Servlet 3.1

1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.


Servlet 3.1 John Clingan, Principal Product Manager


The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Agenda

•  Servlet 3.0 recap •  Servlet 3.1 Overview • NIO API •  Protocol Upgrade •  Security • Resources


Servlet 3.0 recap •  Part of Java EE 6 •  Focused on

– Ease-of-Development – Pluggability – Asynchronous support – Dynamic registration of servlets, filters and listeners – Security enhancements

•  Adoption – GlassFish 3.x, Tomcat 7, JBOSS, Caucho, IBM, Weblogic


Servlet 3.0 recap

•  Annotations to declare – Servlets –  Filters –  Listeners – Security

• Defaults for attributes of annotations

Ease of Development


Example @WebServlet( urlPatterns = {“/foo”} ) public class SimpleSample extends HttpServlet {

public void doGet(HttpServletRequest req, HttpServletResponse res) {

} }


Servlet 3.0 recap

• Drag-and-drop model • Web frameworks as fully configured libraries • Contain “fragments” of web.xml • META-INF/web-fragment.xml •  Extensions can register servlets, filters, listeners

dynamically •  Extensions can also discover and process annotated

classes

Pluggability


Servlet 3.0 recap

•  Bundle static resources and jsps in a jar that can be re-used

•  Look for ready-to-use frameworks, libraries • Re-factor your libraries into re-usable, auto-configured

frameworks

Using pluggability


Agenda



The content described in the following slides are subject to change based on expert group discussions


JAVA EE 7 THEME: CLOUD / PAAS

Java EE 7 platform to be ready for the cloud


Java EE 7 PaaS support

•  Provide customers and users ability to leverage cloud environments

•  Enable multi-tenancy – One application instance per tenant – Mapping to tenant done by container –  Isolation between applications

• Define metadata for services


Servlet 3.1

•  Align with Java EE 7 for cloud support –  For web container there will a virtual server mapping per tenant –  Ability to load custom web resources per tenant –  Use the services exposed in Java EE 7

•  Scale –  Expose NIO2 API

•  Support newer technologies that leverage http protocol for the initial handshake –  Support general upgrade mechanism for protocols like WebSocket

•  Security enhancements

Feature set


Agenda



Expose NIO API

•  Add two listeners: ReadListener, WriteListener •  Add two interfaces:

– AsyncIOInputSource with abstract classes ServletInputStream, ServletReader

– AsyncIOOutputSink with abstract classes ServletOutputStream, ServletWriter

•  Add APIs to ServletRequest, ServletResponse

Overview: NonBlocking IO


Expose NIO API

public interface ReadListener extends EventListener {

public void onDataAvailable(ServletRequest request);

public void onAllDataRead(ServletRequest request);

public void onError(Throwable t); }

javax.servlet.ReadListener


Expose NIO API

public interface WriteListener extends EventListener {

public void onWritePossible(ServletResponse response);

public void onError(Throwable t); }

javax.servlet.WriteListener


Expose NIO API

public interface AsyncIOInputSource {

public int dataAvailable();

public boolean isFinished();

public isReady(); }

javax.servlet.AsyncIOInputSource


Expose NIO API ServletInputStream, ServletReader

InputStream

ServletInputStream

Reader

ServletReader AsyncIOInputSource


Expose NIO API

public interface AsyncIOOutputSink {

public boolean canWrite(int size);

public void complete(); }

javax.servlet.AsyncIOOutputSink


Expose NIO API NIOOutputStream, NIOWriter

OutputStream

ServletOutputStream

Writer

ServletWriter AsyncIOOutputSink


Expose NIO API

•  ServletRequest – Public ServletInputStream getServletInputStream() – Public ServletReader getServletReader() –  public void addListener(ReadListener listener)

•  ServletResponse – Public ServletOutputStream getServletOutputStream() – Public ServletWriter getServletWriter() –  public addListener(WriteListener listener)

ServletRequest, ServletResponse


Expose NIO API

public class NIOSampleServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) { request.addListener(new ReadListener() { public void onDataAvailable(ServletRequest request) { ServletInputStream nis = request.getServletInputStream(); try { nis.read(new byte[nis.dataAvailable()]); … }

Sample Usage


Expose NIO API

public void onAllDataRead(ServletRequest request) { try { request.getServletInputStream().close(); …. }

public void onError(Throwable t) { … } });

final byte[] b = new byte[100]; ….

Sample Usage (cont’d)


Expose NIO API

•  response.addListener(new WriteListener() { public void onWritePossible(ServletResponse response) { AsyncIOOutputStream nos = response.getAsyncIOOutputStream(); try {

nos.write(b); nos.complete(); …

}

public void onError(Throwable t) { … } }); } }

Sample Usage (cont’d 2)


Expose NIO API

• Discussion with expert group on alternate approach • Use NIO 2 approach


Program Agenda



Upgrade

• HTTP 1.1 • Connection •  Transition to some other, incompatible protocol •  For example,

Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9


Upgrade

•  Protocol: IETF •  API: W3C (JavaScript) •  Bi-directional, full-duplex / TCP

Example: WebSocket


Upgrade

WebSocket Example •  GET /chat HTTP/1.1

Host: server.example.com Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Origin: http://example.com Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13

•  HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= Sec-WebSocket-Protocol: chat


Upgrade

Servlet

ProtocolHandler

HTTP Request

…. upgrade(…);


Agenda



Security Enhancement

• Made good progress in Servlet 3.0 • Continue from where we left off •  Include support for preventing against CSRF •  Provide an easy way to support denying all unlisted http

methods •  Encoding / escaping support to prevent XSS


Align with other Java EE JSRs

•  Integrate with Concurrency Utilities for Java EE – Utilize it Async programming model

•  Align with CDI •  Align with Bean Validation •  Align with Jcache (JSR 107)


Transparency •  High level of transparency for all Java EE JSRs •  Use java.net project to run our JSRs in the open

– One java.net project per specification •  Publicly viewable Expert Group mailing list archive •  Users observer list gets copies of all emails to the EG •  Download area •  JIRA for issue tracking •  Wiki and source repository at EG’s discretion •  JCP.org private mailing list for administrative / confidential info


Agenda



Webtier related projects

•  https://servlet-spec.java.net •  http://jcp.org/en/jsr/summary?id=340 • [email protected]

–  For users of GlassFish webtier


Tokyo 2012

April 4–6, 2012


Q&A



Date post:	11-May-2015
Category:	Technology
Upload:	arun-gupta
View:	7,649 times
Download:	3 times

Servlet 3.1

Technology