application processes
  63. 63. Java EE 7 + Cordova Device/Server Connectivity Java EE 7 App Server REST Request/Response Web Sockets Bidirectional Restful Web Service Web Socket Endpoint JavaScript/HTML5
  64. 64. Java EE 7 + Cordova Device/Server Connectivity RESTful Web Services: • Client/server communication from mobile applications commonly happens over HTTP, more often using REST style services • Stateless, lightweight, scalable • Typically JSON over HTTP/HTTPS. • XML occasionally used. • Client initiates the request. • Commonly supported HTTP verbs include GET, POST, PUT, and DELETE • Uses existing web technologies and security standards • Fully supported by Java EE 6 & 7.
  65. 65. Java EE 7 + Cordova Web Sockets • Introduced with HTML5. http://www.html5rocks.com/en/tutorials/websockets/basics/ • Offers true bi-directional (full-duplex) communication over a single TCP connection. • Initial hand-shake over HTTP, but subsequent conversations over Web Sockets (connection upgraded). • Supports asynchronous, extremely low-lag communication • Perfect for applications like chat and games • Uses existing web technologies and security standards • Transmits Text or binary data • Text is transmitted as Unicode. • URL prefix ws: or wss:
  66. 66. Java EE 7 + Cordova Exchanging Data using JSON Data is exchanged using JSON (JavaScript Object Notation) • Two data structures: objects and arrays • Types: String, number, object, array, true, false, null. • Extremely compact and simple to exchange
  67. 67. Java EE 7 + Cordova Java EE 7 Availability • Released June 12, 2013! • Supported containers: • GlassFish 4 - https://glassfish.java.net/ • Wildfly 8 - http://wildfly.org (Jboss) • More coming soon… • Major features: • WebSockets • JSON API Processing • Concurrency Utilities • Batching • JAX-RS 2.0 • JASPIC
  68. 68. Java EE 7 + Cordova Technology Layers EJB 3 Mobile Device (running Cordova) Servlet CDI JAX-RS JPA Bean Validation Java API for WebSocket Java API for JSON JMS JTA JAXB JCA
  69. 69. Java EE 7 + Cordova Relating Java EE 7 to Mobile Mobile Device (running Cordova) JAX-RS Java API for JSON Java API for WebSocket JAXB POJO <-> JSON
  70. 70. Java EE 7 + Cordova Connectivity Technologies • RESTful web services. • Requests performed using HTTP Methods: GET/DELETE/POST/PUT/HEAD/Options • Client initiates the connection. • Server responds and connection is closed. • Web Sockets • Client initiates the connection. • Both client and server can send data simultaneously. • Client (phone) initiates the connection. Both sides can simultaneously send messages. JAX-RS 2.0 Java API for WebSocket
  71. 71. Java EE 7 + Cordova REST • JAX-RS 2.0 is the REST development API for Java • Major upgrade with Java EE 7. (JSR-339) • Client API, Aysnc, Validation, Filters/Handlers, Interceptors, and Content Negotiation. • Server and client • Integrates with JAXB and Bean Validation • Annotation based, declarative • @Path, @GET, @POST, @PUT, @DELETE, • Pluggable and extensible.
  72. 72. Java EE 7 + Cordova REST Example with JAX-RS HTTP POST to http://<server>/n34/race/join/<id>/<class>
  73. 73. Java EE 7 + Cordova REST Parameter Annotations • Six types of parameters that can be extracted: • Query Parameters - @DefaultValue(“”) @QueryParam(“”) • URI Path Parameters - @ParmParam • Form Parameters -@FormParam • Requires @Post @Consumes("application/x-www-form-urlencoded") • Cookie Parameters - @CookieParam • Header Parameters -@HeaderParam • Matrix Parameters - @MatrixParam
  74. 74. Java EE 7 + Cordova REST in Cordova App + JQuery
  75. 75. Java EE 7 + Cordova JSON to POJOs • JAX-RS uses JAXB for JSON <-> POJO conversion** • JAX-RS integrates with Bean Validation (JSR 349) to validate Java objects (optionally) • Steps: • JAXB converts JSON to POJOs • Beans Validation checks POJOs • JAX-RS method invoked with POJO
  76. 76. Java EE 7 + Cordova Bean Validation Annotations Constraint Constraint @AssertFalse @Min @AssertTrue @NotNull @DecimalMax @Null @DecimalMin @Past @Digits @Pattern @Future @Size @Max
  77. 77. Custom Validation
  78. 78. Java EE 7 + Cordova JAX-RS Gotchas Be careful when returning POJOs! Oops! Use either: • DTO – Data Transfer Object • @XmlTransient
  79. 79. Java EE 7 + Cordova Compressing JSON Responses
  80. 80. Java EE 7 + Cordova Web Sockets Java API for WebSockets • High level declarative API for WebSocket • API similar to JavaScript WebSocket API • Both client and server-side • Important pieces: • Annotations for annotated endpoints: @ServerEndpoint, @OnOpen, @OnClose, @OnMessage, @OnError • Session object – used to send messages. • RemoteEndpoint object – used to sent messages to a client • MessageHandler – interface used by programmatic endpoints. • Pluggable and extensible • Encoders, decoders, sub-protocols
  81. 81. Java EE 7 + Cordova Web Sockets – Annotated Endpoint
  82. 82. Java EE 7 + Cordova Web Sockets: onMessage Parameters Type Parameter Type Partial Message Notes Text String No Text int,long,float,etc. No Text String, boolean Yes True finished Text Custom Object No Decoder.Text Binary byte[] No Binary Byte[],boolean Yes True finished Binary ByteBuffer No Binary ByteBuffer,boolean Yes True finished Binary InputStream Yes Binary Custom Object No Decoder.Binary Pong PongMessage No
  83. 83. Java EE 7 + Cordova Web Socket in JavaScript Creating WebSocket in JavaScript:
  84. 84. Java EE 7 + Cordova Sending JSON via WebSockets
  85. 85. Java EE 7 + Cordova Server Load: Web Sockets vs. REST Java EE 7 Server Java EE 7 Server REST WebSockets
  86. 86. Java EE 7 + Cordova HTTP Handshake HTTP Handshake Request
  87. 87. Java EE 7 + Cordova HTTP Handshake Response HTTP Handshake Response
  88. 88. Java EE 7 + Cordova Two Types of Web Socket Endpoints • Programmatic (powerful) • Life-cycle and message handling can be implemented as separate classes. • Same message handler can be used for multiple clients. • Annotated (easy) • Configured using annotations. • Any POJO can be an endpoint. • Endpoint and message handler are combined.
  89. 89. Java EE 7 + Cordova Web Sockets: Session • javax.websocket.Session most important object. • Represents the connection to the client. • Nearest you will come to the “raw” socket connection. • Provides key methods for: • Sending messages back to the client • Closing the connection • Storing state • Obtaining information about the connection • Acquiring the principal • Retrieving a list of all connections to a client • Retrieving unique identifier representing the session • Acquire in onOpen or onMessage methods
  90. 90. Java EE 7 + Cordova Web Sockets: RemoteEndpoint • RemoteEndpoint instance retrieved from the Session: • public RemoteEndpoint.Async getAsyncRemote() • public RemoteEndpoint.Basic getBasicRemote() • Methods on the RemoteEndpoint.Basic:
  91. 91. Java EE 7 + Cordova Web Sockets: Message Handler • MessageHandler used for programmatic endpoints. • Two types of messages – Partial or Whole.
  92. 92. Java EE 7 + Cordova Web Sockets: Programmatic Endpoint
  93. 93. Java EE 7 + Cordova Web Sockets: Annotated Endpoint Synchronously sends a message back to the client.
  94. 94. Java EE 7 + Cordova Java API for JSON • Defined in JSR 353 – required for Java EE 7 • Provides ability to parse, transform, and query JSON. • Used to create or read JSON. • Does NOT perform JSON <-> Object mapping • Useful for hand-coding JSON for JavaScript. • Can be used with JAX-RS instead of auto-JAXB JSON production • APIs: • Object Model API (like DOM) • Streaming API (like SAX)
  95. 95. Java EE 7 + Cordova Java API for JSON • WebSocket connection processes many types of messages. AbstractMessage ChatMessage TrackingMessage RaceMessage
  96. 96. Java EE 7 + Cordova Java API for JSON Decoders/encoders Message Object
  97. 97. Java EE 7 + Cordova Encoding JSON
  98. 98. Java EE 7 + Cordova Decoding JSON
  99. 99. Java EE 7 + Cordova Decoding JSON • WebSocket implementation will check with each decoder until it finds one that can decode the message. • Minimize parsing in the willDecode or cache for the decode method. • Exceptions processing messages can wreak havoc.
  100. 100. Java EE 7 + Cordova Web Sockets and Java EE • WebSockets can be Singleton Bean or a Stateful Session Bean. • With Stateful Session Bean you can use extended persistence context! @PersistenceContext(type=PersistenceContextType.EXTENDED) private EntityManager em; • Annotate OnClose/OnError with @Remove to release the stateful bean. • Limitations with stateful beans: • Cannot receive CDI events. • WebSocket Session can be accessed from other threads to send messages to the client.
  101. 101. Java EE 7 + Cordova Web Sockets (generically) • No compression supported by default! • Binary data is transmitted using Base64 encoded. • Don’t use WebSockets on the main login/landing page. • ws: can be sniffed as easily and packets injected. • Each message can take upwards of 2kb header – much smaller than issuing a RESTful service call. • WebSocket connection limit is different than the HTTP connection limit. • User can open an unlimited number of connections to a single server.
  102. 102. JQueryMobile
  103. 103. JQueryMobile Overview • JavaScript framework is needed for mobile development. • Mobile UIs are different. • Touch based • Certain UI conventions. • JQuery Mobile • Optimized for mobile devices • Themeable • 12 Kb compressed • Accessibility support • JQuery Mobile requires JQuery
  104. 104. JQueryMobile Configuration • Use NetBeans to install JQuery and JQuery Mobile. • Don’t use CDN – all content must be packaged with the application.
  105. 105. JQueryMobile Quick Introduction
  106. 106. JQueryMobile Navigation • Changing to another page: • Processing a page before rendering:
  107. 107. Security
  108. 108. Security Overview • Apache Cordova App != Webapp • No HTTP session • Different usage pattern • Apache Cordova App consumes Java EE services • Users do not expect to authenticate on each launch • Do you log into email? • Password should never be stored • Phones are lost/stolen regularly • Obscurity isn’t security • Many users re-use password
  109. 109. Security User Interaction Timeline Cordova App Java EE Server Retrieve account info Retrieve race info Join race Update account info View results 10 sec 25 min User quits and motors out of harbor Checks email User goes racing… 2 hours 3 hours Celebratory beer
  110. 110. Security Java EE Security Goal is to use Java EE security on the server side: JAX-RS Endpoint EJBs (roles)
  111. 111. Security Typical Java EE Configuration Won’t Work!
  112. 112. Security Basic Authentication
  113. 113. Security Token Authentication/Authorization • Token based security (generated UUID) • User authenticates once using username/password • HTTP authentication performed using POST • Server generates a token (UUID) which client stores • Client submits token with each request (HTTP Header) • If token isn’t valid, user is forced to re-authenticate • Token authentication is performed before web service invocation. • Remember: • Servers can log HTTP requests – don’t include token in URL.
  114. 114. Security Token Verification via Filter Bad idea!
  115. 115. Security Token Verification via Filter Drawbacks: • Authentication performed on each request • Client must cache credentials and resubmit each time • Container repeatedly checks the database Alternate approach – authentication module (JASPIC) • Java Authentication API for Containers • Developed under JSR 196 • Operates on messages (think web requests) • Standardizes the authentication module development • Authentication ultimately performed via ServerAuthModule.
  116. 116. Security Server Authentication Module • JASPIC puzzle pieces • ServletContextListener – initial registration of AuthConfigProvider • AuthConfigProvider • ServerAuthConfig • ServerAuthContext • ServerAuthModule  does the actual authentication work
  117. 117. Security JASPIC Pieces
  118. 118. Security JASPIC Pieces Produced by the AuthConfigProviderImpl This then produces…
  119. 119. Security JASPIC Pieces Almost to the module that does the work!
  120. 120. Security JASPIC Pieces ServerAuthModule Implementation What is this code doing? 1) Specifying we are interested in HTTP messages 2) Looking up our own EJB that performs authentication
  121. 121. Security JASPIC Pieces WebSocket Handling Setup Principals…
  122. 122. Security Authorize Bean Token is cached!
  123. 123. Security Authentication Process JAX-RS Endpoint AuthorizeBea n EJB Auth Module Race EJB /join/race Check token Invoke Service join Java EE Security
  124. 124. Testing
  125. 125. Testing Overview • Testing must be done on both JavaScript and Java EE code. • Use Arquillian to test Java EE code • Runs the container and unit tests within the container • Use JAX-RS and WebSocket client libraries to test • Use JavaScript testing framework (many) to test APIs. • Use Karma to start web server. http://karma-runner.github.io • Use Jasmine to actually implement unit tests http://jasmine.github.io
  126. 126. Testing Karma & Jasmine • Install Karma npm install karma • Install launcher (Karma) and unit test framework (Jasmine): • npm install karma-chrome-launcher --save-dev • npm install karma-jasmine --save-dev • Configure NetBeans to use Karma • Specify Karma installation directory (in project) • Create Karma configuration file • Write tests
  127. 127. Deployment
  128. 128. Summary App Store Distribution Store Owner Platform Cost AppStore Apple iOS $99/year Android Market Google Android $20 AppWorld RIM BlackBerry BlackBerry Free Amazon AppStore Amazon Android $99/year Marketplace Microsoft Windows $99/year
  129. 129. Summary Best Practices • REST vs. WebSocket • REST for the most part, WebSocket only for full-duplex, bidirectional • REST • Requests should be granular – not fine grained • JSON vs. XML • JSON hands down • Binary data an option. • Storing state • Mostly on the client, synchronize/persist on the server • API design • Versioning! • Coarse grained, stateless, general purpose • Security • TLS, federated (OAuth), avoid sensitive data on client
  130. 130. Summary • Apache Cordova/PhoneGap provide true standards based cross-platform mobile development. • Java EE 7 fundamentally simplifies backend mobile development. • Java EE well positioned as a mobile backend, especially with JAX-RS and the Java API for WebSocket • You can use our demo code as a starting point • There are some best practices to be aware of • Most importantly, have fun!
  131. 131. Summary Resources • Java EE • http://oracle.com/javaee • Java EE Tutorial • http://docs.oracle.com/javaee/7/tutorial/doc/home.htm • Cordova / NetBeans Tutorial • https://netbeans.org/kb/docs/webclient/cordova-gettingstarted. html • Java EE 7 Containers • GlassFish 4 (https://glassfish.java.net/) • WildFly 8 (http://www.wildfly.org/) aka JBoss • Reference Implementation • http://glassfish.org • http://java.net/projects/tyrus • http://jersey.java.net
  132. 132. Summary References • Email contact: • Michael.FINOCCHIARO@gmail.com • rcuprak@gmail.com • Twitter: @ctjava • Other Session: • JavaFX Versus HTML5 - CON3258 9/30/14 (Tuesday) 5:30 PM - Hilton - Plaza A • 50 EJB 3 Best Practices in 50 Minutes - CON1947 • Books:

×