This document provides an overview of the J2EE platform and architecture. It discusses the history of distributed computing and evolution of enterprise application development frameworks. The key aspects of J2EE covered include the APIs and technologies such as servlets, JSP, EJB, connectors, security. Benefits to developers include portability, choice of implementations, and community resources. Benefits to businesses include application portability and choice of vendors.
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
Shin J2 Ee Programming Half Day
1. 12/12/2003
J2EE Platform
TM
Sang Shin
sang.shin@sun.com
Architecture www.javapassion.com/j2ee
Technology Evangelist
Sun Microsystems, Inc.
1 2
Courses I teach Agenda
? XML (2001) ? What is J2EE?
? Distributed programming using Jini and
TM
? History of Distributed Computing
JavaSpaces technology (2002)
TM
? Evolution of Enterprise Application
? Web services programming using XML and Java TM
Development Frameworks
technology (2002) ? J2EE APIs and Technologies
? J2EE programming with Passion! (It is free!)
TM
– Servlet, JSP, EJB, Connector, J2EE Security
www.javapassion.com/j2ee ? RI, Compatibility Test Suite (CTS)
? Advanced J2EE programming with Passion! (It is ? J2EE and Web Services
free!) ? How to get started with J2EE programming
www.javapassion.com/j2eeadvanced ? Web application framework
3 4
2. 12/12/2003
Enterprise Computing
Challenges Key Products
Portability Technologie App Servers
s
Diverse Web Servers
Environments J2SE™
™
Components
Time-to-market J2EE
What is J2EE?
Databases
Core JMS
Competence Object to DB
Servlet tools
Assembly JSP
Integration Connector Legacy
XML Systems
Data Databases
Binding TP Monitors
XSLT
EIS Systems
5 6
What Is the J2EE? The Java™ 2 Platform
l Open and standard based platform for
l developing, deploying and managing
Java Technology Java Technology Workgroup High-End
l n-tier, Web-enabled, server-centric, and Enabled Devices Enabled Desktop Server Server
component-based enterprise
applications
7 8
3. 12/12/2003
The JavaTM 2 Platform What Do You Get from J2EE?
Java 2 Platform Micro Edition
(J2ME TM )
? API and Technology specifications
Optional
? Development and Deployment Platform
Packages
? Reference implementation
Optional
Packages
? Compatibility Test Suite (CTS)
Java 2 Java 2
Personal
Basis Profile
Personal
Profile
? J2EE brand
Enterprise
Edition
Standard
Edition Foundation Profile MIDP
? J2EE BluePrints
(J2EE) (J2SE) Java
CDC CLDC Card
APIs
JVM KVM CardVM
9 10
* Under development in JCP
Platform Evolution
The Network
The Network The Computer Network of
The Computer Network of
Catch
Catch Is the Computer
Is the Computer Legacy to
Legacy to Is the
Is the Embedded
Embedded Network
Network
Phrase
Phrase Objects
Objects the Web
the Web Network
Network Things
Things of Things
of Things
Scale
Scale 100s
100s 1,000s
1,000s 1,000,000s 10,000,000s 100,000,000s
1,000,000s 10,000,000s 100,000,000s 100,000,000s
100,000,000s
When/Peak
When/Peak 1984/1987
1984/1987 1990/1993
1990/1993 1996/1999 2001/2003
1996/1999 2001/2003 1998/2004
1998/2004 2004/2007
2004/2007
History of Leaf
Leaf
Protocol(s)
Protocol(s)
X
X X
X
+HTTP
+HTTP
(+JVM)
(+JVM)
+XML
+XML
Portal
Portal
+RM
+RM Unknown
Unknown
Distributed Computing Directory(s)
Directory(s)
Session
Session
NS, NS+
NS, NS+
RPC, XDR
RPC, XDR
+CDS
+CDS
+CORBA
+CORBA
+LDAP(*)
+LDAP(*)
+CORBA,
+CORBA,
+UDDI
+UDDI
+SOAP,
+SOAP,
+Jini
+Jini
+RM/Jini
+RM/Jini
+?
+?
+?
+?
RM
RM XML
XML
Schematic
Schematic
11
4. 12/12/2003
TM
Communication Patterns Communication Patterns: Java 2
Client- Web Web Hybrid
Server 3-Tier Application Services P2P Fractal Business Systems
Business Systems
DB Server
DB Server
App Server
App Server J2EE
J2EE
Web Server
Web Server
Browser
Browser J2SE/
J2SE/
Client
Client J2ME
J2ME
Web
Application
Communication Patterns: Sun ONE
Bus.
Bus.
Sys.
Sys.
Evolution of
XML
XML
DB
DB (UDDI,
(UDDI,
SOAP)
SOAP)
App
App J2EE
J2EE
Web
Web
J2SE/
J2SE/
Enterprise Application
Browser
Browser
Context and Identity
Context and Identity
J2ME
J2ME
Frameworks
(LDAP, Policy, Liberty)
(LDAP, Policy, Liberty)
Web
Service
16
5. 12/12/2003
Evolution of Enterprise Single Tier (Mainframe-based)
Application Framework
? Single tier
? Two tier
? Three tier ? Centralized model (as opposed distributed
– RPC based model)
– Remote object based ? Dumb terminals are directly connected to
? Three tier (HTML browser and Web server) mainframe
? Proprietary app server
? Presentation, business logic, and data access
are intertwined in one monolithic mainframe
? Standard app server application
17 18
Single-Tier: Pros & Cons Two-Tier
? Pros: SQL request
– No client side management is required Database
SQL response
– Data consistency is easy to achieve
? Cons:
– Functionality (presentation, data model, business logic)
intertwined, difficult for updates and maintenance and
? Fat clients talking to backend database
code reuse – SQL queries sent, raw data returned
? Presentation,Business logic and Data
Model processing logic in client
application
19 20
6. 12/12/2003
Two-Tier Three-Tier (RPC based)
? Pro:
– DB product independence (compared to single-tier model) RPC request SQL request
? Cons: RPC response SQL response
Database
– Presentation, data model, business logic are intertwined
(at client side), difficult for updates and maintenance ? Thinner client: business & data model separated
– Data Model is “tightly coupled” to every client: If DB from presentation
Schema changes, all clients break – Business logic and data access logic reside in middle
– Updates have to be deployed to all clients making System tier server while client handles presentation
maintenance nightmare ? Middle tier server is now required to handle system
– DB connection for every client, thus difficult to scale services
– Raw data transferred to client for processing causes high – Concurrency control, threading, transaction, security,
network traffic 21 persistence, multiplexing, performance, etc. 22
Three-tier (RPC based): Pros & Three-Tier (Remote Object based)
Cons
? Pro: Object request SQL request
– Business logic can change more flexibly than 2-tier Database
Object response SQL response
model
? Most business logic reside in the middle-tier server
? Cons: ? Business logic and data model captured in
– Complexity is introduced in the middle-tier server objects
– Client and middle-tier server is more tightly-coupled – Business logic and data model are now described in
(than the three-tier object based model) “abstraction” (interface language)
– Code is not really reusable (compared to object ? Object models used: CORBA, RMI, DCOM
model based) – Interface language in CORBA is IDL
23 – Interface language in RMI is Java interface 24
7. 12/12/2003
Three-tier (Remote Object based):
Pros & Cons
? Pro:
– More loosely coupled than RPC model
– Code could be more reusable
? Cons:
– Complexity in the middle-tier still need to be
addressed
25
Three-tier (Web Server based):
Pros & Cons Trends
? Pro: ? Moving from single-tier or two-tier to multi-
– Ubiquitous client types tier architecture
– Zero client management ? Moving from monolithic model to object-
– Support various client devices based application model
J2ME-enabled cell-phones
?
? Moving from application-based client to
? Cons: HTML-based client
– Complexity in the middle-tier still need to be
addressed
27 28
8. 12/12/2003
Single-tier vs. Multi-tier Monolithic vs. Object-based
Single tier Multi-tier Monolithic Object-based
l No separation among l Separation among l 1 Binary file l Pluggable parts
presentation, business presentation, business
logic, database logic, database l Recompiled, l Reusable
l Hard to maintain l More flexible to change, relinked, l Enables better
i.e. presentation can redeployed design
change without
affecting other tiers everytime there is l Easier update
a change l Implementation
can be separated
from interface
l Only interface is
published
29 30
Outstanding Issues & Solution Proprietary Solution
? Comlexity at the middle tier server still remains ? Use "component and container" model in
? Duplicate system services still need to be which container provides system services in
provided for the majority of enterprise a well-defined but with proprietary manner
applications ? Problem of proprietary solution: Vendor
– Concurrency control, Transactions
– Load-balancing, Security
lock-in
– Resource management, Connection pooling ? Example: Tuxedo, .NET
? How to solve this problem?
– Commonly shared container that handles the above
system services
– Proprietary versus Open-standard based
31 32
9. 12/12/2003
Open and Standard Solution
? Use "component and container" model in
which container provides system services in a
well-defined and as industry standard
J2EE is that standard that also provides
Why J2EE?
?
portability of code because it is based on Java
technology and standard-based Java
programming APIs
33 34
Platform Value to Developers Platform Value to Vendors
? Can use any J2EE implementation for
development and deployment ? Vendors work together on specifications and
– Use J2EE RI or Sun ONE Platform Edition which are then compete in implementations
free for development/deployment and then use – In the areas of Scalability, Performance, Reliability,
high-end commercial J2EE products for actual Availability, Management and development tools,
deployment and so on
? Vast amount of J2EE community resources ? Freedom to innovate while maintaining the
– Many J2EE related books, articles, tutorials, quality portability of applications
code you can use, best practice guidelines, design
patterns etc. ? Do not have create/maintain their own
? Can use off-the-shelf 3rd-party business proprietary APIs
components 35 36
10. 12/12/2003
Platform Value to Business
Customers
? Application portability
? Many implementation choices are possible J2EE API's &
based on various requirements
– Price (free to high-end), scalability (single CPU to
Technologies
clustered model), reliability, performance, tools, and
more
(page 14, 1st slide)
– Best of breed of applications and platforms
? Large developer pool
37 38
J2EE 1.3 APIs and Technologies
J2EE 1.4 Contents
Version
Java 2 SDK, Standard Edition 1.3 ? J2SE 1.4 (improved) ? Servlet 2.4
RMI/ IIOP 1.0 ? JAX-RPC (new) ? JSP 2.0
JDBC™ 3.0
Java Messaging Service 1.0.2b ? Web Service for J2EE ? EJB 2.1
JNDI 1.2.1
Servlet 2.3 ? J2EE Management ? JAXR
JavaServer Pages™ 1.2
JavaMail 1.2 ? J2EE Deployment ? Connector 1.5
JavaBeans™ Activation Framework 1.0.1 ? JMX 1.1 ? JACC
Enterprise JavaBeans 2.0
Java Transaction API 1.0.1 ? JMS 1.1 ? JAXP 1.2
Java Transaction Service 1.1
Connector Architecture 1.0 ? JTA 1.0 ? JavaMail 1.3
ECPerf™ 1.0 ? JAF 1.0
39 40
11. 12/12/2003
What is a Servlet?
? Java™ objects which extend the functionality
of a HTTP server
? Dynamic contents generation
? Better alternative to CGI, NSAPI, ISAPI, etc.
– Efficient
Servlet –
–
Platform and server independent
Session management
– Java-based
41 42
CGI versus Servlet Servlet vs. CGI
CGI Servlet Request CGI1
Request CGI1 Child for CGI1
Child for CGI1
l Written in C, C++, Visual l Written in Java Request CGI2 CGI
CGI
Request CGI2 Based Child for CGI2
Basic and Perl l Powerful, reliable, and Based Child for CGI2
l Difficult to maintain, efficient Webserver
Webserver
Request CGI1
non-scalable, non- l Improves scalability, Request CGI1 Child for CGI1
Child for CGI1
manageable reusability (component
l Prone to security based) Request Servlet1
Request Servlet1 Servlet Based Webserver
problems of l Leverages build-in security Servlet Based Webserver
programming language of Java programming
language Request Servlet2 Servlet1
l Resource intensive and Request Servlet2 Servlet1
inefficient l Platform independent and JVM
JVM
l Platform and portable Request Servlet1 Servlet2
Servlet2
application-specific
43 44
12. 12/12/2003
Servlets Request and
What does Servlet Do?
Response Servlet Container
? Receives client request (mostly in the form
Request
of HTTP request)
? Extract some information from the request
Browser ? Do content generation or business logic
HTTP
Request
Servlet process (possibly by accessing database,
Response invoking EJBs, etc)
Web
? Create and send response to client (mostly
Response
Server in the form of HTTP response) or forward
the request to another servlet
45 46
HTTP GET and POST
Requests and Responses ? The most common client requests
? What is a request? – HTTP GET & HTTP POST
– Information that is sent from client to a server ? GET requests:
? Who made the request
– User entered information is appended to the URL in a
? What user-entered data is sent
query string
? Which HTTP headers are sent
– Can only send limited amount of data
? What is a response? ? .../servlet/ViewCourse?FirstName=Sang&LastName=Shin
– Information that is sent to client from a server ? POST requests:
? Text(html, plain) or binary(image) data
– User entered information is sent as data (not appended
? HTTP headers, cookies, etc to URL)
47 – Can send any amount of data 48
13. 12/12/2003
First Servlet
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
Public class HelloServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
Session Tracking
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<title>First Servlet</title>");
out.println("<big>Hello Code Camp!</big>");
}
}
49 50
Why Session Tracking? Session Tracking Use Cases
? Need a mechanism to maintain state
across a series of requests from the same ? When clients at an on- line store add an
user (or originating from the same item to their shopping cart, how does
browser) over some period of time the server know what’s already in the
– Example: Online shopping cart cart?
? Yet, HTTP is stateless protocol ? When clients decide to proceed to
– Each time, a client talks to a web server, it opens checkout, how can the server determine
a new connection which previously created shopping cart is
theirs?
51 52
14. 12/12/2003
Sessions Three Session Tracking
Mechanisms
Client 1
? Cookies
server
Session 1 ? URL rewriting
Session ID 1
? Hidden form fields
? Note that these are just underlying
Client 2 Session ID 2 mechanisms and do not provide high-level
Session 2 programming APIs
53 54
What is Cookie? Cookies as Session Tracking
? Cookie is a small amount of information sent
by a servlet to a Web browser ? Advantages:
? Saved by the browser, and later sent back to – Very easy to implement
the server in subsequent requests – Highly customizable
? A cookie's value can uniquely identify a client – Persist across browser shut-downs
– So cookies are commonly used for session ? Disadvantages:
management – Often: users turn off cookies for privacy or
? A cookie has a name, a single value, and security reason
optional attributes – Not quite universal browser support
55 56
15. 12/12/2003
URL Rewriting URL Rewriting as Session
Tracking Mechanism
? URLs can be rewritten or encoded to include
session information. ? Advantages:
– Let user remain anonymous
? URL rewriting usually includes a session id
– They are universally supported(most styles)
? Session id can be sent as an added
parameter:
? Disadvantages:
– http://.../servlet/Rewritten?sessionid=688 – Tedious to rewrite all URLs
– Only works for dynamically created documents
57 58
Now Without “Session “ Session Tracking” Feature of
Tracking” Feature of Servlet Servlet
? You have to perform the following tasks yourself ? Provides higher-level API for session tracking
by using one of three session-tracking mechanisms – Built on top of Cookie or URL rewriting
– Generating and maintaining a session id for each ? Servlet container maintains
session
– internal hashtable of session id's
– Passing session id to client via either cookie or URL
– session information in the form of HttpSession
– Extracting session id information either from cookie or
URL ? Generates and maintains session id transparently
– Creating and maintaining a hashtable in which session ? Provides a simple API for adding and removing
id and session information are stored session information (attributes) to HttpSession
– Coming up with a scheme in which session information
can be added or removed
? Could automatically switch to URL rewriting if
59 cookies are unsupported or explicitly disabled 60
16. 12/12/2003
What are Java Servlet Filters? What Can a Filter Do?
? New component framework for intercepting
? Examine the request headers
and modifying requests and responses ? Customize the request object if it wishes to
– Filters can be chained and plugged in to the system modify request headers or data
during deployment time ? Customize the response object if it wishes to
? Allows range of custom activities: modify response headers or data
– Marking access, blocking access ? Invoke the next entity in the filter chain
– Caching, compression, logging ? Examine response headers after it has invoked
– Authentication, access control, encryption the next filter in the chain
– Content transformations ? Throw an exception to indicate an error in
? Introduced in Servlet 2.3 (Tomcat 4.0) 61
processing 62
How Servlet Filter Work?
Servlet Servlet
Container Filter Chain
Filter 1 Filter 2 Filter N
JSP
doFilter(
User Servlet service(
ServletRequest,
implemented container ServletRequest,
ServletResponse,
filters filter ServletResponse)63 64
FilterChain)
17. 12/12/2003
What is JSP Technology? What is JSP page?
? Enables separation of business logic from ? A text-based document capable of
presentation returning dynamic content to a client
– Presentation is in the form of HTML or browser
XML/XSLT
– Business logic is implemented as Java Beans or
? Contains both static and dynamic
custom tags content
– Better maintainability, reusability – Static content: HTML, XML
? Extensible via custom tags – Dynamic content: programming code, and
JavaBeans, custom tags
? Builds on Servlet technology
65 66
JSP Sample Code Servlets and JSP - Comparison
<html> Servlets JSP
Hello World!
<br>
<jsp:useBean id="clock" • HTML code in Java • Java-like code in HTML
class=“calendar.JspCalendar” /> • Any form of Data • Structured Text
Today is • Not easy to author a • Very easy to author a
<ul> web page web page
<li>Day of month: <%= clock.getDayOfMonth() %>
<li>Year: <%= clock.getYear() %> • Code is compiled into a
</ul> servlet
</html>
67 68
18. 12/12/2003
JSP Benefits
? Content and display logic are separated
? Simplify development with JSP, JavaBeans
and custom tags
? Supports software reuse through the use of
components
? Recompile automatically when changes are
made to the source file
Web-Tier Security
? Easier to author web pages Issues
? Platform-independent
69 70
General Security Issues Security Issues at Web-Tier
? Authentication for identity verification ? Preventing unauthorized users from
– Making sure a user is who he claims he is accessing “access controlled” web resource
– If unauthenticated user tries to access “access
? Authorization (Access control) controlled” web resource, web container will
– Making sure a resource gets access only by user who automatically ask the user to authenticate himself
as access priviledge first
– The user has to be authenticated first – Once authenticated, web container (and/or web
components) enforces access control
? Confidentiality (Privacy)
–
? Preventing attackers from changing or
Making sure nobody can read the sensitive data
while it is on the wire reading sensitive data while it is on the wire
– Data can be protected via SSL
71 72
19. 12/12/2003
HTTP Basic Authentication
? Web server collects user identification (user
name and password) through a browser
provided dialog box
? Not secure since user name and password are
HTTP Basic in “easily decode'able” form over the wire
Authentication- –
–
Encoding scheme is Base64
Someone can easily decode it
based ?
– Not encrypted
Would need SSL for encrypting password
Web tier Security 73 74
Steps for Basic Authentication- Step 1: Set up username,
based Web-tier Security passwords, and roles (Realms)
1. Set up username, passwords, and roles ? Schemes, APIs, and tools for setting up usernames,
(realms) passwords, and roles (realms) are web container
and operational environment specific
2. Tell web container that you are using Basic
– Flat-file based, Database, LDAP server
authentication
– Passwords could in encrypted or unencrypted form
3. Specify which URLs (web resources) should be ? Tomcat 4.0 can work with the following realms
access-controlled (password-protected)
– default: file, unencrypted form
4. Specify which URLs should be available only – Relational database (via JDBCRealm)
with SSL (data integrity and confidentiality – LDAP server (via LDAPRealm)
protected)
75 76
20. 12/12/2003
Example: Tomcat's default Step 2: Tell web container that you
? <install-dir>/config/tomcat-users.xml are using Basic authentication
? Unencrypted: not secure but easy to set up ? In web.xml file of your web application
and maintain <web-app>
...
<security-constraint>...</security-constraint>
<?xml version='1.0'?> <login-config>
<tomcat-users> <auth-method>BASIC</auth-method>
<role rolename="manager"/> <realm-name>realm name</realm-name>
<role rolename="employee"/> </login-config>
...
<role rolename="admin"/> </web-app>
<user username="sang" password="sangPassword"
roles="manager,employee"/>
</tomcat-users>
77 78
Step 3: Specify which URLs should Step 4: Specify which URLs should
be access-controlled be available only with SSL
<web-app> <web-app>
... ...
<security-constraint> <security-constraint>
<web-resource-collection> <web-resource-collection>
<web-resource-name>WRCollection</web-resource-name> <web-resource-name>WRCollection</web-resource-name>
<url-pattern>/loadpricelist</url-pattern> <url-pattern>/loadpricelist</url-pattern>
<http-method>GET</http-method> <http-method>GET</http-method>
</web-resource-collection> </web-resource-collection>
<auth-constraint> <auth-constraint>
<role-name>admin</role-name> <role-name>admin</role-name>
</auth-constraint> </auth-constraint>
<user-data-constraint> <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> </user-data-constraint>
</security-constraint> </security-constraint>
<login-config> <login-config>
<auth-method>BASIC</auth-method> <realm-name></realm-name> <auth-method>BASIC</auth-method> <realm-name></realm-name>
</login-config> </login-config>
... ...
</web-app> 79 </web-app> 80
21. 12/12/2003
Form-based Authentication
? Web application collects user identification
(user name, password, and other
information) through a custom login page
? Not secure since user name and password are
Form-based in “easily decode'able” form over the wire
Authentication –
–
Encoding scheme is Base64
Someone can easily decode it
based ?
– Not encrypted
Would need SSL for encrypting password
Web-tier Security 81 82
Steps for Form-based Authentication
based Web-tier Security
1.Set up username, passwords, and roles (realms)
2. Tell web container that you are using Form-based
authentication
3. Create Login page
4. Create Login failure error page
5.Specify which URLs (web resources) should be
access-controlled (password-protected)
6.Specify which URLs should be available only with
SSL (data integrity and confidentiality protected)
84
22. 12/12/2003
Step 1: Set up username, Step 2: Tell web container that you
passwords, and roles (Realms) are using Form-based authentication
? Same as in Basic-authentication ? In web.xml file of your web application
<web-app>
...
<security-constraint>...</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>realm name</realm-name>
</login-config>
...
</web-app>
85 86
Step 3: Create Login Page Step 4: Create Login Failure page
? Can be HTML or JSP page ? Can be HTML or JSP page
? Contains HTML form like following ? No specific content is mandated
<FORM ACTION="j_security_check" METHOD="POST">
…
<INPUT TYPE="TEXT" NAME="j_username">
…
<INPUT TYPE="PASSWORD" NAME="j_password">
…
</FORM>
87 88
23. 12/12/2003
Step 5: Specify which URLs should be Step 6: Specify which URLs should be
access-controlled (Same as Basic Auth) available only with SSL (Same as Basic Auth)
<web-app> <web-app>
... ...
<security-constraint> <security-constraint>
<web-resource-collection> <web-resource-collection>
<web-resource-name>WRCollection</web-resource-name> <web-resource-name>WRCollection</web-resource-name>
<url-pattern>/loadpricelist</url-pattern> <url-pattern>/loadpricelist</url-pattern>
<http-method>GET</http-method> <http-method>GET</http-method>
</web-resource-collection> </web-resource-collection>
<auth-constraint> <auth-constraint>
<role-name>admin</role-name> <role-name>admin</role-name>
<role-name>executive</role-name> </auth-constraint>
</auth-constraint> <user-data-constraint>
<user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
<transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint>
</user-data-constraint> </security-constraint>
</security-constraint> <login-config>
<login-config> <auth-method>FORM</auth-method> <realm-name></realm-name>
<auth-method>FORM</auth-method> <realm-name></realm-name> </login-config>
</login-config> ...
... </web-app>
</web-app> 89 90
Basic vs. Form-based
Authentication
Basic Form-based
• Uses “browser provided • Uses “web application
dialog box” to get provided login page” to get
username and password username and password
• Only username and • Custom data can be
password can be collected collected
• Might result in different • Can enforce consistent look
look and feel and feel
• HTTP Authentication
header is used to convey
• Form data is used to convey
username and password
EJB
•
username and password
No good way to enter a
new user name
• Can enter a new user name
via login page
(Enterprise Java Beans)
91 92
24. 12/12/2003
What is EJB Technology? Why EJB Technology?
? Cornerstone of J2EE ? Leverages the benefits of component-
? A server-side component technology model on the server side
? Easy development and deployment of ? Separates business logic from system code
Java technology-based application that ? Provides framework for portable
are: components
– Transactional, distributed, multi-tier, portable, – Over different J2EE-compliant servers
scalable, secure, … – Over different operational environments
? Enables deployment-time configuration
– Deployment descriptor
93 94
Do You Need an EJB Tier? EJB Architecture
? Yes, if you want to leverage middleware features
provided by container
– Resource management, instance life-cycle
management, concurrency control and threading
– Persistence, transaction and security management
– Messaging, scalability, availability
? Yes, if you want to build portable and reusable
business components
? Maybe not, for a simple application whose main
function is reading database tables
95 96
25. 12/12/2003
EJB Architecture Contracts Client View Contract
? Contracts are specified in EJB specification ? Client of an EJB can be
? Client view contract – Web tier components: Servlet and JSP
– Contract between client and container – Standalone Java application
– Applet
? Component contract
– Another EJB in same or different container
– Contract between an Enterprise Bean and its
Container – Web services client (in EJB 2.1)
? Provides development model for clients
using EJB services
97 98
Client View Contract (Contd.) Component Contract: What
Container does (for Beans)
? Client view contract is comprised of ? Enables EJB method invocations from clients
– Home interface ? Manage the life cycle of EJB bean instances
? For local or remote clients
?
Contains methods for creating and locating beans
? Implements home and remote interfaces
– Remote interface ? Provide persistence for CMP entity beans
? For local or remote clients ? Provide runtime context information to beans
? Contains business methods ? Manage transactions, security, exceptions, etc...
– Object identity ? Implements callbacks
– Metadata interface
– Handle
99 100
26. 12/12/2003
EJB Contracts Types of Beans
? Session Beans
– Stateful session beans
Client
Client view contract Enterprise – Stateless session beans
bean instances
? Entity Beans
EJB Component
Container contract – Bean Managed Persistence (BMP)
– Container Managed Persistence (CMP)
EJB server
? Message Driven Beans
– JMS
– JAXM
101 102
Session Beans When to Use Session
? Does work on behalf of a single client
Beans?
? Is not persistent and hence relatively short ? Use Session beans to model process or control
objects specific to a particular client.
lived
– Is removed when the EJB™ server crashes
? To model workflow, processes or tasks,
manage activities (make reservation,
? Does not represent data in data store, purchase...).
although can access/update such data ? To Coordinate processes between entity beans,
? Bean class implements control interactions of beans.
javax.ejb.SessionBean interface ? To Move business application logic from Client
to the Server Side.
103 104
27. 12/12/2003
2 Types of Session Beans Examples of Session Beans
? Stateless: execute a request and return a
result without saving any client specific ? Stateless session beans
state information
– Catalog
– transient ? No client specific state needs to be preserved
– temporary piece of business logic needed by a
– Interest calculator
specific client for a limited time span
? No client specific state needs to be preserved
? Stateful: maintains client specific state
? Business logic with no need for database access
Stateless Session bean Stateful Session bean
? Staeful session beans
State instance data – Shopping cart
? Client specific state needs to be preserved
105 106
Entity Beans Entity Beans
? Provides object view of data in data store ? Clients normally look up (find) an existing
– Its lifetime not related to the duration of entity EJB
interaction with clients – Creation means adding a row to a database table
– Lives as long as data exists in database i.e. Long – Finding means finding a row in a existing database
lived table
– In most cases, synchronized with relational ? Entity bean instance has unique identifier
databases
called primary key
? Shared access among clients
– Primary key can be any class
? Bean class implements
javax.ejb.EntityBean interface
107 108
28. 12/12/2003
Examples of Entity Beans 2 Types of Entity Beans
? Customer ? CMP (Container Managed Persistence)
– Customer data has to persist, thus is maintained – Persistence is managed by Container
in the database – Persistence requirements are specified in
– Customer data has to survive server crash deployment descriptor
– Customer data is shared by many clients – Bean developer does not have to worry about
providing persistence logic in his code
– Each customer has unique identification such as
customer number ? BMP (Bean Managed Persistence)
– Persistence logic code is provided by Bean
developer
109 110
When to Use CMP vs. BMP? Session Beans and Entity Beans
? CMP entity beans Session Beans Entity Beans
– With CMP 2.0, there is no reason not to use CMP
? Represent a business ? Represent business data
– Database independence process ? Shared instance for
– Higher performance ? One instance per client multiple clients
– Easy to develop and deploy ? Short-lived: Life of ? Long-lived: as long as
client is life of bean data in database
? BMP entity beans ? Transient ? Persistent
– More programmatic control is desired ? Doesn’t survive server ? Survive server crashes
crashes ?
Always transactional
? May be transactional
111 112
29. 12/12/2003
Entity and Session Beans—
Typical Architecture Entity and Session Beans
113 114
Message-Driven Beans (MDB)
? Acts as a consumer of asynchronous
messages
? Cannot be called directly by clients
– Activated upon message arrival
– No home or remote interface
? Clients interact with MDB by sending
messages to the queues or topics to which JMS
they are listening
(Java Message Service)
? Stateless
115 116
30. 12/12/2003
Java Message Service (JMS)
? Messaging systems (MOM) provide
– Decoupled communication
– Asynchronous communication
– Plays a role of centralized post office
? Benefits of Messaging systems
– Flexible, Reliable, Scalable communication
systems
? Point-to-Point, Publish and Subscribe Connector Architecture
? JMS defines standard Java APIs to
messaging systems
117 118
m x n Problem Before Connector
Connector Architecture Architecture
? Defines standard SPI for integrating J2EE m n
technology with EIS systems App SAP
– CICS, SAP, PeopleSoft, etc. Server1
? Before Connector architecture, each App App EIS2
server has to provide an proprietary adaptor Server2
for each EIS system App EIS3
– m (# of App servers) x n (# of EIS'es) Adaptors Server3
? With Connector architecture, same adaptor App EIS4
works with all J2EE compliant containers Server
– 1 (common to all App servers) x n (# of EIS'es)
Adaptors 119 120