SlideShare uma empresa Scribd logo

Java EE Services

Abdalla Mahmoud
Abdalla Mahmoud
Tecnologia
1 de 9
Baixar para ler offline
Java EE Services 1 By: Abdalla Mahmoud . Contents Java EE Services ................................................................................. 1 Contents ........................................................................................... 1 1. Introduction ................................................................................... 3 2. Resource Management .................................................................... 3 2.1. Resource Pooling ....................................................................... 3 2.2. Activation/Deactivation Mechanism .............................................. 3 3. Java Naming and Directory Service ................................................... 3 4. Security Services ............................................................................ 4 4.1. Declarative Security .................................................................. 4 4.1. Defining a Security Domain ........................................................ 4 4.2.1. Business Components ............................................................. 5 4.2.2. Web Components ................................................................... 7 4.2.2.1. Login Page ....................................................................... 7 4.2.2.2. Error Page........................................................................ 7 4.2.2.3. Deployment Descriptor ...................................................... 8 4.2.2.4. JBoss-Specific Deployment Descriptor .................................. 8 5. Transaction Service......................................................................... 9 1. http://www.abdallamahmoud.com. 1
2
1. Introduction Java EE platform provides a mature environment for deploying enterprise components that are managed by the application server. The application is responsible for providing those components with common requirements needed in most enterprise applications. We are going to discuss some of the services provided by a typical Java EE applicaiton server. 2. Resource Management Resource management is the primary responsibility of the application server. It can manage thousands (and even millions) of objects and components without a great requirement of memory space! This is implemented by the application server using two main techniques: 2.1. Resource Pooling Resource pooling is a technique used to manage non client-specific components. A resource pool is a collection of many identical instances of the same class. When a client requests a reference to a component of a specific type, the application server returns a reference to any free component from its resource pool. The instance is reserved to the client as long as it uses it. Other clients will not get a reference to this instance and will get a reference to other instances from the instance pool until it get released. This technique can satisfies dozens of users simultaneously using a smaller number of instances, depending on the low probability of actual concurrent usage. If actual concurrent usage exceeded available instances, more instances are created and added to the pool, depending on the application server's implementation behavior. Stateless-session beans, message-driven beans, and data sources are managed using resource pooling technique. 2.2. Activation/Deactivation Mechanism Activation/Deactivation mechanism is a technique used to manage client-specific components. When a client requests a reference to a component of a specific type, the application server instantiates an object from the class and returns its reference to the client. The component is active in memory as long as the client actually uses it. If the client stopped using the component for a long period of time, the application server deactivates the component by serializing it in some persistent storage. Once the client get back using the component, the application server activates the component again by deserializing it again to the memory from the persistent storage and makes it active to resume interacting with the client. 3. Java Naming and Directory Service Resource naming is another primary responsibility of the application server. It provides an implementation to the Java Naming and Directory Service specification by Sun Microsystem, which is a system of a logical repository of names associated with references to different resources. Clients can access the service using the Java Naming and Directory Interface APIs (JNDI). 3
4. Security Services2 Security is a primary requirement in any application. It's another responsibility of the application server. Java EE uses declarative security model that can be used with Java EE components using some configurations. 4.1. Declarative Security Declarative security model introduces the concept of roles. A role is an abstract class of users. Users can be defined and associated with specific roles declaratively using configuraiton files. Services in Java EE components can be declared to be accessible only for some roles. Users should login first before using secured services. The following sections show how can we use security services using JBoss application server for both, business and web components. 4.1. Defining a Security Domain A security domain is a collection of security configurations assigned a specific name. Security domains can be defined by adding XML elements to the file C:jbossserverdefaultconflogin.config.xml as follows: file: C:jbossserverdefaultconflogin.config.xml ... <application-policy name ="foo"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties"> props/foo-users.properties </module-option> <module-option name="rolesProperties"> props/foo-roles.properties </module-option> </login-module> </authentication> </application-policy> ... </policy> Users are defined in C:jbossserverdefaultconfpropsfoo-users.properties. It's a user per-line file. Each line consist of the username followed by = and its password. 2. All written examples use JBoss-specific features. 4
file: C:jbossserverdefaultconfpropsfoo-users.properties abdalla=abdallapass ahmed=ahmedpass Roles are defined in C:jbossserverdefaultconfpropsfoo-roles.properties. It's a user/role per-line file. Each line consist of the username followed by = and its associated roles. file: C:jbossserverdefaultconfpropsfoo-roles.properties abdalla=admin ahmed=employee 4.2.1. Business Components Securing a business component is simple and straightforward. Here is a sample business component before and after securing: Before Securing file: mypackMyEJB.java package mypack ; import javax.ejb.* ; @Stateless public class MyEJB implements MyEJBRemote { public void foo() { System.out.println("foo() invoked.") ; } public void protectedMethod() { System.out.prtinln("protectedMethod() invoked!") ; } public void protectedMethod2() { System.out.prtinln("protectedMethod() invoked!") ; } } After Securing file: mypackMyEJB.java package mypack ; 5
import javax.ejb.* ; import javax.annotation.security.* ; import org.jboss.ejb3.annotation.SecurityDomain; @Stateless @SecurityDomain ("foo") public class MyEJB implements MyEJBRemote { public void foo() { System.out.println("foo() invoked.") ; } @RolesAllowed({"admin"}) public void protectedAdmin() { System.out.prtinln("protectedAdmin() invoked!") ; } @RolesAllowed({"employee"}) public void protectedEmployee() { System.out.prtinln("protectedEmployee() invoked!") ; } } Remote clients should login first before using the component, as follows: file: Client.java import javax.naming.* ; import mypack.MyEJBRemote ; import org.jboss.security.client.* ; public class Client { public static void main(String[] args) throws Exception{ SecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("abdalla", "abdallapass"); client.login(); InitialContext ctx = new InitialContext() ; MyEJBRemote r = (MyEJBRemote) ctx.lookup("MyEJB/remote") ; r.doAdmin() ; } } 6
4.2.2. Web Components Securing web components requires a login and error page, with additional declarations in the web.xml file. Here is a sample web application of two web components (protectedPage1.jsp, protectedPage2.jsp) before and after securing: 4.2.2.1. Login Page file: login.html <html> <head> <title>Login Page</title> </head> <body> <font size='5' color='blue'>Please Login</font><hr> <form action='j_security_check' method='post'> Name: <input type='text' name='j_username'> Password: <input type='password' name='j_password' size='8'/> <input type='submit' value='login'> </form> </body> </html> 4.2.2.2. Error Page file: error.html <html> <head> <title>Error!</title> </head> <body> <font size='4' color='red'> The username and password you supplied are not valid. </font> Click <a href='/webapp/login.html'>here</a> to retry login. </body> </html> 7
4.2.2.3. Deployment Descriptor file: WEB-INFweb.xml <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/ xml/ns/javaee/web-app_2_5.xsd"> <!-- Defines a security constraint element --> <security-constraint> <web-resource-collection> <web-resource-name>A Protected Page</web-resource-name> <url-pattern>/protected-page.jsp</url-pattern> <url-pattern>/protected-page2.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <!-- Defines the login mechanism --> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> </security-role> </web-app> 4.2.2.4. JBoss-Specific Deployment Descriptor The JBoss-specific deployment descriptor is used to specify's JBoss-specific configurations for the web applicaiton. It's located in WEB-INF/jboss-web.xml. We will add this file to declare the security domain associated with this web applicaiton. 8
file: WEB-INF/jboss-web.xml <?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/foo</security-domain> </jboss-web> 5. Transaction Service Transactions are required in most enterprise applications. A transaction is an atomic operation that should be performed completely. Some operations may fail to complete for some reasons, most common is exceptions. Operation may have affected state before the exception occurs, which puts the system in an illegal state. The solution is to undo all changes made in the period between starting the operation and the exception occurrence. Fortunately, all business operations are invoked within the scope of a transaction initiated by the application server. If the invocation could not be completed for a reason or another, all state manipulations will be rolled back. 9

Recomendados

Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newClaims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newRavikantChaturvedi
 
Moodle andoffice365withadfs
Moodle andoffice365withadfsMoodle andoffice365withadfs
Moodle andoffice365withadfsHeo Gòm
 
Introduction to jsf 2
Introduction to jsf 2Introduction to jsf 2
Introduction to jsf 2yousry ibrahim
 
Oracle BPM 11g Lesson 2
Oracle BPM 11g Lesson 2Oracle BPM 11g Lesson 2
Oracle BPM 11g Lesson 2Rakesh Gujjarlapudi
 
Contextual Dependency Injection for Apachecon 2010
Contextual Dependency Injection for Apachecon 2010Contextual Dependency Injection for Apachecon 2010
Contextual Dependency Injection for Apachecon 2010Rohit Kelapure
 
Lecture 8 Enterprise Java Beans (EJB)
Lecture 8 Enterprise Java Beans (EJB)Lecture 8 Enterprise Java Beans (EJB)
Lecture 8 Enterprise Java Beans (EJB)Fahad Golra
 
Actor Model Import FlexConnector for Database
Actor Model Import FlexConnector for DatabaseActor Model Import FlexConnector for Database
Actor Model Import FlexConnector for Databaseprotect724rkeer
 
Federated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPIC
Federated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPICFederated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPIC
Federated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPICJohnSmithto
 

Recomendados

Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newClaims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newRavikantChaturvedi
 
Moodle andoffice365withadfs
Moodle andoffice365withadfsMoodle andoffice365withadfs
Moodle andoffice365withadfsHeo Gòm
 
Introduction to jsf 2
Introduction to jsf 2Introduction to jsf 2
Introduction to jsf 2yousry ibrahim
 
Oracle BPM 11g Lesson 2
Oracle BPM 11g Lesson 2Oracle BPM 11g Lesson 2
Oracle BPM 11g Lesson 2Rakesh Gujjarlapudi
 
Contextual Dependency Injection for Apachecon 2010
Contextual Dependency Injection for Apachecon 2010Contextual Dependency Injection for Apachecon 2010
Contextual Dependency Injection for Apachecon 2010Rohit Kelapure
 
Lecture 8 Enterprise Java Beans (EJB)
Lecture 8 Enterprise Java Beans (EJB)Lecture 8 Enterprise Java Beans (EJB)
Lecture 8 Enterprise Java Beans (EJB)Fahad Golra
 
Actor Model Import FlexConnector for Database
Actor Model Import FlexConnector for DatabaseActor Model Import FlexConnector for Database
Actor Model Import FlexConnector for Databaseprotect724rkeer
 
Federated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPIC
Federated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPICFederated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPIC
Federated RBAC: Fortress, OAuth2 (Oltu), JWT, Java EE, and JASPICJohnSmithto
 
Spring by rj
Spring by rjSpring by rj
Spring by rjShree M.L.Kakadiya MCA mahila college, Amreli
 
Lec5 ecom fall16_modified7_november16
Lec5 ecom fall16_modified7_november16Lec5 ecom fall16_modified7_november16
Lec5 ecom fall16_modified7_november16Zainab Khallouf
 
Ejb3 Presentation
Ejb3 PresentationEjb3 Presentation
Ejb3 PresentationSaurabh Raisinghani
 
Javabeans .pdf
Javabeans .pdfJavabeans .pdf
Javabeans .pdfRajkiran Mummadi
 
EJB3 Basics
EJB3 BasicsEJB3 Basics
EJB3 BasicsEmprovise
 
IBM Connections 4.5 User Data Propagation.
IBM Connections 4.5 User Data Propagation.IBM Connections 4.5 User Data Propagation.
IBM Connections 4.5 User Data Propagation.michele buccarello
 
Custom RBAC - Can I Do That?
Custom RBAC - Can I Do That? Custom RBAC - Can I Do That?
Custom RBAC - Can I Do That? Lance Bragstad
 
Javaeetutorial6
Javaeetutorial6Javaeetutorial6
Javaeetutorial6David Rajah Selvaraj
 
Obiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsObiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsRavi Kumar Lanke
 
Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-psKrunal Shah
 
Gym Management System User Manual
Gym Management System User ManualGym Management System User Manual
Gym Management System User ManualDavid O' Connor
 
Asp interview Question and Answer
Asp interview Question and Answer Asp interview Question and Answer
Asp interview Question and Answer home
 
Java Web Programming [1/9] : Introduction to Web Application
Java Web Programming [1/9] : Introduction to Web ApplicationJava Web Programming [1/9] : Introduction to Web Application
Java Web Programming [1/9] : Introduction to Web ApplicationIMC Institute
 
Ejb3.1 for the starter
Ejb3.1 for the starterEjb3.1 for the starter
Ejb3.1 for the startershohancse
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in aspOPENLANE
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5Julie Iskander
 
Entity beans in java
Entity beans in javaEntity beans in java
Entity beans in javaAcp Jamod
 
Enable seo friendly url in websphere portal
Enable seo friendly url in websphere portalEnable seo friendly url in websphere portal
Enable seo friendly url in websphere portalmichele buccarello
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
Websphere portal theme menu framework
Websphere portal theme menu frameworkWebsphere portal theme menu framework
Websphere portal theme menu frameworkmichele buccarello
 
Servlets
ServletsServlets
ServletsAbdalla Mahmoud
 
IBM_Participation_4
IBM_Participation_4IBM_Participation_4
IBM_Participation_4Jatinder Bhola
 

Mais conteúdo relacionado

Mais procurados

Lec5 ecom fall16_modified7_november16
Lec5 ecom fall16_modified7_november16Lec5 ecom fall16_modified7_november16
Lec5 ecom fall16_modified7_november16Zainab Khallouf
 
IBM Connections 4.5 User Data Propagation.
IBM Connections 4.5 User Data Propagation.IBM Connections 4.5 User Data Propagation.
IBM Connections 4.5 User Data Propagation.michele buccarello
 
Custom RBAC - Can I Do That?
Custom RBAC - Can I Do That? Custom RBAC - Can I Do That?
Custom RBAC - Can I Do That? Lance Bragstad
 
Obiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsObiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsRavi Kumar Lanke
 
Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-psKrunal Shah
 
Gym Management System User Manual
Gym Management System User ManualGym Management System User Manual
Gym Management System User ManualDavid O' Connor
 
Asp interview Question and Answer
Asp interview Question and Answer Asp interview Question and Answer
Asp interview Question and Answer home
 
Java Web Programming [1/9] : Introduction to Web Application
Java Web Programming [1/9] : Introduction to Web ApplicationJava Web Programming [1/9] : Introduction to Web Application
Java Web Programming [1/9] : Introduction to Web ApplicationIMC Institute
 
Ejb3.1 for the starter
Ejb3.1 for the starterEjb3.1 for the starter
Ejb3.1 for the startershohancse
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in aspOPENLANE
 
Entity beans in java
Entity beans in javaEntity beans in java
Entity beans in javaAcp Jamod
 
Enable seo friendly url in websphere portal
Enable seo friendly url in websphere portalEnable seo friendly url in websphere portal
Enable seo friendly url in websphere portalmichele buccarello
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
Websphere portal theme menu framework
Websphere portal theme menu frameworkWebsphere portal theme menu framework
Websphere portal theme menu frameworkmichele buccarello
 

Mais procurados (20)

Spring by rj
Spring by rjSpring by rj
Spring by rj
 
Lec5 ecom fall16_modified7_november16
Lec5 ecom fall16_modified7_november16Lec5 ecom fall16_modified7_november16
Lec5 ecom fall16_modified7_november16
 
Ejb3 Presentation
Ejb3 PresentationEjb3 Presentation
Ejb3 Presentation
 
Javabeans .pdf
Javabeans .pdfJavabeans .pdf
Javabeans .pdf
 
EJB3 Basics
EJB3 BasicsEJB3 Basics
EJB3 Basics
 
IBM Connections 4.5 User Data Propagation.
IBM Connections 4.5 User Data Propagation.IBM Connections 4.5 User Data Propagation.
IBM Connections 4.5 User Data Propagation.
 
Custom RBAC - Can I Do That?
Custom RBAC - Can I Do That? Custom RBAC - Can I Do That?
Custom RBAC - Can I Do That?
 
Javaeetutorial6
Javaeetutorial6Javaeetutorial6
Javaeetutorial6
 
Obiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsObiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissions
 
Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-ps
 
Gym Management System User Manual
Gym Management System User ManualGym Management System User Manual
Gym Management System User Manual
 
Asp interview Question and Answer
Asp interview Question and Answer Asp interview Question and Answer
Asp interview Question and Answer
 
Java Web Programming [1/9] : Introduction to Web Application
Java Web Programming [1/9] : Introduction to Web ApplicationJava Web Programming [1/9] : Introduction to Web Application
Java Web Programming [1/9] : Introduction to Web Application
 
Ejb3.1 for the starter
Ejb3.1 for the starterEjb3.1 for the starter
Ejb3.1 for the starter
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in asp
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
 
Entity beans in java
Entity beans in javaEntity beans in java
Entity beans in java
 
Enable seo friendly url in websphere portal
Enable seo friendly url in websphere portalEnable seo friendly url in websphere portal
Enable seo friendly url in websphere portal
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 
Websphere portal theme menu framework
Websphere portal theme menu frameworkWebsphere portal theme menu framework
Websphere portal theme menu framework
 

Destaque

Introduction to Java Enterprise Edition
Introduction to Java Enterprise EditionIntroduction to Java Enterprise Edition
Introduction to Java Enterprise EditionAbdalla Mahmoud
 
Introduction to jsf2
Introduction to jsf2Introduction to jsf2
Introduction to jsf2Rajiv Gupta
 
Overview of the AngularJS framework
Overview of the AngularJS framework Overview of the AngularJS framework
Overview of the AngularJS framework Yakov Fain
 
CBSE XII Database Concepts And MySQL Presentation
CBSE XII Database Concepts And MySQL PresentationCBSE XII Database Concepts And MySQL Presentation
CBSE XII Database Concepts And MySQL PresentationGuru Ji
 

Destaque (9)

Servlets
ServletsServlets
Servlets
 
IBM_Participation_4
IBM_Participation_4IBM_Participation_4
IBM_Participation_4
 
JavaServer Pages
JavaServer PagesJavaServer Pages
JavaServer Pages
 
Persistence
PersistencePersistence
Persistence
 
Introduction to Java Enterprise Edition
Introduction to Java Enterprise EditionIntroduction to Java Enterprise Edition
Introduction to Java Enterprise Edition
 
Introduction to jsf2
Introduction to jsf2Introduction to jsf2
Introduction to jsf2
 
Overview of the AngularJS framework
Overview of the AngularJS framework Overview of the AngularJS framework
Overview of the AngularJS framework
 
CBSE XII Database Concepts And MySQL Presentation
CBSE XII Database Concepts And MySQL PresentationCBSE XII Database Concepts And MySQL Presentation
CBSE XII Database Concepts And MySQL Presentation
 
eCertificate-JAVA-2
eCertificate-JAVA-2eCertificate-JAVA-2
eCertificate-JAVA-2
 

Semelhante a Java EE Services

Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
SpringBootCompleteBootcamp.pptx
SpringBootCompleteBootcamp.pptxSpringBootCompleteBootcamp.pptx
SpringBootCompleteBootcamp.pptxSUFYAN SATTAR
 
Meteor Meet-up San Diego December 2014
Meteor Meet-up San Diego December 2014Meteor Meet-up San Diego December 2014
Meteor Meet-up San Diego December 2014Lou Sacco
 
Java secure development part 3
Java secure development part 3Java secure development part 3
Java secure development part 3Rafel Ivgi
 
Oracle Human Capital Management Setup Document
Oracle Human Capital Management Setup DocumentOracle Human Capital Management Setup Document
Oracle Human Capital Management Setup DocumentRajendra Gudla
 
Jboss Exploit
Jboss ExploitJboss Exploit
Jboss Exploitdrkimsky
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configurationAlberto Rivai
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptaljbsysatm
 
Server side programming bt0083
Server side programming bt0083Server side programming bt0083
Server side programming bt0083Divyam Pateriya
 
LvivPy - Flask in details
LvivPy - Flask in detailsLvivPy - Flask in details
LvivPy - Flask in detailsMax Klymyshyn
 
Summer industrial trainingnew
Summer industrial trainingnewSummer industrial trainingnew
Summer industrial trainingnewVignesh Ramesh
 
Spring data jpa are used to develop spring applications
Spring data jpa are used to develop spring applicationsSpring data jpa are used to develop spring applications
Spring data jpa are used to develop spring applicationsmichaelaaron25322
 
Developing Dynamic PeopleSoft Field Security Applications:A PeopleSoft Develo...
Developing Dynamic PeopleSoft Field Security Applications:A PeopleSoft Develo...Developing Dynamic PeopleSoft Field Security Applications:A PeopleSoft Develo...
Developing Dynamic PeopleSoft Field Security Applications:A PeopleSoft Develo...guest96f6c68d
 
Introduction to ejb and struts framework
Introduction to ejb and struts frameworkIntroduction to ejb and struts framework
Introduction to ejb and struts frameworks4al_com
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Abdelmonaim Remani
 

Semelhante a Java EE Services (20)

Oracle ADF Case Study
Oracle ADF Case StudyOracle ADF Case Study
Oracle ADF Case Study
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.x
 
SpringBootCompleteBootcamp.pptx
SpringBootCompleteBootcamp.pptxSpringBootCompleteBootcamp.pptx
SpringBootCompleteBootcamp.pptx
 
Struts
StrutsStruts
Struts
 
Meteor Meet-up San Diego December 2014
Meteor Meet-up San Diego December 2014Meteor Meet-up San Diego December 2014
Meteor Meet-up San Diego December 2014
 
Java secure development part 3
Java secure development part 3Java secure development part 3
Java secure development part 3
 
Oracle Human Capital Management Setup Document
Oracle Human Capital Management Setup DocumentOracle Human Capital Management Setup Document
Oracle Human Capital Management Setup Document
 
Jboss Exploit
Jboss ExploitJboss Exploit
Jboss Exploit
 
Synopsis
SynopsisSynopsis
Synopsis
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configuration
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
 
Server side programming bt0083
Server side programming bt0083Server side programming bt0083
Server side programming bt0083
 
LvivPy - Flask in details
LvivPy - Flask in detailsLvivPy - Flask in details
LvivPy - Flask in details
 
20.1 creating functions_part_20.1
20.1 creating functions_part_20.120.1 creating functions_part_20.1
20.1 creating functions_part_20.1
 
Summer industrial trainingnew
Summer industrial trainingnewSummer industrial trainingnew
Summer industrial trainingnew
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
 
Spring data jpa are used to develop spring applications
Spring data jpa are used to develop spring applicationsSpring data jpa are used to develop spring applications
Spring data jpa are used to develop spring applications
 
Developing Dynamic PeopleSoft Field Security Applications:A PeopleSoft Develo...
Developing Dynamic PeopleSoft Field Security Applications:A PeopleSoft Develo...Developing Dynamic PeopleSoft Field Security Applications:A PeopleSoft Develo...
Developing Dynamic PeopleSoft Field Security Applications:A PeopleSoft Develo...
 
Introduction to ejb and struts framework
Introduction to ejb and struts frameworkIntroduction to ejb and struts framework
Introduction to ejb and struts framework
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3
 

Último

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Último (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Java EE Services

  • 1. Java EE Services 1 By: Abdalla Mahmoud . Contents Java EE Services ................................................................................. 1 Contents ........................................................................................... 1 1. Introduction ................................................................................... 3 2. Resource Management .................................................................... 3 2.1. Resource Pooling ....................................................................... 3 2.2. Activation/Deactivation Mechanism .............................................. 3 3. Java Naming and Directory Service ................................................... 3 4. Security Services ............................................................................ 4 4.1. Declarative Security .................................................................. 4 4.1. Defining a Security Domain ........................................................ 4 4.2.1. Business Components ............................................................. 5 4.2.2. Web Components ................................................................... 7 4.2.2.1. Login Page ....................................................................... 7 4.2.2.2. Error Page........................................................................ 7 4.2.2.3. Deployment Descriptor ...................................................... 8 4.2.2.4. JBoss-Specific Deployment Descriptor .................................. 8 5. Transaction Service......................................................................... 9 1. http://www.abdallamahmoud.com. 1
  • 2. 2
  • 3. 1. Introduction Java EE platform provides a mature environment for deploying enterprise components that are managed by the application server. The application is responsible for providing those components with common requirements needed in most enterprise applications. We are going to discuss some of the services provided by a typical Java EE applicaiton server. 2. Resource Management Resource management is the primary responsibility of the application server. It can manage thousands (and even millions) of objects and components without a great requirement of memory space! This is implemented by the application server using two main techniques: 2.1. Resource Pooling Resource pooling is a technique used to manage non client-specific components. A resource pool is a collection of many identical instances of the same class. When a client requests a reference to a component of a specific type, the application server returns a reference to any free component from its resource pool. The instance is reserved to the client as long as it uses it. Other clients will not get a reference to this instance and will get a reference to other instances from the instance pool until it get released. This technique can satisfies dozens of users simultaneously using a smaller number of instances, depending on the low probability of actual concurrent usage. If actual concurrent usage exceeded available instances, more instances are created and added to the pool, depending on the application server's implementation behavior. Stateless-session beans, message-driven beans, and data sources are managed using resource pooling technique. 2.2. Activation/Deactivation Mechanism Activation/Deactivation mechanism is a technique used to manage client-specific components. When a client requests a reference to a component of a specific type, the application server instantiates an object from the class and returns its reference to the client. The component is active in memory as long as the client actually uses it. If the client stopped using the component for a long period of time, the application server deactivates the component by serializing it in some persistent storage. Once the client get back using the component, the application server activates the component again by deserializing it again to the memory from the persistent storage and makes it active to resume interacting with the client. 3. Java Naming and Directory Service Resource naming is another primary responsibility of the application server. It provides an implementation to the Java Naming and Directory Service specification by Sun Microsystem, which is a system of a logical repository of names associated with references to different resources. Clients can access the service using the Java Naming and Directory Interface APIs (JNDI). 3
  • 4. 4. Security Services2 Security is a primary requirement in any application. It's another responsibility of the application server. Java EE uses declarative security model that can be used with Java EE components using some configurations. 4.1. Declarative Security Declarative security model introduces the concept of roles. A role is an abstract class of users. Users can be defined and associated with specific roles declaratively using configuraiton files. Services in Java EE components can be declared to be accessible only for some roles. Users should login first before using secured services. The following sections show how can we use security services using JBoss application server for both, business and web components. 4.1. Defining a Security Domain A security domain is a collection of security configurations assigned a specific name. Security domains can be defined by adding XML elements to the file C:jbossserverdefaultconflogin.config.xml as follows: file: C:jbossserverdefaultconflogin.config.xml ... <application-policy name ="foo"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties"> props/foo-users.properties </module-option> <module-option name="rolesProperties"> props/foo-roles.properties </module-option> </login-module> </authentication> </application-policy> ... </policy> Users are defined in C:jbossserverdefaultconfpropsfoo-users.properties. It's a user per-line file. Each line consist of the username followed by = and its password. 2. All written examples use JBoss-specific features. 4
  • 5. file: C:jbossserverdefaultconfpropsfoo-users.properties abdalla=abdallapass ahmed=ahmedpass Roles are defined in C:jbossserverdefaultconfpropsfoo-roles.properties. It's a user/role per-line file. Each line consist of the username followed by = and its associated roles. file: C:jbossserverdefaultconfpropsfoo-roles.properties abdalla=admin ahmed=employee 4.2.1. Business Components Securing a business component is simple and straightforward. Here is a sample business component before and after securing: Before Securing file: mypackMyEJB.java package mypack ; import javax.ejb.* ; @Stateless public class MyEJB implements MyEJBRemote { public void foo() { System.out.println("foo() invoked.") ; } public void protectedMethod() { System.out.prtinln("protectedMethod() invoked!") ; } public void protectedMethod2() { System.out.prtinln("protectedMethod() invoked!") ; } } After Securing file: mypackMyEJB.java package mypack ; 5
  • 6. import javax.ejb.* ; import javax.annotation.security.* ; import org.jboss.ejb3.annotation.SecurityDomain; @Stateless @SecurityDomain ("foo") public class MyEJB implements MyEJBRemote { public void foo() { System.out.println("foo() invoked.") ; } @RolesAllowed({"admin"}) public void protectedAdmin() { System.out.prtinln("protectedAdmin() invoked!") ; } @RolesAllowed({"employee"}) public void protectedEmployee() { System.out.prtinln("protectedEmployee() invoked!") ; } } Remote clients should login first before using the component, as follows: file: Client.java import javax.naming.* ; import mypack.MyEJBRemote ; import org.jboss.security.client.* ; public class Client { public static void main(String[] args) throws Exception{ SecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("abdalla", "abdallapass"); client.login(); InitialContext ctx = new InitialContext() ; MyEJBRemote r = (MyEJBRemote) ctx.lookup("MyEJB/remote") ; r.doAdmin() ; } } 6
  • 7. 4.2.2. Web Components Securing web components requires a login and error page, with additional declarations in the web.xml file. Here is a sample web application of two web components (protectedPage1.jsp, protectedPage2.jsp) before and after securing: 4.2.2.1. Login Page file: login.html <html> <head> <title>Login Page</title> </head> <body> <font size='5' color='blue'>Please Login</font><hr> <form action='j_security_check' method='post'> Name: <input type='text' name='j_username'> Password: <input type='password' name='j_password' size='8'/> <input type='submit' value='login'> </form> </body> </html> 4.2.2.2. Error Page file: error.html <html> <head> <title>Error!</title> </head> <body> <font size='4' color='red'> The username and password you supplied are not valid. </font> Click <a href='/webapp/login.html'>here</a> to retry login. </body> </html> 7
  • 8. 4.2.2.3. Deployment Descriptor file: WEB-INFweb.xml <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/ xml/ns/javaee/web-app_2_5.xsd"> <!-- Defines a security constraint element --> <security-constraint> <web-resource-collection> <web-resource-name>A Protected Page</web-resource-name> <url-pattern>/protected-page.jsp</url-pattern> <url-pattern>/protected-page2.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <!-- Defines the login mechanism --> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> </security-role> </web-app> 4.2.2.4. JBoss-Specific Deployment Descriptor The JBoss-specific deployment descriptor is used to specify's JBoss-specific configurations for the web applicaiton. It's located in WEB-INF/jboss-web.xml. We will add this file to declare the security domain associated with this web applicaiton. 8
  • 9. file: WEB-INF/jboss-web.xml <?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/foo</security-domain> </jboss-web> 5. Transaction Service Transactions are required in most enterprise applications. A transaction is an atomic operation that should be performed completely. Some operations may fail to complete for some reasons, most common is exceptions. Operation may have affected state before the exception occurs, which puts the system in an illegal state. The solution is to undo all changes made in the period between starting the operation and the exception occurrence. Fortunately, all business operations are invoked within the scope of a transaction initiated by the application server. If the invocation could not be completed for a reason or another, all state manipulations will be rolled back. 9