Date post: | 01-Nov-2014 |
Category: |
Technology |
Upload: | aamir97 |
View: | 10 times |
Download: | 5 times |
1
J2EETM Platform Architecture
2
Sang [email protected]
www.javapassion.com/j2ee
Technology EvangelistSun Microsystems, Inc.
3
Courses I teach? XML (2001)? Distributed programming using JiniTM and
JavaSpacesT M technology (2002)? Web services programming using XML and JavaTM
technology (2002)? J2EETM programming with Passion! (It is free!)
www.javapassion.com/j2ee? Advanced J2EE programming with Passion! (It is
free!)
www.javapassion.com/j2eeadvanced4
Agenda ? What is J2EE? ? History of Distributed Computing ? Evolution of Enterprise Application
Development Frameworks ? J2EE APIs and Technologies
– Servlet, JSP, EJB, Connector, J2EE Security? RI, Compatibility Test Suite (CTS)? J2EE and Web Services? How to get started with J2EE programming? Web application framework
12/12/2003
5
What is J2EE?
6
ChallengesPortabilityDiverse EnvironmentsTime-to-marketCore CompetenceAssemblyIntegration
Key Technologie
s
J2SE™
J2EE™
JMS
Servlet
JSPConnector
XML
Data BindingXSLT
Products
App Servers
Web Servers
Components Databases
Object to DB tools
LegacySystems
DatabasesTP Monitors
EIS Systems
Enterprise Computing
7
What Is the J2EE?
l Open and standard based platform forl developing, deploying and managing l n-tier, Web-enabled, server-centric, and
component-based enterprise applications
8
The Java™ 2 Platform
High-EndServer
Java TechnologyEnabled Desktop
WorkgroupServer
Java TechnologyEnabled Devices
12/12/2003
9
The JavaTM 2 Platform
OptionalPackages
Java 2Enterprise
Edition(J2EE)
Java 2StandardEdition(J2SE)
JVM
Java Card APIs
CardVM
OptionalPackages
Personal Basis Profile
PersonalProfile
Foundation Profile
CDC
MIDP
CLDC
KVM
Java 2 Platform Micro Edition(J2METM )
* Under development in JCP10
What Do You Get from J2EE?? API and Technology specifications? Development and Deployment Platform? Reference implementation ? Compatibility Test Suite (CTS)? J2EE brand? J2EE BluePrints
11
History of Distributed Computing
Platform EvolutionCatchCatchPhrasePhrase
The NetworkThe NetworkIs the ComputerIs the Computer
ObjectsObjectsLegacy to Legacy to the Webthe Web
The Computer The Computer Is theIs the
NetworkNetwork
Network of Network of Embedded Embedded
ThingsThingsNetworkNetworkof Thingsof Things
ScaleScale
When/PeakWhen/Peak
LeafLeafProtocol(s)Protocol(s)
Directory(s)Directory(s)
SessionSession
100s100s 1,000s1,000s 1,000,000s1,000,000s 10,000,000s10,000,000s 100,000,000s100,000,000s 100,000,000s100,000,000s
1984/19871984/1987 1990/19931990/1993 1996/19991996/1999 2001/20032001/2003 1998/20041998/2004 2004/20072004/2007
XX XX +HTTP+HTTP(+JVM)(+JVM)
+XML+XMLPortalPortal +RM+RM UnknownUnknown
NS, NS+NS, NS+ +CDS+CDS +LDAP(*)+LDAP(*) +UDDI+UDDI +Jini+Jini +?+?
RPC, XDRRPC, XDR +CORBA+CORBA +CORBA,+CORBA,RMRM
+SOAP,+SOAP,XMLXML +RM/Jini+RM/Jini +?+?
SchematicSchematic
12/12/2003
Communication Patterns
Client-Server 3-Tier
Web Application
Web Services
HybridP2P Fractal
Communication Patterns: JavaTM 2
Business SystemsBusiness Systems
DB ServerDB Server
App ServerApp Server
Web ServerWeb Server
BrowserBrowserClientClient
Web Application
J2EEJ2EE
J2SE/J2SE/J2MEJ2ME
Communication Patterns: Sun ONE
Bus.Bus.Sys.Sys.
DBDB
AppApp
WebWeb
BrowserBrowser
Context and IdentityContext and Identity(LDAP, Policy, Liberty)(LDAP, Policy, Liberty)
J2EEJ2EE
J2SE/J2SE/J2MEJ2ME
XMLXML(UDDI, (UDDI, SOAP)SOAP)
Web Service
16
Evolution ofEnterprise Application
Frameworks
12/12/2003
17
Evolution of Enterprise Application Framework
? Single tier ? Two tier? Three tier
– RPC based
– Remote object based
? Three tier (HTML browser and Web server)? Proprietary app server? Standard app server
18
Single Tier (Mainframe-based)
? Centralized model (as opposed distributed model)
? Dumb terminals are directly connected to mainframe
? Presentation, business logic, and data access are intertwined in one monolithic mainframe application
19
Single-Tier: Pros & Cons? Pros:
– No client side management is required
– Data consistency is easy to achieve
? Cons:– Functionality (presentation, data model, business logic)
intertwined, difficult for updates and maintenance and code reuse
20
Two-Tier
? Fat clients talking to backend database– SQL queries sent, raw data returned
? Presentation,Business logic and Data Model processing logic in client application
Database
SQL request
SQL response
SQL request
12/12/2003
21
Two-Tier? Pro:
– DB product independence (compared to single-tier model)
? Cons:– Presentation, data model, business logic are intertwined
(at client side), difficult for updates and maintenance
– Data Model is “tightly coupled” to every client: If DB Schema changes, all clients break
– Updates have to be deployed to all clients making System maintenance nightmare
– DB connection for every client, thus difficult to scale
– Raw data transferred to client for processing causes high network traffic 22
Three-Tier (RPC based)
? Thinner client: business & data model separated from presentation
– Business logic and data access logic reside in middle tier server while client handles presentation
? Middle tier server is now required to handle system services
– Concurrency control, threading, transaction, security, persistence, multiplexing, performance, etc.
Database
SQL request
SQL responseRPC response
RPC request
23
Three-tier (RPC based): Pros & Cons? Pro:
– Business logic can change more flexibly than 2-tier model
? Most business logic reside in the middle-tier server
? Cons:– Complexity is introduced in the middle-tier server
– Client and middle-tier server is more tightly-coupled (than the three-tier object based model)
– Code is not really reusable (compared to object model based)
24
Three-Tier (Remote Object based)
? Business logic and data model captured in objects– Business logic and data model are now described in
“abstraction” (interface language)? Object models used: CORBA, RMI, DCOM
– Interface language in CORBA is IDL– Interface language in RMI is Java interface
Database
SQL request
SQL responseObject response
Object request
12/12/2003
25
Three-tier (Remote Object based): Pros & Cons
? Pro:– More loosely coupled than RPC model
– Code could be more reusable
? Cons:– Complexity in the middle-tier still need to be
addressed
27
Three-tier (Web Server based): Pros & Cons? Pro:
– Ubiquitous client types
– Zero client management
– Support various client devices? J2ME-enabled cell-phones
? Cons:– Complexity in the middle-tier still need to be
addressed
28
Trends
? Moving from single-tier or two-tier to multi-tier architecture
? Moving from monolithic model to object-based application model
? Moving from application-based client to HTML-based client
12/12/2003
29
Multi-tier
Single-tier vs. Multi-tier
l No separation among presentation, business logic, database
l Hard to maintain
l Separation among presentation, business logic, database
l More flexible to change, i.e. presentation can change without affecting other tiers
Single tier
30
Object-based
Monolithic vs. Object-based
l 1 Binary filel Recompiled,
relinked, redeployed everytime there is a change
l Pluggable partsl Reusablel Enables better
designl Easier updatel Implementation
can be separated from interface
l Only interface is published
Monolithic
31
Outstanding Issues & Solution? Comlexity at the middle tier server still remains? Duplicate system services still need to be
provided for the majority of enterprise applications
– Concurrency control, Transactions– Load-balancing, Security– Resource management, Connection pooling
? How to solve this problem? – Commonly shared container that handles the above
system services
– Proprietary versus Open-standard based32
Proprietary Solution? Use "component and container" model in
which container provides system services in a well-defined but with proprietary manner
? Problem of proprietary solution: Vendor lock-in
? Example: Tuxedo, .NET
12/12/2003
33
Open and Standard Solution? Use "component and container" model in
which container provides system services in a well-defined and as industry standard
? J2EE is that standard that also provides portability of code because it is based on Java technology and standard-based Java programming APIs
34
Why J2EE?
35
Platform Value to Developers? Can use any J2EE implementation for
development and deployment – Use J2EE RI or Sun ONE Platform Edition which are
free for development/deployment and then use high-end commercial J2EE products for actual deployment
? Vast amount of J2EE community resources– Many J2EE related books, articles, tutorials, quality
code you can use, best practice guidelines, design patterns etc.
? Can use off-the-shelf 3rd-party business components 36
Platform Value to Vendors? Vendors work together on specifications and
then compete in implementations– In the areas of Scalability, Performance, Reliability,
Availability, Management and development tools, and so on
? Freedom to innovate while maintaining the portability of applications
? Do not have create/maintain their own proprietary APIs
12/12/2003
37
Platform Value to Business Customers? Application portability ? Many implementation choices are possible
based on various requirements– Price (free to high-end), scalability (single CPU to
clustered model), reliability, performance, tools, and more
– Best of breed of applications and platforms
? Large developer pool
38
J2EE API's &Technologies
(page 14, 1st slide)
39
J2EE 1.3 APIs and Technologies
Java 2 SDK, Standard EditionRMI/ IIOP
JDBC™ Java Messaging Service
JNDIServlet
JavaServer Pages™JavaMail
JavaBeans™ Activation FrameworkEnterprise JavaBeansJava Transaction API
Java Transaction ServiceConnector Architecture
ECPerf™
Version1.31.03.0
1.0.2b 1.2.1
2.31.21.2
1.0.12.0
1.0.11.11.01.0
40
J2EE 1.4 Contents? J2SE 1.4 (improved)? JAX-RPC (new)? Web Service for J2EE? J2EE Management? J2EE Deployment? JMX 1.1? JMS 1.1? JTA 1.0
? Servlet 2.4? JSP 2.0? EJB 2.1? JAXR? Connector 1.5? JACC? JAXP 1.2? JavaMail 1.3? JAF 1.0
12/12/2003
41
Servlet
42
What is a Servlet?
? Java™ objects which extend the functionality of a HTTP server
? Dynamic contents generation? Better alternative to CGI, NSAPI, ISAPI, etc.
– Efficient– Platform and server independent
– Session management
– Java-based
43
Servlet
CGI versus Servlet
l Written in C, C++, Visual Basic and Perl
l Difficult to maintain, non-scalable, non-manageable
l Prone to security problems of programming language
l Resource intensive and inefficient
l Platform and application-specific
l Written in Javal Powerful, reliable, and
efficientl Improves scalability,
reusability (component based)
l Leverages build-in security of Java programming language
l Platform independent and portable
CGI
44
Servlet vs. CGI
CGIBased
Webserver
CGIBased
Webserver
Request CGI1Child for CGI1
CGIBased
Webserver
Servlet Based Webserver
JVM
Request CGI1Child for CGI1
Request Servlet1
CGIBased
Webserver
Servlet Based Webserver
JVMServlet1
Request CGI1Child for CGI1
Request CGI2
Request Servlet1
CGIBased
WebserverChild for CGI2
Servlet Based Webserver
JVMServlet1
Request CGI1Child for CGI1
Request CGI2
Request Servlet1
Request Servlet2
CGIBased
WebserverChild for CGI2
Servlet Based Webserver
JVMServlet1
Servlet2
Request CGI1Child for CGI1
Request CGI2
Request CGI1
Request Servlet1
Request Servlet2
CGIBased
WebserverChild for CGI2
Child for CGI1
Servlet Based Webserver
JVMServlet1
Servlet2
Request CGI1Child for CGI1
Request CGI2
Request CGI1
Request Servlet1
Request Servlet2
Request Servlet1
CGIBased
WebserverChild for CGI2
Child for CGI1
Servlet Based Webserver
JVMServlet1
Servlet2
Request CGI1Child for CGI1
12/12/2003
45
Servlets Request and Response
Servlet
Response
Request
BrowserHTTP
WebWebServerServer
Servlet Container
Response
Request
46
What does Servlet Do?? Receives client request (mostly in the form
of HTTP request)? Extract some information from the request? Do content generation or business logic
process (possibly by accessing database, invoking EJBs, etc)
? Create and send response to client (mostly in the form of HTTP response) or forward the request to another servlet
47
Requests and Responses? What is a request?
– Information that is sent from client to a server? Who made the request? What user-entered data is sent? Which HTTP headers are sent
? What is a response? – Information that is sent to client from a server
? Text(html, plain) or binary(image) data? HTTP headers, cookies, etc
48
HTTP GET and POST? The most common client requests
– HTTP GET & HTTP POST
? GET requests:– User entered information is appended to the URL in a
query string
– Can only send limited amount of data? .../servlet/ViewCourse?FirstName=Sang&LastName=Shin
? POST requests:– User entered information is sent as data (not appended
to URL)– Can send any amount of data
12/12/2003
49
First Servlet import javax.servlet.*;import javax.servlet.http.*;import java.io.*;
Public class HelloServlet extends HttpServlet { public void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<title>First Servlet</title>"); out.println("<big>Hello Code Camp!</big>"); }}
50
Session Tracking
51
Why Session Tracking?? Need a mechanism to maintain state
across a series of requests from the same user (or originating from the same browser) over some period of time
– Example: Online shopping cart
? Yet, HTTP is stateless protocol– Each time, a client talks to a web server, it opens
a new connection
52
Session Tracking Use Cases
? When clients at an on- line store add an item to their shopping cart, how does the server know what’s already in the cart?
? When clients decide to proceed to checkout, how can the server determine which previously created shopping cart is theirs?
12/12/2003
53
Sessions
Session 1
Session 2
Client 1
Client 2
serverSession ID 1
Session ID 2
54
Three Session Tracking Mechanisms? Cookies? URL rewriting? Hidden form fields? Note that these are just underlying
mechanisms and do not provide high-level programming APIs
55
What is Cookie?? Cookie is a small amount of information sent
by a servlet to a Web browser? Saved by the browser, and later sent back to
the server in subsequent requests? A cookie's value can uniquely identify a client
– So cookies are commonly used for session management
? A cookie has a name, a single value, and optional attributes
56
Cookies as Session Tracking
? Advantages:– Very easy to implement
– Highly customizable
– Persist across browser shut-downs
? Disadvantages:– Often: users turn off cookies for privacy or
security reason
– Not quite universal browser support
12/12/2003
57
URL Rewriting? URLs can be rewritten or encoded to include
session information.? URL rewriting usually includes a session id? Session id can be sent as an added
parameter:– http://.../servlet/Rewritten?sessionid=688
58
URL Rewriting as Session Tracking Mechanism ? Advantages:
– Let user remain anonymous
– They are universally supported(most styles)
? Disadvantages:– Tedious to rewrite all URLs
– Only works for dynamically created documents
59
Now Without “Session Tracking” Feature of Servlet
? You have to perform the following tasks yourself by using one of three session-tracking mechanisms
– Generating and maintaining a session id for each session
– Passing session id to client via either cookie or URL
– Extracting session id information either from cookie or URL
– Creating and maintaining a hashtable in which session id and session information are stored
– Coming up with a scheme in which session information can be added or removed
60
“ Session Tracking” Feature of Servlet
? Provides higher-level API for session tracking
– Built on top of Cookie or URL rewriting
? Servlet container maintains
– internal hashtable of session id's
– session information in the form of HttpSession? Generates and maintains session id transparently? Provides a simple API for adding and removing
session information (attributes) to HttpSession? Could automatically switch to URL rewriting if
cookies are unsupported or explicitly disabled
12/12/2003
61
What are Java Servlet Filters?? New component framework for intercepting
and modifying requests and responses– Filters can be chained and plugged in to the system
during deployment time
? Allows range of custom activities:– Marking access, blocking access
– Caching, compression, logging
– Authentication, access control, encryption
– Content transformations
? Introduced in Servlet 2.3 (Tomcat 4.0)62
What Can a Filter Do?? Examine the request headers? Customize the request object if it wishes to
modify request headers or data? Customize the response object if it wishes to
modify response headers or data? Invoke the next entity in the filter chain? Examine response headers after it has invoked
the next filter in the chain? Throw an exception to indicate an error in
processing
63
How Servlet Filter Work?
Filter 2
ServletContainer
Filter NFilter 1
ServletFilter Chain
Userimplementedfilters
Servletcontainerfilter
doFilter(ServletRequest,ServletResponse,FilterChain)
service(ServletRequest,ServletResponse) 64
JSP
12/12/2003
65
What is JSP Technology?? Enables separation of business logic from
presentation– Presentation is in the form of HTML or
XML/XSLT
– Business logic is implemented as Java Beans or custom tags
– Better maintainability, reusability
? Extensible via custom tags? Builds on Servlet technology
66
What is JSP page?
? A text-based document capable of returning dynamic content to a client browser
? Contains both static and dynamic content
– Static content: HTML, XML
– Dynamic content: programming code, and JavaBeans, custom tags
67
JSP Sample Code<html> Hello World!<br><jsp:useBean id="clock" class=“calendar.JspCalendar” /> Today is<ul><li>Day of month: <%= clock.getDayOfMonth() %><li>Year: <%= clock.getYear() %></ul>
</html>
68
JSP
Servlets and JSP - Comparison
• HTML code in Java• Any form of Data• Not easy to author a
web page
• Java-like code in HTML• Structured Text• Very easy to author a
web page• Code is compiled into a
servlet
Servlets
12/12/2003
69
JSP Benefits? Content and display logic are separated? Simplify development with JSP, JavaBeans
and custom tags? Supports software reuse through the use of
components? Recompile automatically when changes are
made to the source file? Easier to author web pages? Platform-independent
70
Web-Tier Security Issues
71
General Security Issues ? Authentication for identity verification
– Making sure a user is who he claims he is
? Authorization (Access control)– Making sure a resource gets access only by user who
as access priviledge
– The user has to be authenticated first
? Confidentiality (Privacy)– Making sure nobody can read the sensitive data
while it is on the wire
72
Security Issues at Web-Tier? Preventing unauthorized users from
accessing “access controlled” web resource– If unauthenticated user tries to access “access
controlled” web resource, web container will automatically ask the user to authenticate himself first
– Once authenticated, web container (and/or web components) enforces access control
? Preventing attackers from changing or reading sensitive data while it is on the wire
– Data can be protected via SSL
12/12/2003
73
HTTP BasicAuthentication-
basedWeb tier Security
74
HTTP Basic Authentication ? Web server collects user identification (user
name and password) through a browser provided dialog box
? Not secure since user name and password are in “easily decode'able” form over the wire
– Encoding scheme is Base64– Someone can easily decode it – Not encrypted
? Would need SSL for encrypting password
75
Steps for Basic Authentication-based Web-tier Security 1.Set up username, passwords, and roles
(realms)
2.Tell web container that you are using Basic authentication
3.Specify which URLs (web resources) should be access-controlled (password-protected)
4.Specify which URLs should be available only with SSL (data integrity and confidentiality protected)
76
Step 1: Set up username, passwords, and roles (Realms)
? Schemes, APIs, and tools for setting up usernames, passwords, and roles (realms) are web container and operational environment specific
– Flat-file based, Database, LDAP server– Passwords could in encrypted or unencrypted form
? Tomcat 4.0 can work with the following realms– default: file, unencrypted form
– Relational database (via JDBCRealm)– LDAP server (via LDAPRealm)
12/12/2003
77
Example: Tomcat's default? <install-dir>/config/tomcat-users.xml? Unencrypted: not secure but easy to set up
and maintain
<?xml version='1.0'?><tomcat-users> <role rolename="manager"/> <role rolename="employee"/> <role rolename="admin"/> <user username="sang" password="sangPassword"
roles="manager,employee"/></tomcat-users>
78
Step 2: Tell web container that you are using Basic authentication? In web.xml file of your web application
<web-app> ... <security-constraint>...</security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>realm name</realm-name> </login-config> ... </web-app>
79
Step 3: Specify which URLs should be access-controlled <web-app> ... <security-constraint> <web-resource-collection> <web-resource-name>WRCollection</web-resource-name> <url-pattern>/loadpricelist</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name></realm-name> </login-config> ...</web-app> 80
Step 4: Specify which URLs should be available only with SSL <web-app> ... <security-constraint> <web-resource-collection> <web-resource-name>WRCollection</web-resource-name> <url-pattern>/loadpricelist</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name></realm-name> </login-config> ...</web-app>
12/12/2003
81
Form-based Authentication
basedWeb-tier Security
82
Form-based Authentication ? Web application collects user identification
(user name, password, and other information) through a custom login page
? Not secure since user name and password are in “easily decode'able” form over the wire
– Encoding scheme is Base64– Someone can easily decode it – Not encrypted
? Would need SSL for encrypting password
84
Steps for Form-based Authentication based Web-tier Security
1.Set up username, passwords, and roles (realms)
2.Tell web container that you are using Form-based authentication
3.Create Login page
4.Create Login failure error page
5.Specify which URLs (web resources) should be access-controlled (password-protected)
6.Specify which URLs should be available only with SSL (data integrity and confidentiality protected)
12/12/2003
85
Step 1: Set up username, passwords, and roles (Realms) ? Same as in Basic-authentication
86
Step 2: Tell web container that you are using Form-based authentication
? In web.xml file of your web application<web-app> ... <security-constraint>...</security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>realm name</realm-name> </login-config> ... </web-app>
87
Step 3: Create Login Page
? Can be HTML or JSP page? Contains HTML form like following
<FORM ACTION="j_security_check" METHOD="POST"> … <INPUT TYPE="TEXT" NAME="j_username"> … <INPUT TYPE="PASSWORD" NAME="j_password"> …</FORM>
88
Step 4: Create Login Failure page
? Can be HTML or JSP page? No specific content is mandated
12/12/2003
89
Step 5: Specify which URLs should be access-controlled (Same as Basic Auth)<web-app> ... <security-constraint> <web-resource-collection> <web-resource-name>WRCollection</web-resource-name> <url-pattern>/loadpricelist</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> <role-name>executive</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name></realm-name> </login-config> ...</web-app> 90
Step 6: Specify which URLs should be available only with SSL (Same as Basic Auth)<web-app> ... <security-constraint> <web-resource-collection> <web-resource-name>WRCollection</web-resource-name> <url-pattern>/loadpricelist</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name></realm-name> </login-config> ...</web-app>
91
Form-based
Basic vs. Form-based Authentication
• Uses “browser provided dialog box” to get username and password
• Only username and password can be collected
• Might result in different look and feel
• HTTP Authentication header is used to convey username and password
• No good way to enter a new user name
• Uses “web application provided login page” to get username and password
• Custom data can be collected
• Can enforce consistent look and feel
• Form data is used to convey username and password
• Can enter a new user name via login page
Basic
92
EJB(Enterprise Java Beans)
12/12/2003
93
What is EJB Technology?? Cornerstone of J2EE? A server-side component technology ? Easy development and deployment of
Java technology-based application that are:
– Transactional, distributed, multi-tier, portable, scalable, secure, …
94
Why EJB Technology?? Leverages the benefits of component-
model on the server side? Separates business logic from system code? Provides framework for portable
components– Over different J2EE-compliant servers
– Over different operational environments
? Enables deployment-time configuration– Deployment descriptor
95
Do You Need an EJB Tier?? Yes, if you want to leverage middleware features
provided by container– Resource management, instance life-cycle
management, concurrency control and threading– Persistence, transaction and security management– Messaging, scalability, availability
? Yes, if you want to build portable and reusable business components
? Maybe not, for a simple application whose main function is reading database tables
96
EJB Architecture
12/12/2003
97
EJB Architecture Contracts
? Contracts are specified in EJB specification? Client view contract
– Contract between client and container
? Component contract– Contract between an Enterprise Bean and its
Container
98
Client View Contract
? Client of an EJB can be– Web tier components: Servlet and JSP
– Standalone Java application
– Applet
– Another EJB in same or different container
– Web services client (in EJB 2.1)
? Provides development model for clients using EJB services
99
Client View Contract (Contd.)
? Client view contract is comprised of– Home interface
? For local or remote clients? Contains methods for creating and locating beans
– Remote interface? For local or remote clients? Contains business methods
– Object identity
– Metadata interface
– Handle100
Component Contract: What Container does (for Beans)? Enables EJB method invocations from clients? Manage the life cycle of EJB bean instances? Implements home and remote interfaces? Provide persistence for CMP entity beans? Provide runtime context information to beans? Manage transactions, security, exceptions, etc...? Implements callbacks
12/12/2003
101
EJB Contracts
ClientEnterprise
bean instances
EJBContainer
Component contract
EJB server
Client view contract
102
Types of Beans
? Session Beans– Stateful session beans
– Stateless session beans
? Entity Beans– Bean Managed Persistence (BMP)
– Container Managed Persistence (CMP)
? Message Driven Beans– JMS
– JAXM
103
Session Beans? Does work on behalf of a single client? Is not persistent and hence relatively short
lived– Is removed when the EJB™ server crashes
? Does not represent data in data store, although can access/update such data
? Bean class implements javax.ejb.SessionBean interface
104
When to Use Session Beans?? Use Session beans to model process or control
objects specific to a particular client.
? To model workflow, processes or tasks, manage activities (make reservation, purchase...).
? To Coordinate processes between entity beans, control interactions of beans.
? To Move business application logic from Client to the Server Side.
12/12/2003
105
2 Types of Session Beans? Stateless: execute a request and return a
result without saving any client specific state information
– transient
– temporary piece of business logic needed by a specific client for a limited time span
? Stateful: maintains client specific state
State instance data
Stateful Session beanStateless Session bean
106
Examples of Session Beans
? Stateless session beans– Catalog
? No client specific state needs to be preserved
– Interest calculator? No client specific state needs to be preserved? Business logic with no need for database access
? Staeful session beans– Shopping cart
? Client specific state needs to be preserved
107
Entity Beans? Provides object view of data in data store
– Its lifetime not related to the duration of interaction with clients
– Lives as long as data exists in database i.e. Long lived
– In most cases, synchronized with relational databases
? Shared access among clients? Bean class implements
javax.ejb.EntityBean interface
108
Entity Beans? Clients normally look up (find) an existing
entity EJB– Creation means adding a row to a database table
– Finding means finding a row in a existing database table
? Entity bean instance has unique identifier called primary key
– Primary key can be any class
12/12/2003
109
Examples of Entity Beans? Customer
– Customer data has to persist, thus is maintained in the database
– Customer data has to survive server crash
– Customer data is shared by many clients
– Each customer has unique identification such as customer number
110
2 Types of Entity Beans? CMP (Container Managed Persistence)
– Persistence is managed by Container
– Persistence requirements are specified in deployment descriptor
– Bean developer does not have to worry about providing persistence logic in his code
? BMP (Bean Managed Persistence)– Persistence logic code is provided by Bean
developer
111
When to Use CMP vs. BMP?? CMP entity beans
– With CMP 2.0, there is no reason not to use CMP
– Database independence
– Higher performance
– Easy to develop and deploy
? BMP entity beans– More programmatic control is desired
112
Session Beans and Entity Beans
? Represent a business process
? One instance per client? Short-lived: Life of
client is life of bean? Transient? Doesn’t survive server
crashes? May be transactional
? Represent business data? Shared instance for
multiple clients? Long-lived: as long as
data in database? Persistent? Survive server crashes? Always transactional
Session Beans Entity Beans
12/12/2003
113
Entity and Session Beans—Typical Architecture
114
Entity and Session Beans
115
Message-Driven Beans (MDB)? Acts as a consumer of asynchronous
messages? Cannot be called directly by clients
– Activated upon message arrival
– No home or remote interface
? Clients interact with MDB by sending messages to the queues or topics to which they are listening
? Stateless
116
JMS(Java Message Service)
12/12/2003
117
Java Message Service (JMS) ? Messaging systems (MOM) provide
– Decoupled communication
– Asynchronous communication– Plays a role of centralized post office
? Benefits of Messaging systems– Flexible, Reliable, Scalable communication
systems
? Point-to-Point, Publish and Subscribe? JMS defines standard Java APIs to
messaging systems118
Connector Architecture
119
Connector Architecture ? Defines standard SPI for integrating J2EE
technology with EIS systems– CICS, SAP, PeopleSoft, etc.
? Before Connector architecture, each App server has to provide an proprietary adaptor for each EIS system
– m (# of App servers) x n (# of EIS'es) Adaptors
? With Connector architecture, same adaptor works with all J2EE compliant containers
– 1 (common to all App servers) x n (# of EIS'es) Adaptors 120
m x n Problem Before Connector Architecture
AppServer1
AppServer
AppServer3
AppServer2
SAP
EIS4
EIS3
m n
EIS2
12/12/2003
121
Connector Architecture ? Defines
– Connection pooling
– Security
– Transaction
122
Other J2EE APIs &Technologies
123
JNDI
? Java Naming and Directory Interface? Utilized by J2EE applications to locate
resources and objects in portable fashion– Applications use symbolic names to find object
references to resources via JNDI
– The symbolic names and object references have to be configured by system administrator
124
JDBC
? Provides standard Java programming API to relational database
– Uses SQL
? Vendors provide JDBC compliant driver which can be invoked via standard Java programming API
12/12/2003
125
J2EE Management (JSR-77)
? Management applications should be able to discover and interpret the managed data of any J2EE platform
? Single management platform can manage multiple J2EE servers from different vendors
? Management protocol specifications ensure a uniform view by SNMP and WBEM management stations
? Leverages JMX126
J2EE Management (JSR-77) - J2EE 1.4
? Management information model• example: J2EE app server, EJB beans
? Mapping the information model to• CIM (Common Information Model)
• SNMP MIB (Management Information Base)
• Java APIs for J2EE Management EJB component (MEJB)
• Exposes managed objects as JMX Managed Beans (Mbeans)
127
J2EE Deployment (JSR-88) - J2EE 1.4 Tools J2EE Platforms
StandardDeployment API
(Universal Remote)IDEs
Vendor Deploy Tools
Management Tools
128
J2EE App ServerApp
JMX
JMX
JMX de-facto
Dynamic DeploymentJMX API into the J2EE 1.4 platform
A single technology for the J2EE platform
JMX
12/12/2003
129
JACC (Java Authorization Contract for Containers) - J2EE 1.4
? Defines contract between J2EE containers and authorization policy modules
– Provider configuration subcontract
– Policy configuration subcontract
– Policy enforcement subcontract
? Enable application servers to integrate with enterprise user registries and authorization policy infrastructure
130
J2EE as End-to-EndArchitecture
131
The J2EE Platform Architecture
B2BApplications
B2CApplications
WebServices
WirelessApplications
Application ServerEnterprise
InformationSystems
ExistingApplications
132
Client
Client
Client
Client
Client
ClientTier
Enterprise Information
TierMiddle
Tier
Enterprise Information
Systems (EIS):RelationalDatabase,Legacy
Applications,
ERP Systems
Enterprise JavaBeans™
Enterprise JavaBeans
Other Services:JNDI, JMS,JavaMail™
J2EEApplication
Server
Web ServerJSP,
Servlets
Firewall
J2EE is End-to-End Solution
HTML/XML
12/12/2003
133
N-tier J2EE Architecture
Web Tier EJB Tier
134
J2EE Component & Container
Architecture
135
JND
I
J2SE
JM
S
RM
I/IIO
P
JDB
C
Database
AppClient
App Client Container
HTTP/HTTPS
J2SE
RMI
J2SE
JND
I
JMS
RM
I/IIO
P
JDB
C
JT
A JavaMail
JAF JND
I
JM
S
RM
I/IIO
P
JDB
C
JT
A JavaMail
JAF
HTTP/HTTPS
Applet Container
Applet JSP Servlet EJB
Web Container EJB Container
RMI
J2SE
J2EE Containers & Components
136
ComponentsHandle
Containers and Components
l Concurrencyl Securityl Availabilityl Scalabilityl Persistencel Transactionl Lifecycle
managementl Management
l Presentationl Business Logic
ContainersHandle
12/12/2003
137
Containers & Components
? Containers do their work invisibly
– No complicated APIs
– They control by interposition
? Containers implement J2EE– Look the same to components
– Have great freedom to innovate
138
J2EE ApplicationDevelopment & Deployment
Life Cycle
139
J2EE Application Development Lifecycle? Write and compile component code
– Servlet, JSP, EJB
? Write deployment descriptors for components
? Assemble components into ready-to-deploy'able package
? Deploy the package on a server
140
Creation Assembly Deployment
Created by Component Developer
Assembledand Augmentedby Application
Assembler
Processed by Deployer
Deploy
EnterpriseComponents
J2EE Container
J2EE APPJ2EE Modules
Lifecycle Illustration
12/12/2003
141
J2EE Roles? Component provider
– Bean provider
? Application assembler? Deployer? Platform provider
– Container provider
? Tools provider? System administrator
142
The Deployment Descriptor? Gives the container instructions on how to
manage and control behaviors of the J2EE components– Transaction
– Security
– Persistence? Allows declarative customization (as
opposed to programming customization)– XML file
? Enables portability of code
143
J2EE ApplicationAnatomies
144
DB & EISResources
Browser
Stand-alone
Web Server EJB Server
Web Server EJB Server
Possible J2EE Application Anatomies
12/12/2003
145
J2EE Application Anatomies
? 4-tier J2EE applications
– HTML client, JSP/Servlets, EJB, JDBC/Connector
? 3-tier J2EE applications– HTML client, JSP/Servlets, JDBC
? 3-tier J2EE applications
– EJB standalone applications, EJB, JDBC/Connector
? B2B Enterprise applications
– J2EE platform to J2EE platform through the exchange of JMS or XML-based messages
146
Which One to Use?? Depends on several factors
– Requirements of applications
– Availability of EJB tier
– Availability of developer resource
147
J2EE Reference Implementation,Compatibility Suite, Brand
148
What and Why a Reference Implementation?? Validates specification? Fully-compliant? Fully-functional? Not commercial quality
– Scalability– Performance
? Use it for prototyping? Java Web Services Developer Pack is
production quality, however
12/12/2003
149
Compatibility Test Suite (CTS)? Ultimate Java™ technology mission:
– Write Once, Run Anywhere™
– My Java-based application runs on any compatible Java virtual machines
– My J2EE based technology-based application will run on any J2EE based Compatible platforms
150
J2EE Application Verification Kit (J2EE AVK)? How can I test my J2EE application portability?
• Obtain the J2EE RI 1.3.1 and the J2EE Application Verification Kit (J2EE AVK)
? Self verification of application– Static verification
– Dynamic verification
? Obtain the tests results, verify that all criteria are met
151
Compatible Products for the J2EE Platform (Brand)
ATG
Bea Systems
BorlandComputer
Associates
FujitsuHitachi
HP
IBMIONA
iPlanet
Macromedia
NECOracle
Pramati
SilverStreamSybase
Talarian
Trifork
152
J2EE™ Technology LicenseesAOL
ATG
BEA Systems
HP Bluestone
BroadVision
Borland
Compaq
CA
Fujitsu
Gemstone
Hitachi
IBM
Interworld
In-Q-My
IONA
iPlanet
Lutris
Macromedia
NEC
Nokia
Merant
Oracle Corp.
Cape Clear
Persistence
Pramati
SAS Institute
Silverstream
Sonic
Sybase
Secant
SpiritSoft
Talarian
TIBCO
TMAX Soft
TogetherSoft
Trifork
WebGain
12/12/2003
153
The J2EE Platform “Ecosystem,”Application Servers and…? Tools
– IDE’s: Borland JBuilder Enterprise, WebGain Visual Cafe’, IBM Visual Age for Java™, Forte™ for Java™, Oracle JDeveloper, Macromedia Kawa
– Modeling, Performance, Testing, etc.
? Enterprise Integration: Connectors, Java Message Service (JMS) API, XML
? Components? Frameworks? Applications
154
Major Investment in Compatibility by the Industry? Sun has spent scores of engineer years
developing tests? Licensees have spent scores of engineer
years passing the tests? Testing investment on top of specification
investment, implementation investment, business investments
? In total, tens of millions of dollars invested in J2EE platform compatibility by the industry
155
J2EE Blueprint &Pet Store Application
156
J2EE BluePrint? Best practice guidelines, design patterns
and design principles– MVC pattern
? Covers all tiers– Client tier
– Web tier
– Business logic (EJB) tier
– Database access tier
? Sample code– Java Pet Store
12/12/2003
157
Web ServicesSupport in J2EE 1.4
158
J2EE 1.4 Theme ? Major theme is Web Services? Allow J2EE applications to be exposed as
SOAP/HTTP based Web services? Integrate with existing Web services? Ensure interoperability
• SOAPBuilder effort
• Will support WS-I Basic profile
159
Design Goals J2EE Web Services Framework
? Portability of Web services component
– Over different vendor platform
– Over different operational environment
? Leveraging existing J2EE programming models for service implementation
? Easy to program and deploy
– High-level Java APIs
– Use existing deployment model160
What Is a J2EE Web Service?? A set of endpoints (ports) operating on
messages? Ports are operating within a container
– Container provides runtime environment
– Contract for runtime environment are specified in JAX-RPC, EJB 2.1, JSR 109
? Service is described abstractly in WSDL document and published to a registry
– WSDL specifies a contract between service provider and client
12/12/2003
161
Web Service Component and Container
? Container vs. Component model
– Web services components get executed within a container
– Components are portable (under J2EE 1.4)
? Web service components
– Web-tier (Servlet-based endpoint)
– EJB-tier (Stateless session bean-based endpoint)
162
Web Service Components
Source: Web Services for J2EE (JSR 109), V1.0
Web services components
163
Java APIs forWeb Services over J2EE
164
Web Services for J2EE (JSR 109)? Addresses overall Web services architecture
over J2EE
– Deployment requirements for Web service clients and endpoints
– Standard deployment descriptors
– JAX-RPC programming model
– JNDI lookup of service objects
– Container-managed security
– Declaration of handlers and serializers
12/12/2003
165
JAX-RPC
? Servlet-based Web service endpoint model
? XML data types to/from Java types mapping
? WSDL to/from Java mapping
? JAX-RPC Client Programming Models
? SOAP Message Handler framework
? Extensible type mapping
166
JAX-RPC Architecture Diagram
Server-side JAX-RPCRuntime System
Container
JAX-RPCService Endpoint
WSDLóJava
WSDL Document
HTTP
Client-side JAX-RPCRuntime System
SOAP
Container
JavaïWSDLGenerated Code
JAX-RPC Client
167
Relationship to WSDL
JAX-RPC describes a Web Service as a collection of remote interfaces and methods
Tools are used to convert between WSDL documents and sets of Java remote interfaces (“Generate Web Services Files” menu in Sun ONE Studio 5, “wscompile” in Java WSDP)
WSDL describes a Web Service as a collection of ports and operations
168
SOAP Message Handlers? Handlers let you access/modify SOAP
request and response messages– Typically used to process service contexts in SOAP
header blocks
– Can be used to extend functionality of Web services runtime system
? J2EE containers (which provide Web services runtime) are likely to use them internally to provide session/transaction propagation
? Example handlers: – encryption, decryption, authentication,
authorization, logging, auditing, caching
12/12/2003
169
SOAP Message Handlers? Pluggable and chainable
– Through standardized programming API
– Portable across implementations
? Has its own lifecycle– JAX-RPC runtime system calls init(), destroy() of a
handler
? Handler instances can be pooled? MessageContext is used to share properties
among handlers in a handler chain
170
SOAP Message Handlers
Service Endpoint (Port)Handler Handler
SOAP Message<Request>
SOAP Message<Response>
Handler Chain
171
JAX-RPC Client Programming Models? Stub-based (least dynamic)
– Both interface (WSDL) and implementaion (stub) created at compile time
? Dynamic proxy– Interface (WSDL) created at compile time
– Implementation (dynamic proxy) created at runtime
? Dynamic invocation interface (DII)– Both interface (WSDL) and implementaion
created at runtime 172
Service Implementation
public class AttachmentServiceImpl extends AttachmentService {
public String storeImageService(DataHandler dh,
String imageFileName){
...
BufferedInputStream in =
new BufferedInputStream (dh.getInputStream());
...
}
12/12/2003
173
Client sending Attachmentpublic class AttachmentServiceClient {
public static void main(String[] args) { ...
DataHandler dh =
new DataHandler(new FileDataSource(filename));
AttachmentService myProxy = ...
String response = myProxy.storeImageService(dh, filename);
...
}
}
174
SAAJ
? Handles low-level SOAP message handling
• Contains the API for creating and populating a SOAP messages conforming to SOAP 1.1 and SOAP with Attachment specifications
• Used by high-level APIs (such as JAX-RPC runtime)
? Contains API necessary for sending request-response (non-provider-model) messages
? Separated out from JAXM 1.0 into JAXM 1.1 and SAAJ 1.1
175
Web Services Support in EJB 2.1
? Defines Stateless Session Bean-based Web services endpoint model
– Stateless session bean can be web services implementation
– Web services endpoint interface (service definition interface) for Stateless session bean
– Can implement SOAP Message Handlers for Stateless session bean based endpoint
176
JAXR? Standard Java API for performing registry
operations over diverse set of registries
– Web service publication & discovery
? A unified information model for describing business registry content
? Provides multi-layered API abstractions
– Level 0: for UDDI
– Level 1: for ebXML registry/repository
12/12/2003
177
JAXR Architecture
178
How to Get Started
179
Step1: How to Get Started (for Beginners) for Web-tier? Download and run Java Web Services Developer
Pack (Java WSDP) and its tutorial for web-tier programming (Servlet and JSP)
? Java Web Services Developer Pack Download– java.sun.com/webservices/downloads/webservicespack.html
? Java Web Services Developer Pack Tutorial– java.sun.com/webservices/downloads/webservicestutorial.ht
ml
180
Step2: How to Get Started (for Beginners) for EJB tier and Others
? Download and run J2EE 1.3.1 Reference Implementation (RI)
– In the future course, we will use Sun ONE App Server 7 Platform Edition, which is production quality and is also freely downloadable
? Study J2EE Tutorial from java.sun.com– developer.java.sun.com/developer/onlineTraining/J2EE
/Intro2/j2ee.html
12/12/2003
181
Step3: Next Step (For Intermediate J2EE Programmers)
? Leverage J2EE Blueprint ? Download and read J2EE Blueprint to learn
the best practice guidelines and design patterns
? Download and run Java Pet Store as an example of J2EE application based on best practice guidelines
– java.sun.com/blueprints/guidelines/designing_enterprise_applications_2e/index.html 182
Step4: Next Step (For Advanced J2EE Programmers) ? Try J2EE IDE of your choice. Sun ONE Studio 4 EE
has 60 day free license with bunch of sample programs you can try
? Sun ONE Studio 4 EE– wwws.sun.com/software/sundev/jde/buy/index.html
? Sun ONE Studio 4 EE tutorial– wwws.sun.com/software/sundev/jde/examples/index.html
? Other vendors also have good quality J2EE IDE's– BEA, IBM, Borland
183
Step5: Next Step (For Advanced J2EE Programmers) ? There is no shortage of quality J2EE online
resources– java.sun.com/j2ee
– www.theserverside.com
184
Step6: Next Step (For J2EE 1.4 Features) ? We will use J2EE 1.4 Beta Reference
Implementation for building J2EE applications that use 1.4 features (or we might use individually released packages)
– JAXP, JAX-RPC, JAXR, SAAJ
– JMX
– Management and Deployment
– JACC
– ...
12/12/2003
185
Next Step (For J2EE 1.4 Features) ? J2EE Application Verification Kit? EcPerf (SPECJAppServer)
186
Evolution of Web Application Frameworks
187
Evolution of MVC Architecture
1.No MVC
2.MVC Model 1
3.MVC Model 2
4.Web application framework (based on MVC Model 2)
? Struts, Sun ONE Application framework
5.Web application framework? JavaServer Faces (JSR-127)
188
Evolution of Web Application Design before MVC Model 2
Model 1 architectureNo MVC
12/12/2003
189
MVC Model 1 Architecture
Browser
JSP(Controller+View)
JavaBeans(Model)
Client Tier Middle TierEnterprise servers/Data sources
190
Why MVC Model 2 Architecture?
? What if you want to present different JSP pages depending on the data you receive?
– JSP technology alone even with JavaBeans and custom tags (Model 1) cannot handle it well
? Solution– Use Servlet and JSP together (Model 2)
– Servlet handles initial request, partially process the data, set up beans, then forward the results to one of a number of different JSP pages
191
MVC Model 2 Architecture
Browser
JSP(View)
Access to Model
Client Tier Middle Tier Enterprise servers/Data sources
Servlet(Controller)
Selection of view
192
Web Application Frameworks? Based on MVC Model 2 architecture? Web-tier applications share common set of
functionality– Dispatching HTTP requests
– Invoking model methods
– Selecting and assembling views
? Provide classes and interfaces that can be used/extended by developers
12/12/2003
193
Why Web Application Framework?
? De-coupling of presentation tier and business logic into separate components
? Provides a central point of control? Provides rich set of features? Facilitates unit-testing and maintenance? Availability of compatible tools ? Provides stability? Enjoys community-supports? Simplifies internationalization? Simplifies input validation
194
Web Application Frameworks
? Apache Struts? Sun ONE Application Framework? JavaServer Faces (JSR-127)
– Standard-based Web application framework
195
Summary &Resources
196
Summary? J2EE is the platform of choice for
development and deployment of n-tier, web-based, transactional, component-based enterprise applications
? J2EE is standard-based architecture? J2EE is all about community? J2EE evolves according to the needs of
the industry
12/12/2003
197
Resources? J2EE Home page
– java.sun.com/j2ee
? J2EE Reference Implementation– http://java.sun.com/downloads/
? J2EE Tutorial– developer.java.sun.com/developer/onlineTraining/J2
EE/Intro2/j2ee.html
? J2EE Blueprint– java.sun.com/blueprints/guidelines/designing_enter
prise_applications_2e/index.html 198
Resources? Java Web Services Developer Pack Download
– java.sun.com/webservices/downloads/webservicespack.html
? Java Web Services Developer Pack Tutorial– java.sun.com/webservices/downloads/webservicestutorial.html
? Sun ONE Studio 4 EE– wwws.sun.com/software/sundev/jde/buy/index.html
? Sun ONE Studio 4 EE tutorial– wwws.sun.com/software/sundev/jde/examples/index.html
? Sang Shin's free J2EE Programming course– www.javapassion.com/j2ee
199
Evaluation Course #ISUN2SN
12/12/2003