Java One 2005 Technical Conference Report Web

Document Sample
Java One 2005 Technical Conference Report Web Powered By Docstoc
					      Java One 2005
Technical Conference Report
           Web
          Eben Hewitt
                Goals
• Communicate an overview of Web-
  specific technical content at Java One.
• Articulate and generate ideas for our
  enterprise platform.
        General Presentation
             Overview
•   General Sessions/Keynote overview
•   Java SE 6
•   Java EE 5
•   EJB 3.0
•   Concurrency
•   Maven
•   APT
•   Agile Methods
    Web-Specific Presentation
          Overview
•   Recap Java EE Roadmap
•   Rich UIs with AJAX and JSF
•   What's New in WebLogic 9
•   Hacking a Web Application
•   Hibernate 3
•   JavaServer Faces and Shale
•   Tapestry
•   Scripting Framework
•   Other talk overviews
     Platform Roadmap for EE
•   POJO based programming model.
•   Fewer deploy descriptors
•   Extensive annotations
•   Dependency injection
•   Annotations will map Java to XML, Java
    to DB, and simplify EJBs
 Major Features for Java EE 5
• EJB 3, JSP 2.1 (mostly EL), JavaServer
  Faces
• New Persistence API
  – One model usable in JSE/Entities
• Web Services support expanded
  – Support SOAP 1.2, Schema, WS-I (Basic
    profile, attachment profile)
• Easier Web Services (no clients,
  annotations). Ex:
  – @WebService public class Hello {}
         Status of Java EE 5
•   All Specs available now
•   Spec final draft Q305
•   Beta in Q405
•   Final Release Q106
        Project Glassfish
• Implementation of Java EE
• Can be downloaded via CVS and built
  with Maven
• See http://glassfish.dev.java.net
               AJAX
• Asynchronous JavaScript API for XML
  Rich Web Applications with
           AJAX
• Conventional apps require complete
  refresh or ActiveX, applet, Flash, etc.
• XMLHttpRequest object
  – does GET or POST
  – All browsers support it
  – Page continues to process events as XHR
    object works in background
  – Source code on java.net in the BluePrints
          AJAX Overview
• Create and object to respond to some
  DHTML event (keyup, etc)
• Set content type to “text/xml”
• Don’t need fully schema’d XML
  (<valid>true</valid> is OK).
• Clients can be set up to poll server at
  intervals.
• Doesn’t change your EE programming
  model.
        AJAX Demo

http://labs.google.com/suggest
      Use Cases for AJAX
• Refreshing data
• Realtime validation
• Auto-completion
• Server polling
• Navigate large data sets
• Show progress bar without refreshing
  surrounding HTML
• Other advanced GUI interaction
          AJAX Example
• in HttpServlet:
…{ response.setContentType(
  “text/xml”); … }
• Well suited to render CSS/JS from JSF
  components
• Develop using Firefox built in JS
  debugger
Demo Firefox Debugger
      AJAX JSF Example
• Best practice: Use PhaseListener to
  process AJAX requests, page only has
  tag reference. Example:
• <ajax:completionField id=“email”
  completionMethod=“#{myBean.complet
  eEmail}” />
• Sych state in HTML DOM and JSF
         Trade-offs for AJAX
•   Have to train developers to use it
•   Dependent on JS
•   Some source in plain view
•   Spending time ensuring browser
    support
    – Requires latest generation of browsers
• Chatty
         Future of AJAX
• AJAX-enabled JSF component libraries
• Standardization of XmlHttpRequest
• Greater support in browsers and
  frameworks
           Getting AJAX
• Studio Creator 2
• Download source from java.net, allows
  you to drag completion field onto page
• Free 180,000 word dictionary you can
  download
• http://ajax.dev.java.net
• https://bpcatalog.dev.java.net/nonav/aj
  ax/index.html
• http://weblogs.java.net/blog/gmurray71
WebLogic 9.0
      New in Web Logic 9.0
• Available NOW
• Platform 9 will follow (Portal and
  Workshop)
• Keys:
  – Enterprise-grade kernel
  – Zero downtime
  – Reliable messaging
  – SOA
  – Enhanced management & security
  – Multi-programming model interface
                WL9 Supports
• JSP 2.0
• Servlet 2.4
• SSO
    – from browsers via SAML
    – from Windows via SPNego
•   WSEE 1.1 (JSR 109/192)
•   JCA bi-di 1.5
•   JMS 1.1
•   Foreign JNDI
•   JMX 1.2
    – JMX components can now communicate across JVMs
    – So Weblogic.management.MBeanHome is deprecated
• Deployment plans through scripting tool
• EJB 2.1
    – EJB 3 via JAR (coming soon)
         JSP 2.0 Support Means
•   SimpleTag handler
•   Dynamic Attributes for any tag handler
•   JSP Property Groups
•   Configurable implicit include-prelude and
    include-code for JSP page groups
      WL9: Disruption-free
          upgrades
• Managed across a cluster
• Round-robin servers when applying
  service packs
• Whole server migrations
  – Singleton services
  – Session failover across a WAN or MAN
• Side-by-side deployment
  – same JNDI, simultaneous response
      WL9: Enterprise Kernel
•   J2EE
•   BPEL
•   Portal
•   CFML
•   Beehive
•   JFC/Swing
•   WebServices
•   Native WS
    WebLogic 9 Self-Tuning
• Workload Management
  – admins can define scheduling policies and
    constraints at domain/app/module level
• Auto thread count tuning based on
  throughput and queue size history
           WL9 Web Services
• Now supports JSR 181 Annotations:
@WebService(name=“SimplePortType”, serviceName=“SimpleService”,
   targetNamespace=http:/some.com)

@SOAPBinding(style=SOAPBinding.Style.DOCUMENT,
   use=SOAPBinding.Use.LITERAL,
   parameterStyle=SOAPBinding.ParameterStyle.WRAPPED)

@WLHttpTransport(contextPath=“simple”,
   serviceUri=“SimpleService”, portName=“SimpleServicePort”)

public class SimpleImpl {
   @WebMethod()
   public String sayHello() { return “Hello”; }
}
     WL9 Web Services Notes
• WL Ant tasks included
• Entire 8.1 WS API deprecated
• 8.1 WS will run unchanged
   WL9: JMS Enhancements
• Supports JMS 1.1
• Migrates a JMS server automatically if it
  thinks it is not in good health
• JMS resources defined as module that
  can be included in an EAR or deployed
  (no more 2-step process)
         WL9: More JMS
• MDB Batch transactions
• “Store-forward” like in Tuxedo preserves
  message ordering
  – Asynchronous store and forward between
    servers and domains in case of fault
• Faster persistence messaging
                             WL9: SOA
• Use JSR 109 or JSR 181 annotations to
  author and deploy WS
• Performance improvements
• Integrates with Enterprise Service Bus
  (AquaLogic) to provide governable
  homogenous callable services
• Flexible databinding with XMLBeans
  support
•   BEA project donated to Apache in 2003.
•   Allows Java object view of XML data without losing original structure.
•   Classes generated from schema provides all major functions of XML Schema
       WL9: Management
• Configuration and change management
• Takes advantage of instrumentation API
  in Java 5
• Auditing configuration through channels
• Totally new WLS Console now Struts
  app based on Portal
• You can add admin features for your
  own apps into Console
Demo WL 9 Console
            WL9: Diagnostics
•   WL can introspect its own health
•   Standard Logging
•   Improved JMX controls
•   Dynamic instrumentation
    – Request dyeing and context tracing, even across
      containers, even while running
• Ability to understand any entry point into
  servers (ie, RMI)
• Set watches to trigger events
• Server Image Capture
     Web Logic 9 Deployment
• Extends JSR 88 SPI with PlanGenerator
• New Directory Structure
  – Separates config files from app files:
  – /Install-Root
     • /App-Root
        – Some.ear
     • /Plan-Root
        – Plan.xml
• Applications as Domain Libraries
      Upgrading from 8.1 to 9
• Server domain upgrades Performed via
  Upgrade Wizard
• Also performs compatibility inspection of
  Java classes and identify WL APIs.
     Portal Vendors Debate
          Architecture
• BEA, Sun, Plumtree, Vignette attended
• Portlet spec never took off.
          Oracle Keynote
• Almost entirely about JSF and EJB 3
• Oracle is spending a lot of RnD on JSF
  components and donating to MyFaces
• Oracle is building a DnD tool for JSF,
  built on Eclipse
   JSF VoiceXML Render Kit
• 3 classes and a config file
• Voice browser is much like an internet
  browser, but there is a gateway, and it
  reads VoiceXML
• Vendors:
  – Voicegeni
  – TellMe Studios
  – Vocalocity
  – Cisco has them integrated with their 10S
    routers
  9 Ways to Hack a Web App
1. Unvalidated input
2. Broken Access Control
3. Broken Account/Session Management
4. Cross Site Scripting
5. Buffer overflow
6. Injection Flows
7. Improper Error Handling
8. Insecure Storage
9. DoS
    How to Address Hacks
• Load testing
• Code reviews
• Handle exceptions
• Use real Encryption with Key (not
  base64encode)
• Use only what you need instead of OOB
• Developers are not Web Masters
• Turn off all unused services
         Hacking Tools
• BRUTUS password generator
• www.hoobie.net/brutus
Demo Brutus
         JSF with Studio Creator
• Graphical CSS Editor
• DnD EJBs, Web Services, DB tables, code clips
• AJAX Component Library
    – Google Suggest
•   HTTP Monitor
•   Integrated CVS (like NetBeans)
•   Visual Portlet Creation
•   Query Editor
•   Project Manager
             Hibernate 3.0
•   Allow inheritance mappings
•   Allows filters
•   Bulk update/delete
•   Support for handwritten SQL
•   Embeddable in JBoss microcontainer,
    can use Hibernate via Mbean
Shale
     Shale: The Next Struts
• Given by David Geary and Craig
  McClanahan
• Shale assumes JSF
• This is McClanahan’s proposal for
  Struts 2.0.
• No direct connection to current versions
  of Struts
• Shale is entirely new code.
            Shale Features
WebFlow scope
• Built in remoting for AJAX
• Validator extensions with JSF components
• Spring and Tiles integration
• Parameterized subtrees
• Tapestry-like views (match IDs in tags to
  XML)
• Utils (back button abuse, JNDI simplification
          What Shale Does
• Variable resolver means you can
  reference Spring beans in faces-config
  or in JSF expressions
• Tie plain HTML elements to
  components with jsfid attribute
• You can then run in two modes (HTML
  view “.html” and Runtime view “.faces”)
• Shale is a filter, not a controller servlet
    ViewController Interface
• If you implement ViewController, you
  get services for free:
  – Dependency Injection
  – Indicates postback
  – Additional lifecycle events
     •   Init
     •   Preprocess
     •   Prerender
     •   Destroy
        Shale and Spring
• WebFlow modeled after Spring’s
  WebFlow but more intuitive
• Uses Spring beans by just adding
  shale-spring.jar
             Shale Dialogs
•   Hold state, like UML State diagram
•   Action States and View States
•   Dialogs defined in dialog-config.xml
•   Shale nav handler takes over until
    dialog is done
            Future of Shale
•   Struts is not quite dead.
•   Likely to be Struts 2.0 (it assumes JSF)
•   New Apache project
•   May be folded into MyFaces
•   May become JSF 2.0
              Shale Info
• Wiki:
  http://wiki.apache.org/struts/StrutsShale
• Page: http://struts.apache.org/shale
Tapestry
       Tapestry Overview
• Started in 2000
• Goals are: Minimal Java coding, clean
  HTML
• Component-oriented, not operation-
  oriented
• Eliminates plumbing in URLs, query
  params
          Tapestry Benefits
•   RAD
•   Easy team development
•   Easy to create new components
•   True component reuse
•   Hides Servlet API
•   Highly localized
          Tapestry is not
• Merely a template engine
• Not Struts++
• Not one-man project
 Writing Tapestry Templates
<html jwcid=“@Border”>
<form jwcid=“form@form”
  listener=“dologin”>

Uses Object Graph Navigation Library
 available at http:www.ognl.org
                  OGNL
• EL for getting and setting Java object
  properties.
• Uses:
  – as a binding language between GUI elements
    to model objects (Swing and Web)
  – A data source language to map table columns
    to a table model.
  – More expressive replacement for more
    rudimentary BeanUtils.
           Tapestry Pages
•   Extend BasicPage
•   Contains methods and Properties
•   Properties are abstract
•   Page objects are pooled, Tapestry
    writes the subclass
Scripting Use Cases in JSE 6
• Stand-alone script interpreter
• Script uses Java objects
  – Java technology extends script language
• Java application calls script engine
  – Script engine used as macro interpreter
  – Script generates web content
• Scripting Framework
         Scripting Support
• JSR 223
• javax.script package
• javax.script.http package
  – Depends on Servlet, so wait until Dolphin
               Inside Scripting
• jrunscript
   – Experimental command all-language tool.
   – scripting language independent shell
• JavaScript technology engine implementation based on
  Mozilla Rhino:
   – JavaScript for Java:
   var strArr =
     java.lang.reflect.Array.newInstance(java.
     lang.String, 5)
• A JS compiler to transform JS source into Java classes
• A shell for executing JavaScripts
• Few optional components of Rhino engine have been
  removed
• See http://www.mozilla.org/rhino
      Scripting Framework
• Manages multiple script engines in a
  registry
• Script engine discovery and
  instantiation
• Maintains state shared by script engines
              ScriptEngine
• Executes scripts
• Map script variables to application objects
• Invoke script functions through Java
  technology interface
• Implement Java technology interfaces using
  script functions
  – Rhino has no bytecode compilation; requires Java
    Adapter to implement
• Compile script to intermediate form
• Execute multiple times without recompilation
   Presentation Available at:
• M:\\JavaOne\2005
Discussion