Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Java EE 8 - An instant snapshot

9 726 vues

Publié le

Presented at JDK.IO (Copenhagen - January 2015)

Publié dans : Logiciels
  • http://dbmanagement.info/Tutorials/Java.htm
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Java EE 8 - An instant snapshot

  1. 1. David  Delabassee  (@delabassee)   Oracle Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.     Java  EE  8  -­‐  An  instant  snapshot JDK.IO  2015 1
  2. 2. Safe  Harbor  Statement The  following  is  intended  to  outline  our  general  product  direction.  It  is  intended  for   information  purposes  only,  and  may  not  be  incorporated  into  any  contract.  It  is  not  a   commitment  to  deliver  any  material,  code,  or  functionality,  and  should  not  be  relied  upon   in  making  purchasing  decisions.  The  development,  release,  and  timing  of  any  features  or   functionality  described  for  Oracle’s  products  remains  at  the  sole  discretion  of  Oracle. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   2
  3. 3. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Program  Agenda How  did  we  get  here?   What  do  we  want  to  do?   How  can  you  get  involved? 1 2 3 Preview  of  Java  EE  8 3
  4. 4. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Feedback  from  the  Community • Many  sources     – Users  lists  of  java.net  projects   – JIRAs   – JavaOne  2013  Java  EE  BOF  and  Java  EE  EG  meeting   – Outreach  by  evangelists   • Consolidated  into  Community  Survey 4
  5. 5. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  8  Community  Survey • 3  parts  over  3½  months   – 47  questions   – 15  fill-­‐ins   – 1000’s  of  comments   • 4500+  respondents   • Prioritization  of  most-­‐popular  features 5
  6. 6. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Community-­‐Prioritized  Features 6 http://glassfish.org/survey
  7. 7. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.                                  You  asked  for  it,  you  got  it! 7 Java  EE  8 Driven  by  Community  Feedback
  8. 8. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  8  Themes • HTML5  /  Web  Tier  Enhancements   • Ease  of  Development  /  CDI  alignment   • Infrastructure  for  running  in  the  Cloud   • Enterprise   • Java  SE  8  alignment 8
  9. 9. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  8  Themes • HTML5  /  Web  Tier  Enhancements   • Ease  of  Development  /  CDI  alignment   • Infrastructure  for  running  in  the  Cloud 9
  10. 10. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTML5  Support  /  Web  Tier  Enhancements • JSON  Binding   • JSON  Processing  enhancements   • Server-­‐sent  Events   • Action-­‐based  MVC   • HTTP/2  support 10
  11. 11. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐B Which  of  these  APIs  do  you  think  is  important  to  be  included  in  Java  EE  8?   Java  API  for  JSON  Binding 11
  12. 12. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐B • API  to  marshal/unmarshal  Java  objects  to/from  JSON   – Similar  to  JAXB  runtime  API  in  XML  world   • Default  mapping  of  classes  to  JSON   – Annotations  to  customize  the  default  mappings   – JsonProperty,  JsonTransient,  JsonNillable,  JsonValue,  … Java  API  for  JSON  Binding 12
  13. 13. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐B • Draw  from  best  practices  of  existing  JSON  binding  implementations   – Jackson,  Genson,  Gson,  EclipseLink  MOXy,  Fleece,  JSON-­‐lib,  Flexjson,  Json-­‐io,   JSONiJ,  Xstream,  etc.   • Switch  JSON  binding  providers   • Implementations  compete  on  common  ground Standard  API 13
  14. 14. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐B @Entity  public  class  Person  {      @Id  String  name;      String  gender;      @ElementCollection  Map<String,String>  phones;      ...  //  getters  and  setters   }   Person  duke  =  new  Person();   duke.setName("Duke");   duke.setGender("M");   phones  =  new  HashMap<String,String>();   phones.put("home",  "650-­‐123-­‐4567");   phones.put("mobile",  "650-­‐234-­‐5678");   duke.setPhones(phones);   Marshaller  marshaller  =  new  JsonContext().createMarshaller().setPrettyPrinting(true);   marshaller.marshal(duke,  System.out);    {          "name":"Duke",          "gender":"M",          "phones":{                "home":"650-­‐123-­‐4567",                "mobile":"650-­‐234-­‐5678"}      }       14
  15. 15. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   • All  the  way  from  client  to  database   – JSON-­‐B  will  provide  JAX-­‐RS  a  standard  way  to  support  “application/json”  media  type JSON-­‐B JPA JSON-­‐B Data   Source JSON JAX-­‐RS Java  Objects 15 JSR  367
  16. 16. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐P  1.1 Java  API  for  JSON  Processing 16 • Keep  JSON-­‐P  spec  up-­‐to-­‐date   • Track  new  standards   • Add  editing  operations  to  JsonObject  and  JsonArray   • Java  SE  8   • JSON  Big  Data
  17. 17. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐P:  Java  API  for  JSON  Processing  1.1 • JSON-­‐Pointer  –  IETF  RFC  6901   – String  syntax  for  referencing  a  JSON  value     "/0/phone/mobile" Tracking  new  standards 17
  18. 18. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐P JsonArray  contacts  =  …   JsonPointer  p  =  Json.createPointer("/0/phones/mobile");   JsonValue  v  =  p.getValue(contacts);   …   JsonArray  result  =  p.replace(contacts,  "123-­‐4567"); [    {          "name":"Duke",          "gender":"M",          "phones":{                "home":"650-­‐123-­‐4567",                "mobile":"650-­‐234-­‐5678"}},      {          "name":"Jane",          "gender":"F",          "phones":{                "mobile":"707-­‐555-­‐9999"}}   ]       18
  19. 19. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐P:  Java  API  for  JSON  Processing  1.1 • JSON-­‐Patch  –  IETF  RFC  6902   • Patch  is  a  JSON  document   – Array  of  objects  /  operations  for  modifying  a  JSON  document   – Must  have  "op"  field  and  "path"  field   – add,  replace,  remove,  move,  copy,  test        [        {"op":"replace","path":"/0/phones/mobile","value":"650-­‐111-­‐222"},        {"op":"remove","path":"/1"}    ] Tracking  new  standards 19
  20. 20. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐P [    {      "op":"replace",      "path":"/0/phones/mobile",      "value":"650-­‐111-­‐2222"},    {      "op":"remove",      "path":"/1"}   ] [    {          "name":"Duke",          "gender":"M",          "phones":{                "home":"650-­‐123-­‐4567",                "mobile":"650-­‐234-­‐5678"}},      {          "name":"Jane",          "gender":"F",          "phones":{                "mobile":"707-­‐555-­‐9999"}}   ]       20
  21. 21. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐P [    {      "op":"replace",      "path":"/0/phones/mobile",      "value":"650-­‐111-­‐2222"},    {      "op":"remove",      "path":"/1"}   ] [    {          "name":"Duke",          "gender":"M",          "phones":{                "home":"650-­‐123-­‐4567",                "mobile":"650-­‐111-­‐2222"}},      {          "name":"Jane",          "gender":"F",          "phones":{                "mobile":"707-­‐555-­‐9999"}}   ]       21
  22. 22. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐P [    {      "op":"replace",      "path":"/0/phones/mobile",      "value":"650-­‐111-­‐2222"},    {      "op":"remove",      "path":"/1"}   ] [    {          "name":"Duke",          "gender":"M",          "phones":{                "home":"650-­‐123-­‐4567",                "mobile":"650-­‐111-­‐2222"}}   ]       22
  23. 23. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐P  1.1 JSON  Query  using  Lambda  Operations JsonArray  contacts  =  ...;   List<String>  femaleNames  =  contacts.getValuesAs(JsonObject.class).stream()                                                                          .filter(x-­‐>"F".equals(x.getString("gender")))                                                                          .map(x-­‐>(x.getString("name"))                                                                          .collect(Collectors.toList()); 23
  24. 24. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSON-­‐P  1.1 JSON  Query  collecting  results  in  JsonArray JsonArray  contacts  =  ...;   JsonArray  femaleNames  =  contacts.getValuesAs(JsonObject.class).stream()                                                                                                        .filter(x-­‐>"F".equals(x.getString("gender")))                                                                                                        .map(x-­‐>(x.getString("name"))                                                                                                        .collect(JsonCollectors.toJsonArray()); 24
  25. 25. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSR  374 • Keep  JSON-­‐P  spec  up-­‐to-­‐date   • Track  new  standards   • Add  editing  operations  to  JsonObject  and  JsonArray   • Java  SE  8   • JSON  Big  Data 25 JSON-­‐P  1.1
  26. 26. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Server-­‐sent  Events Should  we  also  standardize  a  Java  API  for  server-­‐sent  events?   26
  27. 27. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Server-­‐sent  Events • Part  of  HTML5  standardization   • Server-­‐to-­‐client  streaming  of  text  data   • Media  type:  “text/event-­‐stream”   • Long-­‐lived  HTTP  connection   – Client  establishes  connection   – Server  pushes  update  notifications  to  client 27
  28. 28. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Server-­‐sent  Events • Several  possibilities:  Servlet;  WebSocket;  JAX-­‐RS;  standalone   • JAX-­‐RS  deemed  most  natural  fit   – Streaming  HTTP  resources  already  supported   – Small  extension   • Server  API:  new  media  type;  EventOutput     • Client  API:  new  handler  for  server  side  events   – Convenience  of  mixing  with  other  HTTP  operations;  new  media  type   – Jersey  (JAX-­‐RS  RI)  already  supports  SSE 28
  29. 29. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Server-­‐sent  Events @Path("tickers")   public  class  StockTicker  {        @Get  @Produces("text/event-­‐stream")        public  EventOutput  getQuotes()  {                EventOutput  eo  =  new  EventOutput();                new  StockThread(eo).start()                return  eo;        }   } JAX-­‐RS  resource  class 29
  30. 30. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JAX-­‐RS  StockThread  class class  StockThread  extends  Thread  {      private  EventOutput  eo;      private  AtomicBoolean  ab  =              new  AtomicBoolean(true);      public  StockThread(EventOutput  eo)  {            this.eo  =  eo;      }      public  void  terminate()  {            ab.set(false);      }    @Override  public  void  run()  {      while  (ab.get())  {            try  {                    //  ...                    eo.send(new  StockQuote("..."));                      //  ...            }  catch  (IOException  e)  {                    //  ...            }        }        }  } 30 Server-­‐sent  Events
  31. 31. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   WebTarget  target  =  client.target("http://example.com/tickers");   EventSource  eventSource  =  new  EventSource(target)  {        @Override        public  void  onEvent(InboundEvent  inboundEvent)  {            StockQuote  sq  =  inboundEvent.readData(StockQuote.class);            //  ...          }      };   eventSource.open(); JAX-­‐RS  Client 31 Server-­‐sent  Events
  32. 32. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Model  View  Controller  1.0    (MVC) Should  Java  EE  provide  support  for  MVC  alongside  JSF?     Is  there  any  one  de-­‐facto  standard  technology  in  this  space  to  which  we   should  look  for  inspiration? 32
  33. 33. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Model  View  Controller • Pattern  used  to  implement  a  user  interface   – Model   – View   – Controller   • Styles   – Component-­‐based   – Action-­‐based   – etc. 33
  34. 34. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Component-­‐based  MVC • A  specific  style  of  MVC  made  popular  by  component  frameworks   • Controller  provided  by  the  framework   • Examples   – JavaServer  Faces   – Wicket     – Tapestry   – Seam  (discontinued)   – Apache  Click  (retired) 34
  35. 35. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Action-­‐based  MVC • Controller(s)  defined  by  the  application   • Examples   – Struts  2   – Spring  MVC 35
  36. 36. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Compare  &  Contrast • Manual  request  parameter  processing   • No  view  kept  around   • Limited  support  for  re-­‐usable  behavior   • Developer  responsible  for  all  HTML  /   JavaScript   • No  automatic  input  conversion   • No  automatic  input  validation   • Request  centric 36 • Automatic  request  parameter  procession   • View  kept  around   • Component  libraries  that  implement  re-­‐ usable  behavior   • Components  render  HTML  /  JavaScript   • Automatic  input  conversion   • Automatic  input  validation   • Page  centric Action-­‐based  MVC                                                                                                          Component-­‐based  MVC
  37. 37. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   MVC  1.0 • Glues  together  key  Java  EE  technologies   – Model   • CDI,  Bean  Validation,  JPA   –  View   • Facelets,  JSP,  SPI?   –  Controller   • Invent  new  technology  Vs  Leverage  existing  technologies  (e.g.  JAX-­‐RS)   • Misc.   –  Programmatic  API  so  you  can  change  the  runtime  behaviour     – Type  conversion  of  form  inputs,  etc. 37 Action-­‐based  Model-­‐View-­‐Controller  architecture
  38. 38. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   MVC  1.0 38 Example <!DOCTYPE  html  PUBLIC  "-­‐//W3C//DTD  XHTML  1.0  Transitional//EN"     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-­‐transitional.dtd">   <html>        <head><title>Rough  example</title></head>        <body>                <form  action="/rough-­‐example/form1a">                        <input  id="input1"  value="#{roughExampleBean.value}"/>                        <input  id="submit"  type="submit"  value="Submit"/>                </form>        </body> </html>
  39. 39. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   MVC  1.0 39 Example @Named("roughExampleBean”) @RequestScoped public  class  RoughExampleBean  implements  Serializable  { private  String  value;        @Path(value  =  "/form1a")        public  String  form1(@Inject  HttpServletRequest  request)  {                String  input1  =  request.getParameter("inputText1");                setValue("We  set  input1  manually  to  -­‐  "  +  input1);                return  "/form1b";        }        //…  omitted  getter/setter  methods  … }
  40. 40. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Servlet  API A  real  life  example 40 index.html style1.css .   .   .   script1.js pic1.jpg photo1.png styleX.css scriptX.js picX.jpg photoX.png .   .   .   .   .   .   .   .   .  
  41. 41. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP  1.1 Head-­‐of-­‐Line  blocking 41 Client Server index.html index.html style1.css   style2.css   script1.js   ... style1.css   style2.css   script1.js   ...
  42. 42. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP  1.1 42 • Open  multiple  TCPs  sockets   – Browser  limit  themselves  to  6  sockets   – =  6  sockets  per  client  X  #  connections   • Inefficient  use  of  sockets   • Doesn’t  solve  the  issue! Workaround  -­‐  ‘HoLB’  
  43. 43. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP  1.1 Issue 43 • Modern  web  page  now  consists  of  more  than  90  resources  fetched   from  15  distinct  hosts   – http://httparchive.org   • Shoving  more  than  one  logical  file  into  one  physical  file   – TCP  Efficiency  Improves  with  Larger  Files   • File  Concatenation  and  Image  Sprites
  44. 44. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP  1.1 Workaround  -­‐  Image  Sprites 44
  45. 45. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP  1.1 Workaround  -­‐  Asset  inlining 45 …   <img  src="data:image/gif;base64,R0lGODlhEAAOexs3eeALMAAOazToeHh0tLS/ 7LZv0jvb29tf3Ubge8WSLrhf3kdbW1mxsjkhfkjfhGHhcjGDSHJUYgJvhgtyrHgfGfHy t56HGfGH56ge8WSLf6GGHhfkjfhhfkjfhpBREzxvt6QAA4lsjkhfkjfhdxwqBnuIoYty GhBKoOjJj6GGHvvhdsbxus38GV3pBREzxvt6QAA4lsjkhfkjfhdxwqBnuIoYtyGhBKoO jJj6GGHvvhdsbxus38GV3vvhdsbxusbasbPmfyH5BAAAjAAAALAAfhGHhcjAAAAQAA4l sjkhfkjfhGHhcjGDSHJUYgJvhgtyrHgfhfkjfhpBREzxvt6QAA4lsjkhfkjfhdxwqBnu IoYtyGhBKoOjJj6GGHvvhdsbxus38GV3GfHyt56HGfGH56ge8WsjkhfkjfhGHhcjGDSH JUYgJvhgtyrHgfGfHyt56HGfGH56gebxus38G8WSLf6GGHvvhdsbxusbaSLf6GGHvvhd sbxusbaOiQA4lsjkhfkjf4lsjkhfkjf4lsjbxus38GkhfkjfhfkjfhpBREzxvt6QAA4l sjkhfkjfhdxwqBnuIoYtyGhBKoOjJj6GGHvvhdsbxus38GV3DcPjjBceXsplojj…”  />   …
  46. 46. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP  1.1 Workaround  -­‐  Domain  Sharding 46
  47. 47. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP  1.1  circa  1999 47 • HTTP  uses  TCP  poorly   - HTTP  flows  are  short  and  bursty   - TCP  was  built  for  long-­‐lived  flows   • Solutions   – Sprites   – Domain  sharding   – Assets  Inlining   – File  concatenations   – … Problems  Vs  Solutions
  48. 48. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP/2 HTTP/2  submitted  to  IETF  RFC  Editor   • Reduce  latency   • Address  the  HOL  blocking  problem   • Support  parallelism  (without  requiring  multiple  connections)   • Retain  semantics  of  HTTP  1.1   • Define  interaction  with  HTTP  1.x Address  the  Limitations  of  HTTP  1.x 48
  49. 49. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP/2 • Request/Response  multiplexing  over  single  connection   – Fully  bidirectional   – Multiple  streams   • Binary  Framing   • Upgrade  from  HTTP  1.1   • Header  Compression   • Stream  Prioritization   • Server  Push 49 POST  /upload  HTTP/1.1   Host:  www.test.com   Content-­‐Type:  application/json   Content-­‐Length:  15   {“name”:“duke”} HTTP  1.1 HTTP/2 HEADERS  frame DATA  frame
  50. 50. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP/2 Header  Compression 50
  51. 51. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   HTTP/2 Server  Push /index.html  :  stream  1   /style.css  :  stream  2   /script.js  :  stream  4 Client Server stream  1   HEADERS stream  1   FRAME  x stream  2   PROMISE stream  4   PROMISE 51
  52. 52. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Servlet  4.0 • Request/response  multiplexing   – Servlet  Request  as  HTTP/2  message   • Stream  prioritization   – Add  stream  priority  to  HttpServletRequest   • Server  push   • Binary  framing   • Upgrade  from  HTTP  1.1 HTTP/2  Features  in  Servlet  API 52
  53. 53. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JSF  2.3 • CDI  Alignment   – @Inject  FacesContext,  ExternalContext,  etc.   – Rely  on  CDI  for  EL  resolving   – CDI  managed  versions  of  Validator  and  Converter   – Invoking  CDI  managed  bean  methods  directly  from  Ajax,  etc.   • “Adjustments”  for  MVC   – Facelets,  JSF  scopes,  etc.   • Misc.   – Multi-­‐field  validation,  etc. 53
  54. 54. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  8  Themes • HTML5  /  Web  Tier  Enhancements   • Ease  of  Development  /  CDI  alignment   • Infrastructure  for  running  in  the  Cloud 54
  55. 55. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Ease  of  Development  /  CDI  Alignment   • Simplified  messaging  through  CDI-­‐based  “MDBs”   • JAX-­‐RS  injection  alignment   • WebSocket  scopes   • Pruning  of  EJB  2.x  client  view  and  IIOP  interoperability   • Security  interceptors   • … 55
  56. 56. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Security  Simplifications  /  CDI  Alignment Should  we  consider  adding  Security  Interceptors  in  Java  EE  8?   Should  we  simplify  authorization  by  introducing  an  EL-­‐enabled  authorization   annotation? 56
  57. 57. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 @IsAuthorized("hasRoles('Manager')  &&  schedule.officeHrs")   void  transferFunds()   @IsAuthorized("hasRoles('Manager')  &&  hasAttribute('directReports',  employee.id)")   double  getSalary(long  employeeId);   @IsAuthorized(ruleSourceName="java:app/payrollAuthRules",  rule="report")   void  displayReport(); Authorization  via  CDI  Interceptors 57
  58. 58. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JMS  2.1 • Alternative  to  EJB  message-­‐driven  beans   • Simpler  JMS-­‐specific  annotations   • Usable  by  any  CDI  bean   • No  need  for  MessageListener  implementation New  API  to  receive  messages  asynchronously 58
  59. 59. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JMS @MessageDriven(activationConfig  =  {      @ActivationConfigProperty(propertyName="connectionFactoryLookup",  propertyValue="jms/myCF"),      @ActivationConfigProperty(propertyName="destinationLookup",  propertyValue="jms/myQueue"),      @ActivationConfigProperty(propertyName="destinationType",  propertyValue="javax.jms.queue")})   public  class  MyMDB  implements  MessageListener  {        public  void  onMessage(Message  message)  {                //  extract  message  body                String  body  =  message.getBody(String.class));                //  process  message  body        }   }     JMS  MDBs  Today 59
  60. 60. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   JMS  2.1 @RequestScoped   public  class  MyListenerBean  {        @JMSListener(destinationLookup="jms/myQueue")        @Transactional        public  void  myCallback(Message  message)  {        ...        }   } Allow  any  Java  EE  bean  to  be  a  listener 60
  61. 61. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   • Modularity   • Java  SE  support   • Enhanced  Events   • Misc.   – AOP   – SPI   – Interceptors  and  Decorators  enhancements   – Cleaning   61 CDI  2.0
  62. 62. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   CDI  2.0 • Add  new  features  to  CDI  without  bloating  the  specification   • “Sub  specification”(aka  “parts”)  that  can  be  used  independently   • Will  help  CDI  adoption   • 3  parts   – CDI  Light,  DI  only  &  events   – Full  CDI   – Full  CDI,  with  Java  EE  integration 62 Modularity
  63. 63. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   CDI  2.0 • Boost  CDI  adoption   • Provide  a  mean  of  building  new  stack  out  of  Java  EE   • Add  SPI  for  integration  with  standard  services   – JPA   – JAX-­‐RS   – etc.   63 Java  SE  Support
  64. 64. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   CDI  2.0 • Asynchronous  Events   • Event  Ordering   • Event  Range 64 Enhanced  Events
  65. 65. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   65 public  class  ProducerClass  {     @Inject  Event<SomeEvent>  someEvent;     public  void  someMethod(...)  {       ...       someEvent.fire(myEvent);     }   } CDI  2.0 Asynchronous  Events public  class  AnotherClass  {              public  void  someObserver(@Observes  SomeEvent  someEvent)  {        ...              }   } public  class  AsynchProducerClass  {                    @Inject  Event<Payload>  someEvent;            public  void  anotherMethod()  {                    someEvent.fireAsync(new  Payload(),                            callBack  -­‐>  System.out.println("Done!));            }   }
  66. 66. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   66 CDI  2.0 Events  Ordering public  void  importantObserver(@Observes  @Priority(1)  Payload  pld)   {   ...   }   public  void  anotherObserver(@Observes  @Priority(2)  Payload  pld)   {   ...   }
  67. 67. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Pruning Should  we  prune  EJB  2.x  remote  and  local  client  view  (EJBObject,  EJBLocalObject,   EJBHome,  and  EJBLocalHome  interfaces)?   Should  we  prune  CORBA,  including  support  for  interoperability  by  means  of  IIOP? Candidates  for  Proposed  Optional  status 67
  68. 68. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  8  Themes • HTML5  /  Web  Tier  Enhancements   • Ease  of  Development  /  CDI  alignment   • Infrastructure  for  running  in  the  Cloud 68
  69. 69. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Modernize  the  Infrastructure • Java  EE  Management  2.0   – REST-­‐based  APIs  for  Management  and  Deployment   • Java  EE  Security  1.0   – Authorization   – Password  Aliasing   – User  Management   – Role  Mapping   – Authentication   – REST  Authentication For  On-­‐Premise  and  for  in  the  Cloud 69
  70. 70. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Management  and  Deployment  APIs Should  we  define  new  APIs  to  deploy  and  manage  applications?   Should  such  new  Deployment  and  Management  APIs  be  REST  APIs  or  JMX  APIs? 70
  71. 71. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Management  2.0 • Update  to  JSR  77  (“J2EE  Management”)   • REST-­‐based  interfaces  to  augment  (or  replace)  current  Management  EJB   APIs   – Currently  used  OBJECT_NAME  to  become  URL   – Define  CRUD  operations  over  individual  managed  objects   – Server-­‐sent  events  used  for  event  support   • Simple  deployment  interfaces  also  to  be  considered  as  part  of   management  API 71
  72. 72. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 Candidate  Areas  to  Enhance  Portability,  Flexibility,  Ease-­‐of-­‐Use • Password  Aliasing   • User  Management   • Role  Mapping   • Authentication   • REST  Authentication   • Authorization 72
  73. 73. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 Enhance  Portability,  Flexibility,  Ease-­‐of-­‐Use Should  we  add  support  for  password  aliases  (including  the  ability  to   provision  credentials  along  with  the  application)?   73
  74. 74. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 Password  Aliasing • Standardized  syntax  for  password  aliases   – Avoids  storing  passwords  in  clear  text  in  code,  deployment  descriptors,  files                  @DataSourceDefinition(                                              name="java:app/MyDataSource",                                              className="com.example.MyDataSource",                                              ...                                            user="duke",                                              password="${ALIAS=dukePassword}")   • Standardized  secure  credentials  archive  for  bundling  alias  and  password   with  App   – Used  by  platform  as  credential  store  for  resolving  alias 74
  75. 75. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 Enhance  Portability,  Flexibility,  Ease-­‐of-­‐Use Should  we  standardize  on  requirements  for  simple  security  providers  and   their  configuration?   75
  76. 76. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 User  Management • Allow  application  to  manage  its  own  users  and    groups   – Without  need  to  access  server  configuration   • Users  stored  in  application-­‐specified  repository  (e.g.  LDAP)   • User  service  manipulates  users  from  user  source     App   LDAP UserInfo UserService LDAP   UserSource 76
  77. 77. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 User  Management • UserSourceDefinition   • UserService   – Create/delete  users,  create/delete  groups,  add  user  to  group,  load  UserInfo  by  user   name;  etc…   • UserInfo   – get  user  name,  password,  get  user’s  roles,  get  user’s  attributes,  … 77
  78. 78. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 User  Management @LdapUserSourceDefinition(      name="java:app/ldapUserSource",      ldapUrl="ldap://someURL",      ldapUser="ElDap",      ldapPassword="${ALIAS=LdapPW}",      ...   )   public  class  MyAuthenticator  {      @Resource(lookup="java:app/ldapUserSource")      private  UserService  userService;      private  boolean  isAccountEnabled(String  username)  {          return  userService.loadUserByUsername(username).isEnabled();      }      ...   } 78
  79. 79. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 Enhance  Portability,  Flexibility,  Ease-­‐of-­‐Use Should  we  standardize  group-­‐to-­‐role-­‐mapping?   79
  80. 80. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 Role  Mapping • Standardize  role  service   – Role  mappings  can  be  stored  in  app-­‐specified  repository  (e.g.  LDAP)   – Application  can  assign  roles  to  users  and  groups,  based  on  application-­‐specific  model   – Without  need  to  access  server  configuration App   LDAP RoleService LDAP   RoleMapper 80
  81. 81. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  Security  1.0 Role  Mapping • RoleMapperDefinition   – DataSource,  Ldap,  Memory/File,  Custom,  predefined   • RoleService   – grant/revoke  roles  for  user/group,  get  roles  for  user/group,  ...     @Resource(lookup="java:app/devRoleMapper")     RoleService  roleService;     List<String>  getRoles(String  username)  {                return  roleService.getRolesForUser(username);     }     ... 81
  82. 82. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  8  Themes • HTML5  /  Web  Tier  Enhancements   • Ease  of  Development  /  CDI  alignment   • Infrastructure  for  running  in  the  Cloud   • Enterprise   • Java  SE  8  alignment 82
  83. 83. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Java  EE  8  JSRs • Java  EE  8  Platform  (JSR  366)   • CDI  2.0  (JSR  365)   • JSON  Binding  1.0  (JSR  367)   • JMS  2.1  (JSR  368)     • Java  Servlet  4.0  (JSR  369)     • JAX-­‐RS  2.1  (JSR  370)   • MVC  1.0  (JSR  371)     • JSF  2.3  (JSR  372)   • Java  EE  Management  2.0  (JSR  373)   • JSON-­‐P  1.1  (JSR  374)   • Java  EE  Security  1.0  (JSR  375) So  far….. 83
  84. 84. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   And  More  to  Follow… • Bean  Validation   • EL     • Concurrency  Utilities   • Connector  Architecture   • WebSocket   • Interceptors   • JPA   • EJB   • JTA   • JCache   • Batch   • JavaMail   • … 84
  85. 85. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Roadmap • Tentative  Delivery  Schedule   – Q3  2014:  JSR  369  Expert  Group  formed   – Q1  2015:  early  draft   – Q3  2015:  public  review   – Q4  2015:  proposed  final  draft   – Q3  2016:  final  release   • TBC!   • Contribute! 85
  86. 86. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Transparency • Our  Java  EE  8  JSRs  run  in  the  open  on  java.net   – http://javaee-­‐spec.java.net   – One  project  per  JSR  –  jax-­‐rs-­‐spec,  mvc-­‐spec,  servlet-­‐spec,…   • Publicly  viewable  Expert  Group  mail  archive   – Users  observer  lists  gets  all  copies   • Publicly  accessible  issue  tracker  /  JIRA     • Publicly  accessible  download  area   • … Commitment  to  JCP  transparent  processes 86
  87. 87. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Adopt  A  JSR  for  Java  EE  8 • Make  Java  EE  8  the  most  community  driven  platform  to  date!   - Share  ideas  and  feedback  (e.g.  fill  issues)   - Follow  EG  discussions,  chime  in   - Read  early  versions  of  specifications,  Javadocs   - Write  apps  using  early  RI  builds   - Write,  speak  about  the  technology   - Encourage  others  to  participate,  etc.   • http://glassfish.org/adoptajsr 87
  88. 88. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   GlassFish http://glassfish.org Java  EE  Reference  Implementation 88
  89. 89. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   How  to  Get  Involved • Join  an  Expert  Group   – http://javaee-­‐spec.java.net   • Adopt  a  JSR   – http://glassfish.org/adoptajsr   • The  Aquarium   – http://blogs.oracle.com/theaquarium   • Java  EE  Reference  Implementation   – http://glassfish.org 89
  90. 90. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   Tak! 90
  91. 91. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.   91

×