SlideShare uma empresa Scribd logo

What's New in Servlet 3.1: Non-blocking IO, Protocol Upgrade, Security

S
Shing Wai Chan

This document outlines the key features of Servlet 3.1 including non-blocking I/O, protocol upgrades, and security enhancements. It discusses how Servlet 3.1 introduces APIs for asynchronous and non-blocking I/O using read and write listeners. It also covers how protocol upgrades allow servlets to upgrade HTTP connections to other protocols like WebSocket. The document reviews new security features like changing the session ID on authentication to prevent fixation attacks.

Tecnologia
1 de 51
Baixar para ler offline
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.1
What’s New in JSR 340, Servlet 3.1? Shing Wai Chan Rajiv Mordani Session ID: CON 4854
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.3 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.4 Program Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security enhancements §  Miscellaneous features §  Resources
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.5 Servlet 3.1 Overview §  FINAL: Part of Java EE 7 §  Upgrade from Servlet 3.0 §  Scalability –  Expose Non-blocking IO API §  Support newer technologies that leverage HTTP protocol for the initial handshake –  Support general upgrade mechanism for protocols like WebSocket §  Security enhancements
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.6 Program Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security enhancements §  Miscellaneous features §  Resources
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.7 Non-blocking IO public class TestServlet extends HttpServlet protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { ServletInputStream input = request.getInputStream(); byte[] b = new byte[1024]; int len = -1; while ((len = input.read(b)) != -1) { … } } } Traditional IO Example
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8 Non Blocking IO §  Add two new interfaces: ReadListener, WriteListener §  Add APIs to ServletInputStream, ServletOutputStream §  For asynchronous and upgrade only Overview
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9 Non-blocking IO public interface ReadListener extends EventListener { public void onDataAvailable() throws IOException; public void onAllDataRead() throws IOException; public void onError(Throwable t); } javax.servlet.ReadListener
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.10 Non-blocking IO public interface WriteListener extends EventListener { public void onWritePossible() throws IOException; public void onError(Throwable t); } javax.servlet.WriteListener
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.11 Non-blocking IO §  javax.servlet.ServletInputStream –  public abstract boolean isFinished() –  public abstract boolean isReady() –  public abstract void setReadListener(ReadListener listener) §  javax.servlet.ServletOutputStream –  public abstract boolean isReady() –  public abstract setWriteListener(WriteListener listener) ServletInputStream, ServletOutputStream
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.12 Non-blocking IO public class TestServlet extends HttpServlet { protected void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { AsyncContext ac = req.startAsync(); … ServletInputStream input = req.getInputStream(); ReadListener readListener = new ReadListenerImpl(input, output, ac); input.setReadListener(readListener); } } Example
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.13 Non-blocking IO public class ReadListenerImpl implements ReadListener { … public void onDataAvailable() throws IOException { … int len = -1; byte b[] = new byte[1024]; while ((len = input.read(b)) != -1) { … } } public void onAllDataRead() throws IOException { … } public void onError(final Throwable t) { … } } Example (cont’d): Quiz
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.14 Non-blocking IO public class ReadListenerImpl implements ReadListener { … public void onDataAvailable() throws IOException { … int len = -1; byte b[] = new byte[1024]; while (input.isReady() && (len = input.read(b)) != -1) { … } } public void onAllDataRead() throws IOException { ac.complete(); } public void onError(final Throwable t) { … } } Example (cont’d 2): Answer
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.15 Non-blocking IO public class TestServlet2 extends HttpServlet { protected void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { AsyncContext ac = req.startAsync(); … ServletOutputStream output = req.getOutputStream(); WriteListener writeListener = new WriteListenerImpl(output, ac); output.setWriteListener(writeListener); } } Example 2
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.16 Non-blocking IO public class WriteListenerImpl implements WriteListener { … public void onWritePossible() throws IOException { … int len = -1; byte b[] = new byte[1024]; while (output.isReady()) { … } … } public void onError(final Throwable t) { … } } Example 2 (cont’d)
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.17 Program Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security Enhancements §  Miscellaneous §  Resources
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.18 Protocol Upgrade §  HTTP 1.1 (RFC 2616) §  Connection §  Transition to some other, incompatible protocol –  For examples, IRC/6.9, Web Socket HTTP Upgrade
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.19 Protocol Upgrade §  Originally proposed as part of HTML5 §  IETF-defined Protocol: RFC 6455 –  Handshake –  Data Transfer §  W3C defined JavaScript API –  Candidate Recommendation, 2012-09-20 §  Bi-directional, full-duplex / TCP Example: WebSocket
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.20 Client GET /chat HTTP/1.1 Host: server.example.com Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Origin: http://example.com Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 Protocol Upgrade Server HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= Sec-WebSocket-Protocol: chat WebSocket Example
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.21 Protocol Upgrade §  Add API to HttpServletRequest §  Add two new interfaces –  javax.servlet.http.HttpUpgradeHandler –  javax.servlet.http.WebConnection §  Can use non-blocking IO API in upgrade Overview
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.22 Protocol Upgrade §  New interface javax.servlet.http.HttpUpgradeHandler –  void init(WebConnection wc) –  void destroy() §  New interface javax.servlet.http.WebConnection extends AutoClosable –  ServletInputStream getInputStream() throws IOException –  ServletOutputStream getOutputStream() throws IOException HttpUpgradeHandler, WebConnection
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.23 Protocol Upgrade §  Add a method to HttpServletRequest –  <T extends HttpUpgradeHandler> T upgrade(Class<T> handlerClass) throws IOException, ServletException HttpServletRequest
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.24 Protocol Upgrade HttpServlet / Filter req.upgrade(…) init destroy HTTP Request upgraded protocol requests / responses HttpUpgradeHandler
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.25 Protocol Upgrade public class UpgradeServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { … if (decideToUpgrade) { EchoHttpUpgradeHandler handler = request.upgrade(EchoHttpUpgradeHandler.class); … } } Example
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.26 Protocol Upgrade public class EchoHttpUpgradeHandler implements HttpUpgradeHandler { public void init(WebConnection wc) { try { ServletInputStream input = wc.getInputStream(); ServletOutputStream output = wc.getOutputStream(); ReadListener readListener = …; input.setReadListener(readListener); … } public void destroy() { … } } Example (cont’d)
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.27 Protocol Upgrade TyrusServletFilter req.upgrade(…) init destroy HTTP Request WebSocket requests / responses TyrusHttpUpgradeHandler Example 2: Reference Implementation of JSR 356, Java API for WebSocket
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.28 DEMO
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.29 Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security Enhancements §  Miscellaneous §  Resources
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.30 Security Enhancements §  Emails or web pages from hackers containing –  http://abank.com?SID=ABCDEFGHIJ §  Change Session id on authentication –  Add to interface HttpServletRequest §  public String changeSessionId() –  New interface javax.servlet.http.HttpSessionIdListener §  void sessionIdChanged(HttpSessionEvent se, String oldSessionId) Session Fixation Attack
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.31 Security Enhancements User Group Role /foo (“*”) /bar (“admin”) Alice manager admin Bob staff staff Carol contractor Any authenticated users Quiz
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.32 Security Enhancements §  Role “*” means any defined roles Any authenticated users Answer to the Quiz User Group Role /foo (“*”) /bar (“admin”) Alice manager admin ok ok Bob staff staff ok deny Carol contractor deny deny
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.33 Security Enhancements §  Roles “**”, any authenticated users §  For example, –  @WebServlet(“/foo”) @ServletSecurity(@HttpConstraint(rolesAllowed={“**”})) Any authenticated users
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.34 Security Enhancements §  deny-uncovered-http-methods in web.xml §  For example, –  <web-app …>
 " "…" " " "" " "<deny-uncovered-http-methods/> " "" " "<security-constraint>
 " " "<web-resource-collection>
 " " " "<web-resource-name>protected</web-resource-name>
 " " " "<url-pattern>/*</url-pattern>
 " " " "<http-method>GET</http-method>
 " " "</web-resource-collection>
 " " "<auth-constraint>
 " " " "<role-name>manager</role-name>
 " " "</auth-constraint>
 " "</security-constraint>
 </web-app>" deny-uncovered-http-methods
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.35 Security Enhancements §  Clarification on run-as –  Servlet#init, Servlet#destroy Run as
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.36 Security Enhancements §  Java EE 7, not in Servlet 3.1 §  Java security manager §  Declaring permissions required by application components §  META-INF/permission.xml §  See EE.6.2 of Java EE 7 spec for details. Declaring Permissions
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.37 Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security Enhancements §  Miscellaneous §  Resources
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.38 Miscellaneous §  ServletResponse#reset –  Clears any data that exists in the buffer as well as the status code and headers §  ServletResponse#setCharacterEncoding –  Sets the character encoding (MIME charset) of the response being sent to the client, for example, to UTF-8. –  … ServletResponse#reset and #setCharacterEncoding Servlet 3.0
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.39 Miscellaneous public class TestServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("text/html"); response.setCharacterEncoding("ISO-8859-1"); PrintWriter writer = response.getWriter(); … response.reset(); response.setContentType("text/plain"); response.setCharacterEncoding("Big5"); response.getOutputStream().println("Done"); } } ServletResponse#reset and setCharacterEncoding (cont’d) Quiz in Servlet 3.0
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.40 Miscellaneous public class TestServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("text/html"); response.setCharacterEncoding("ISO-8859-1"); PrintWriter writer = response.getWriter(); … response.reset(); response.setContentType("text/plain"); response.setCharacterEncoding("Big5"); // no effect response.getOutputStream().println("Done"); // IllegalStateException } } ServletResponse#reset and setCharacterEncoding (cont’d 2) Answer to Quiz in Servlet 3.0
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.41 Miscellaneous §  Character encoding setting after ServletResponse#reset –  Only #getServletOutputStream or #getWriter –  #setCharacterEncoding has no effect after calling #getWriter –  Servlet 3.0 §  #reset clears HTTP headers, status code, data in buffer –  Servlet 3.1 §  #reset clears –  HTTP headers, status code, data in buffer –  state of calling #getServletOutputStream or #getWriter ServletResponse#reset and #setCharacterEncoding (cont’d 3)
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.42 Miscellaneous public class TestServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("text/html"); response.setCharacterEncoding("ISO-8859-1"); PrintWriter writer = response.getWriter(); … response.reset(); response.setContentType("text/plain"); response.setCharacterEncoding("Big5"); // set Big5 encoding response.getOutputStream().println("Done"); // print } } ServletResponse#reset and #setCharacterEncoding (cont’d 4) Example
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.43 Miscellaneous §  HttpServletResponse.sendRedirect –  a.jsp –  /b/a.jsp –  http://anotherhost.com/b/a.jsp –  //anotherhost.com/b/a.jsp (Network Path Reference) Relative Protocol URL
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.44 Miscellaneous §  Clarification for HttpServletRequest#getPart, #getParts without multi-part configuration –  throw IllegalStateException §  Add method javax.servlet.http.Part#getSubmittedFileName() Multi-part
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.45 Miscellaneous §  Clarification for ServletContainerInitiailizer –  independent of metadata-complete –  instance per web application ServletContainerInitializer
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.46 Miscellaneous §  ServletRequestWrapper#isWrapperFor(Class<?> c) §  ServletResponseWrapper#isWrapperFor(Class<?> c) §  HandlesTypes#value return Class<?>[ ] Generic
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.47 Miscellaneous §  Add method ServletContext#getVirtualServerName() §  Add method ServletRequest#getContentLengthLong() §  Add method ServletResponse#setContentLengthLong(long len) Others
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.48 Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security §  Miscellaneous §  Resources
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.49 Resources §  Spec and Javadoc –  http://jcp.org/en/jsr/detail?id=340 –  http://servlet-spec.java.net §  GlassFish 4.0 –  http://glassfish.java.net –  webtier@glassfish.java.net §  blog –  http://www.java.net/blog/swchan2
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.50 Graphic Section Divider
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.51

Recomendados

Servlet 3.1
Servlet 3.1Servlet 3.1
Servlet 3.1Arun Gupta
 
Java EE 7: Boosting Productivity and Embracing HTML5
Java EE 7: Boosting Productivity and Embracing HTML5Java EE 7: Boosting Productivity and Embracing HTML5
Java EE 7: Boosting Productivity and Embracing HTML5Arun Gupta
 
Rapid Network Application Development with Apache MINA
Rapid Network Application Development with Apache MINARapid Network Application Development with Apache MINA
Rapid Network Application Development with Apache MINAtrustinlee
 
Networking and Data Access with Eqela
Networking and Data Access with EqelaNetworking and Data Access with Eqela
Networking and Data Access with Eqelajobandesther
 
Java EE 7: Whats New in the Java EE Platform @ Devoxx 2013
Java EE 7: Whats New in the Java EE Platform @ Devoxx 2013Java EE 7: Whats New in the Java EE Platform @ Devoxx 2013
Java EE 7: Whats New in the Java EE Platform @ Devoxx 2013Arun Gupta
 
Tomcat New Evolution
Tomcat New EvolutionTomcat New Evolution
Tomcat New EvolutionAllan Huang
 
The Web on OSGi: Here's How
The Web on OSGi: Here's HowThe Web on OSGi: Here's How
The Web on OSGi: Here's Howmrdon
 
Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reza Rahman
 

Recomendados

Servlet 3.1
Servlet 3.1Servlet 3.1
Servlet 3.1Arun Gupta
 
Java EE 7: Boosting Productivity and Embracing HTML5
Java EE 7: Boosting Productivity and Embracing HTML5Java EE 7: Boosting Productivity and Embracing HTML5
Java EE 7: Boosting Productivity and Embracing HTML5Arun Gupta
 
Rapid Network Application Development with Apache MINA
Rapid Network Application Development with Apache MINARapid Network Application Development with Apache MINA
Rapid Network Application Development with Apache MINAtrustinlee
 
Networking and Data Access with Eqela
Networking and Data Access with EqelaNetworking and Data Access with Eqela
Networking and Data Access with Eqelajobandesther
 
Java EE 7: Whats New in the Java EE Platform @ Devoxx 2013
Java EE 7: Whats New in the Java EE Platform @ Devoxx 2013Java EE 7: Whats New in the Java EE Platform @ Devoxx 2013
Java EE 7: Whats New in the Java EE Platform @ Devoxx 2013Arun Gupta
 
Tomcat New Evolution
Tomcat New EvolutionTomcat New Evolution
Tomcat New EvolutionAllan Huang
 
The Web on OSGi: Here's How
The Web on OSGi: Here's HowThe Web on OSGi: Here's How
The Web on OSGi: Here's Howmrdon
 
Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reza Rahman
 
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!Priyanka Aash
 
Java EE 6 CDI Integrates with Spring & JSF
Java EE 6 CDI Integrates with Spring & JSFJava EE 6 CDI Integrates with Spring & JSF
Java EE 6 CDI Integrates with Spring & JSFJiayun Zhou
 
Reactive server with netty
Reactive server with nettyReactive server with netty
Reactive server with nettyDmitriy Dumanskiy
 
Project Reactor Now and Tomorrow
Project Reactor Now and TomorrowProject Reactor Now and Tomorrow
Project Reactor Now and TomorrowVMware Tanzu
 
The Play Framework at LinkedIn
The Play Framework at LinkedInThe Play Framework at LinkedIn
The Play Framework at LinkedInYevgeniy Brikman
 
Servlets
ServletsServlets
ServletsManav Prasad
 
Java servlets
Java servletsJava servlets
Java servletsyuvarani p
 
Node.js vs Play Framework
Node.js vs Play FrameworkNode.js vs Play Framework
Node.js vs Play FrameworkYevgeniy Brikman
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014biicode
 
How to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applicationsHow to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applicationsOndrej Mihályi
 
Seven perilous pitfalls to avoid with Java | DevNation Tech Talk
Seven perilous pitfalls to avoid with Java | DevNation Tech TalkSeven perilous pitfalls to avoid with Java | DevNation Tech Talk
Seven perilous pitfalls to avoid with Java | DevNation Tech TalkRed Hat Developers
 
GlassFish BOF
GlassFish BOFGlassFish BOF
GlassFish BOFglassfish
 
Appium Automation with Kotlin
Appium Automation with KotlinAppium Automation with Kotlin
Appium Automation with KotlinRapidValue
 
JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...
JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...
JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...0xdaryl
 
Leveraging Completable Futures to handle your query results Asynchrhonously
Leveraging Completable Futures to handle your query results AsynchrhonouslyLeveraging Completable Futures to handle your query results Asynchrhonously
Leveraging Completable Futures to handle your query results AsynchrhonouslyDavid Gómez García
 
Jersey framework
Jersey frameworkJersey framework
Jersey frameworkknight1128
 
Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikEdgar Espina
 
Aci programmability
Aci programmabilityAci programmability
Aci programmabilityCisco DevNet
 
Modern Java Workshop
Modern Java WorkshopModern Java Workshop
Modern Java WorkshopSimon Ritter
 
Hacking oracle using metasploit
Hacking oracle using metasploitHacking oracle using metasploit
Hacking oracle using metasploitAlberto García Illera
 
JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)
JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)
JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)Shing Wai Chan
 
Java ee7 1hour
Java ee7 1hourJava ee7 1hour
Java ee7 1hourFrank Rodriguez
 

Mais conteúdo relacionado

Mais procurados

Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!Priyanka Aash
 
Java EE 6 CDI Integrates with Spring & JSF
Java EE 6 CDI Integrates with Spring & JSFJava EE 6 CDI Integrates with Spring & JSF
Java EE 6 CDI Integrates with Spring & JSFJiayun Zhou
 
Project Reactor Now and Tomorrow
Project Reactor Now and TomorrowProject Reactor Now and Tomorrow
Project Reactor Now and TomorrowVMware Tanzu
 
The Play Framework at LinkedIn
The Play Framework at LinkedInThe Play Framework at LinkedIn
The Play Framework at LinkedInYevgeniy Brikman
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014biicode
 
How to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applicationsHow to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applicationsOndrej Mihályi
 
Seven perilous pitfalls to avoid with Java | DevNation Tech Talk
Seven perilous pitfalls to avoid with Java | DevNation Tech TalkSeven perilous pitfalls to avoid with Java | DevNation Tech Talk
Seven perilous pitfalls to avoid with Java | DevNation Tech TalkRed Hat Developers
 
GlassFish BOF
GlassFish BOFGlassFish BOF
GlassFish BOFglassfish
 
Appium Automation with Kotlin
Appium Automation with KotlinAppium Automation with Kotlin
Appium Automation with KotlinRapidValue
 
JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...
JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...
JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...0xdaryl
 
Leveraging Completable Futures to handle your query results Asynchrhonously
Leveraging Completable Futures to handle your query results AsynchrhonouslyLeveraging Completable Futures to handle your query results Asynchrhonously
Leveraging Completable Futures to handle your query results AsynchrhonouslyDavid Gómez García
 
Jersey framework
Jersey frameworkJersey framework
Jersey frameworkknight1128
 
Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikEdgar Espina
 
Aci programmability
Aci programmabilityAci programmability
Aci programmabilityCisco DevNet
 
Modern Java Workshop
Modern Java WorkshopModern Java Workshop
Modern Java WorkshopSimon Ritter
 

Mais procurados (20)

Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!
 
Java EE 6 CDI Integrates with Spring & JSF
Java EE 6 CDI Integrates with Spring & JSFJava EE 6 CDI Integrates with Spring & JSF
Java EE 6 CDI Integrates with Spring & JSF
 
Reactive server with netty
Reactive server with nettyReactive server with netty
Reactive server with netty
 
Project Reactor Now and Tomorrow
Project Reactor Now and TomorrowProject Reactor Now and Tomorrow
Project Reactor Now and Tomorrow
 
The Play Framework at LinkedIn
The Play Framework at LinkedInThe Play Framework at LinkedIn
The Play Framework at LinkedIn
 
Servlets
ServletsServlets
Servlets
 
Java servlets
Java servletsJava servlets
Java servlets
 
Node.js vs Play Framework
Node.js vs Play FrameworkNode.js vs Play Framework
Node.js vs Play Framework
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014
 
How to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applicationsHow to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applications
 
Seven perilous pitfalls to avoid with Java | DevNation Tech Talk
Seven perilous pitfalls to avoid with Java | DevNation Tech TalkSeven perilous pitfalls to avoid with Java | DevNation Tech Talk
Seven perilous pitfalls to avoid with Java | DevNation Tech Talk
 
GlassFish BOF
GlassFish BOFGlassFish BOF
GlassFish BOF
 
Appium Automation with Kotlin
Appium Automation with KotlinAppium Automation with Kotlin
Appium Automation with Kotlin
 
JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...
JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...
JavaOne 2015 CON7547 "Beyond the Coffee Cup: Leveraging Java Runtime Technolo...
 
Leveraging Completable Futures to handle your query results Asynchrhonously
Leveraging Completable Futures to handle your query results AsynchrhonouslyLeveraging Completable Futures to handle your query results Asynchrhonously
Leveraging Completable Futures to handle your query results Asynchrhonously
 
Jersey framework
Jersey frameworkJersey framework
Jersey framework
 
Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip Hanik
 
Aci programmability
Aci programmabilityAci programmability
Aci programmability
 
Modern Java Workshop
Modern Java WorkshopModern Java Workshop
Modern Java Workshop
 
Hacking oracle using metasploit
Hacking oracle using metasploitHacking oracle using metasploit
Hacking oracle using metasploit
 

Semelhante a What's New in Servlet 3.1: Non-blocking IO, Protocol Upgrade, Security

JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)
JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)
JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)Shing Wai Chan
 
OTN Tour 2013: What's new in java EE 7
OTN Tour 2013: What's new in java EE 7OTN Tour 2013: What's new in java EE 7
OTN Tour 2013: What's new in java EE 7Bruno Borges
 
Java EE7
Java EE7Java EE7
Java EE7Jay Lee
 
Servlet 4.0 Adopt-a-JSR 10 Minute Infodeck
Servlet 4.0 Adopt-a-JSR 10 Minute InfodeckServlet 4.0 Adopt-a-JSR 10 Minute Infodeck
Servlet 4.0 Adopt-a-JSR 10 Minute InfodeckEdward Burns
 
Java EE 7 Platform: Boosting Productivity and Embracing HTML5 - Arun Gupta (R...
Java EE 7 Platform: Boosting Productivity and Embracing HTML5 - Arun Gupta (R...Java EE 7 Platform: Boosting Productivity and Embracing HTML5 - Arun Gupta (R...
Java EE 7 Platform: Boosting Productivity and Embracing HTML5 - Arun Gupta (R...jaxLondonConference
 
JSR 236 Concurrency Utils for EE presentation for JavaOne 2013 (CON7948)
JSR 236 Concurrency Utils for EE presentation for JavaOne 2013 (CON7948)JSR 236 Concurrency Utils for EE presentation for JavaOne 2013 (CON7948)
JSR 236 Concurrency Utils for EE presentation for JavaOne 2013 (CON7948)Fred Rowe
 
As novidades do Java EE 7: do HTML5 ao JMS 2.0
As novidades do Java EE 7: do HTML5 ao JMS 2.0As novidades do Java EE 7: do HTML5 ao JMS 2.0
As novidades do Java EE 7: do HTML5 ao JMS 2.0Bruno Borges
 
Presente e Futuro: Java EE.next()
Presente e Futuro: Java EE.next()Presente e Futuro: Java EE.next()
Presente e Futuro: Java EE.next()Bruno Borges
 
Batch Applications for the Java Platform
Batch Applications for the Java PlatformBatch Applications for the Java Platform
Batch Applications for the Java PlatformSivakumar Thyagarajan
 
Getting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaGetting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaArun Gupta
 
112815 java ee8_davidd
112815 java ee8_davidd112815 java ee8_davidd
112815 java ee8_daviddTakashi Ito
 
Java API for WebSocket 1.0: Java EE 7 and GlassFish
Java API for WebSocket 1.0: Java EE 7 and GlassFishJava API for WebSocket 1.0: Java EE 7 and GlassFish
Java API for WebSocket 1.0: Java EE 7 and GlassFishArun Gupta
 
JAX RS 2.0 - OTN Bangalore 2013
JAX RS 2.0 - OTN Bangalore 2013JAX RS 2.0 - OTN Bangalore 2013
JAX RS 2.0 - OTN Bangalore 2013Jagadish Prasath
 
JAX-RS 2.0: RESTful Web Services
JAX-RS 2.0: RESTful Web ServicesJAX-RS 2.0: RESTful Web Services
JAX-RS 2.0: RESTful Web ServicesArun Gupta
 
"Quantum" Performance Effects
"Quantum" Performance Effects"Quantum" Performance Effects
"Quantum" Performance EffectsSergey Kuksenko
 
Getting Started with WebSocket and Server-Sent Events using Java by Arun Gupta
Getting Started with WebSocket and Server-Sent Events using Java by Arun GuptaGetting Started with WebSocket and Server-Sent Events using Java by Arun Gupta
Getting Started with WebSocket and Server-Sent Events using Java by Arun GuptaCodemotion
 
Getting started with Websocket and Server-sent Events using Java - Arun Gupta
Getting started with Websocket and Server-sent Events using Java - Arun Gupta Getting started with Websocket and Server-sent Events using Java - Arun Gupta
Getting started with Websocket and Server-sent Events using Java - Arun Gupta jaxconf
 
Best Practices for JSF, Gameduell 2013
Best Practices for JSF, Gameduell 2013Best Practices for JSF, Gameduell 2013
Best Practices for JSF, Gameduell 2013Edward Burns
 

Semelhante a What's New in Servlet 3.1: Non-blocking IO, Protocol Upgrade, Security (20)

JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)
JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)
JavaOne Shanghai 2013 - Servlet 3.1 (JSR 340)
 
Java ee7 1hour
Java ee7 1hourJava ee7 1hour
Java ee7 1hour
 
OTN Tour 2013: What's new in java EE 7
OTN Tour 2013: What's new in java EE 7OTN Tour 2013: What's new in java EE 7
OTN Tour 2013: What's new in java EE 7
 
Java EE7
Java EE7Java EE7
Java EE7
 
Servlet 4.0 Adopt-a-JSR 10 Minute Infodeck
Servlet 4.0 Adopt-a-JSR 10 Minute InfodeckServlet 4.0 Adopt-a-JSR 10 Minute Infodeck
Servlet 4.0 Adopt-a-JSR 10 Minute Infodeck
 
Java EE 7 Platform: Boosting Productivity and Embracing HTML5 - Arun Gupta (R...
Java EE 7 Platform: Boosting Productivity and Embracing HTML5 - Arun Gupta (R...Java EE 7 Platform: Boosting Productivity and Embracing HTML5 - Arun Gupta (R...
Java EE 7 Platform: Boosting Productivity and Embracing HTML5 - Arun Gupta (R...
 
JSR 236 Concurrency Utils for EE presentation for JavaOne 2013 (CON7948)
JSR 236 Concurrency Utils for EE presentation for JavaOne 2013 (CON7948)JSR 236 Concurrency Utils for EE presentation for JavaOne 2013 (CON7948)
JSR 236 Concurrency Utils for EE presentation for JavaOne 2013 (CON7948)
 
As novidades do Java EE 7: do HTML5 ao JMS 2.0
As novidades do Java EE 7: do HTML5 ao JMS 2.0As novidades do Java EE 7: do HTML5 ao JMS 2.0
As novidades do Java EE 7: do HTML5 ao JMS 2.0
 
Presente e Futuro: Java EE.next()
Presente e Futuro: Java EE.next()Presente e Futuro: Java EE.next()
Presente e Futuro: Java EE.next()
 
Batch Applications for the Java Platform
Batch Applications for the Java PlatformBatch Applications for the Java Platform
Batch Applications for the Java Platform
 
Getting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaGetting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in Java
 
112815 java ee8_davidd
112815 java ee8_davidd112815 java ee8_davidd
112815 java ee8_davidd
 
Java API for WebSocket 1.0: Java EE 7 and GlassFish
Java API for WebSocket 1.0: Java EE 7 and GlassFishJava API for WebSocket 1.0: Java EE 7 and GlassFish
Java API for WebSocket 1.0: Java EE 7 and GlassFish
 
JAX RS 2.0 - OTN Bangalore 2013
JAX RS 2.0 - OTN Bangalore 2013JAX RS 2.0 - OTN Bangalore 2013
JAX RS 2.0 - OTN Bangalore 2013
 
JAX-RS 2.0: RESTful Web Services
JAX-RS 2.0: RESTful Web ServicesJAX-RS 2.0: RESTful Web Services
JAX-RS 2.0: RESTful Web Services
 
"Quantum" Performance Effects
"Quantum" Performance Effects"Quantum" Performance Effects
"Quantum" Performance Effects
 
Getting Started with WebSocket and Server-Sent Events using Java by Arun Gupta
Getting Started with WebSocket and Server-Sent Events using Java by Arun GuptaGetting Started with WebSocket and Server-Sent Events using Java by Arun Gupta
Getting Started with WebSocket and Server-Sent Events using Java by Arun Gupta
 
Getting started with Websocket and Server-sent Events using Java - Arun Gupta
Getting started with Websocket and Server-sent Events using Java - Arun Gupta Getting started with Websocket and Server-sent Events using Java - Arun Gupta
Getting started with Websocket and Server-sent Events using Java - Arun Gupta
 
Best Practices for JSF, Gameduell 2013
Best Practices for JSF, Gameduell 2013Best Practices for JSF, Gameduell 2013
Best Practices for JSF, Gameduell 2013
 
Completable future
Completable futureCompletable future
Completable future
 

Último

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

What's New in Servlet 3.1: Non-blocking IO, Protocol Upgrade, Security

  • 1. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.1
  • 2. What’s New in JSR 340, Servlet 3.1? Shing Wai Chan Rajiv Mordani Session ID: CON 4854
  • 3. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.3 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
  • 4. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.4 Program Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security enhancements §  Miscellaneous features §  Resources
  • 5. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.5 Servlet 3.1 Overview §  FINAL: Part of Java EE 7 §  Upgrade from Servlet 3.0 §  Scalability –  Expose Non-blocking IO API §  Support newer technologies that leverage HTTP protocol for the initial handshake –  Support general upgrade mechanism for protocols like WebSocket §  Security enhancements
  • 6. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.6 Program Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security enhancements §  Miscellaneous features §  Resources
  • 7. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.7 Non-blocking IO public class TestServlet extends HttpServlet protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { ServletInputStream input = request.getInputStream(); byte[] b = new byte[1024]; int len = -1; while ((len = input.read(b)) != -1) { … } } } Traditional IO Example
  • 8. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8 Non Blocking IO §  Add two new interfaces: ReadListener, WriteListener §  Add APIs to ServletInputStream, ServletOutputStream §  For asynchronous and upgrade only Overview
  • 9. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9 Non-blocking IO public interface ReadListener extends EventListener { public void onDataAvailable() throws IOException; public void onAllDataRead() throws IOException; public void onError(Throwable t); } javax.servlet.ReadListener
  • 10. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.10 Non-blocking IO public interface WriteListener extends EventListener { public void onWritePossible() throws IOException; public void onError(Throwable t); } javax.servlet.WriteListener
  • 11. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.11 Non-blocking IO §  javax.servlet.ServletInputStream –  public abstract boolean isFinished() –  public abstract boolean isReady() –  public abstract void setReadListener(ReadListener listener) §  javax.servlet.ServletOutputStream –  public abstract boolean isReady() –  public abstract setWriteListener(WriteListener listener) ServletInputStream, ServletOutputStream
  • 12. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.12 Non-blocking IO public class TestServlet extends HttpServlet { protected void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { AsyncContext ac = req.startAsync(); … ServletInputStream input = req.getInputStream(); ReadListener readListener = new ReadListenerImpl(input, output, ac); input.setReadListener(readListener); } } Example
  • 13. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.13 Non-blocking IO public class ReadListenerImpl implements ReadListener { … public void onDataAvailable() throws IOException { … int len = -1; byte b[] = new byte[1024]; while ((len = input.read(b)) != -1) { … } } public void onAllDataRead() throws IOException { … } public void onError(final Throwable t) { … } } Example (cont’d): Quiz
  • 14. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.14 Non-blocking IO public class ReadListenerImpl implements ReadListener { … public void onDataAvailable() throws IOException { … int len = -1; byte b[] = new byte[1024]; while (input.isReady() && (len = input.read(b)) != -1) { … } } public void onAllDataRead() throws IOException { ac.complete(); } public void onError(final Throwable t) { … } } Example (cont’d 2): Answer
  • 15. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.15 Non-blocking IO public class TestServlet2 extends HttpServlet { protected void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { AsyncContext ac = req.startAsync(); … ServletOutputStream output = req.getOutputStream(); WriteListener writeListener = new WriteListenerImpl(output, ac); output.setWriteListener(writeListener); } } Example 2
  • 16. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.16 Non-blocking IO public class WriteListenerImpl implements WriteListener { … public void onWritePossible() throws IOException { … int len = -1; byte b[] = new byte[1024]; while (output.isReady()) { … } … } public void onError(final Throwable t) { … } } Example 2 (cont’d)
  • 17. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.17 Program Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security Enhancements §  Miscellaneous §  Resources
  • 18. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.18 Protocol Upgrade §  HTTP 1.1 (RFC 2616) §  Connection §  Transition to some other, incompatible protocol –  For examples, IRC/6.9, Web Socket HTTP Upgrade
  • 19. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.19 Protocol Upgrade §  Originally proposed as part of HTML5 §  IETF-defined Protocol: RFC 6455 –  Handshake –  Data Transfer §  W3C defined JavaScript API –  Candidate Recommendation, 2012-09-20 §  Bi-directional, full-duplex / TCP Example: WebSocket
  • 20. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.20 Client GET /chat HTTP/1.1 Host: server.example.com Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Origin: http://example.com Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 Protocol Upgrade Server HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= Sec-WebSocket-Protocol: chat WebSocket Example
  • 21. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.21 Protocol Upgrade §  Add API to HttpServletRequest §  Add two new interfaces –  javax.servlet.http.HttpUpgradeHandler –  javax.servlet.http.WebConnection §  Can use non-blocking IO API in upgrade Overview
  • 22. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.22 Protocol Upgrade §  New interface javax.servlet.http.HttpUpgradeHandler –  void init(WebConnection wc) –  void destroy() §  New interface javax.servlet.http.WebConnection extends AutoClosable –  ServletInputStream getInputStream() throws IOException –  ServletOutputStream getOutputStream() throws IOException HttpUpgradeHandler, WebConnection
  • 23. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.23 Protocol Upgrade §  Add a method to HttpServletRequest –  <T extends HttpUpgradeHandler> T upgrade(Class<T> handlerClass) throws IOException, ServletException HttpServletRequest
  • 24. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.24 Protocol Upgrade HttpServlet / Filter req.upgrade(…) init destroy HTTP Request upgraded protocol requests / responses HttpUpgradeHandler
  • 25. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.25 Protocol Upgrade public class UpgradeServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { … if (decideToUpgrade) { EchoHttpUpgradeHandler handler = request.upgrade(EchoHttpUpgradeHandler.class); … } } Example
  • 26. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.26 Protocol Upgrade public class EchoHttpUpgradeHandler implements HttpUpgradeHandler { public void init(WebConnection wc) { try { ServletInputStream input = wc.getInputStream(); ServletOutputStream output = wc.getOutputStream(); ReadListener readListener = …; input.setReadListener(readListener); … } public void destroy() { … } } Example (cont’d)
  • 27. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.27 Protocol Upgrade TyrusServletFilter req.upgrade(…) init destroy HTTP Request WebSocket requests / responses TyrusHttpUpgradeHandler Example 2: Reference Implementation of JSR 356, Java API for WebSocket
  • 28. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.28 DEMO
  • 29. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.29 Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security Enhancements §  Miscellaneous §  Resources
  • 30. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.30 Security Enhancements §  Emails or web pages from hackers containing –  http://abank.com?SID=ABCDEFGHIJ §  Change Session id on authentication –  Add to interface HttpServletRequest §  public String changeSessionId() –  New interface javax.servlet.http.HttpSessionIdListener §  void sessionIdChanged(HttpSessionEvent se, String oldSessionId) Session Fixation Attack
  • 31. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.31 Security Enhancements User Group Role /foo (“*”) /bar (“admin”) Alice manager admin Bob staff staff Carol contractor Any authenticated users Quiz
  • 32. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.32 Security Enhancements §  Role “*” means any defined roles Any authenticated users Answer to the Quiz User Group Role /foo (“*”) /bar (“admin”) Alice manager admin ok ok Bob staff staff ok deny Carol contractor deny deny
  • 33. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.33 Security Enhancements §  Roles “**”, any authenticated users §  For example, –  @WebServlet(“/foo”) @ServletSecurity(@HttpConstraint(rolesAllowed={“**”})) Any authenticated users
  • 34. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.34 Security Enhancements §  deny-uncovered-http-methods in web.xml §  For example, –  <web-app …>
 " "…" " " "" " "<deny-uncovered-http-methods/> " "" " "<security-constraint>
 " " "<web-resource-collection>
 " " " "<web-resource-name>protected</web-resource-name>
 " " " "<url-pattern>/*</url-pattern>
 " " " "<http-method>GET</http-method>
 " " "</web-resource-collection>
 " " "<auth-constraint>
 " " " "<role-name>manager</role-name>
 " " "</auth-constraint>
 " "</security-constraint>
 </web-app>" deny-uncovered-http-methods
  • 35. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.35 Security Enhancements §  Clarification on run-as –  Servlet#init, Servlet#destroy Run as
  • 36. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.36 Security Enhancements §  Java EE 7, not in Servlet 3.1 §  Java security manager §  Declaring permissions required by application components §  META-INF/permission.xml §  See EE.6.2 of Java EE 7 spec for details. Declaring Permissions
  • 37. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.37 Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security Enhancements §  Miscellaneous §  Resources
  • 38. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.38 Miscellaneous §  ServletResponse#reset –  Clears any data that exists in the buffer as well as the status code and headers §  ServletResponse#setCharacterEncoding –  Sets the character encoding (MIME charset) of the response being sent to the client, for example, to UTF-8. –  … ServletResponse#reset and #setCharacterEncoding Servlet 3.0
  • 39. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.39 Miscellaneous public class TestServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("text/html"); response.setCharacterEncoding("ISO-8859-1"); PrintWriter writer = response.getWriter(); … response.reset(); response.setContentType("text/plain"); response.setCharacterEncoding("Big5"); response.getOutputStream().println("Done"); } } ServletResponse#reset and setCharacterEncoding (cont’d) Quiz in Servlet 3.0
  • 40. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.40 Miscellaneous public class TestServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("text/html"); response.setCharacterEncoding("ISO-8859-1"); PrintWriter writer = response.getWriter(); … response.reset(); response.setContentType("text/plain"); response.setCharacterEncoding("Big5"); // no effect response.getOutputStream().println("Done"); // IllegalStateException } } ServletResponse#reset and setCharacterEncoding (cont’d 2) Answer to Quiz in Servlet 3.0
  • 41. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.41 Miscellaneous §  Character encoding setting after ServletResponse#reset –  Only #getServletOutputStream or #getWriter –  #setCharacterEncoding has no effect after calling #getWriter –  Servlet 3.0 §  #reset clears HTTP headers, status code, data in buffer –  Servlet 3.1 §  #reset clears –  HTTP headers, status code, data in buffer –  state of calling #getServletOutputStream or #getWriter ServletResponse#reset and #setCharacterEncoding (cont’d 3)
  • 42. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.42 Miscellaneous public class TestServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("text/html"); response.setCharacterEncoding("ISO-8859-1"); PrintWriter writer = response.getWriter(); … response.reset(); response.setContentType("text/plain"); response.setCharacterEncoding("Big5"); // set Big5 encoding response.getOutputStream().println("Done"); // print } } ServletResponse#reset and #setCharacterEncoding (cont’d 4) Example
  • 43. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.43 Miscellaneous §  HttpServletResponse.sendRedirect –  a.jsp –  /b/a.jsp –  http://anotherhost.com/b/a.jsp –  //anotherhost.com/b/a.jsp (Network Path Reference) Relative Protocol URL
  • 44. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.44 Miscellaneous §  Clarification for HttpServletRequest#getPart, #getParts without multi-part configuration –  throw IllegalStateException §  Add method javax.servlet.http.Part#getSubmittedFileName() Multi-part
  • 45. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.45 Miscellaneous §  Clarification for ServletContainerInitiailizer –  independent of metadata-complete –  instance per web application ServletContainerInitializer
  • 46. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.46 Miscellaneous §  ServletRequestWrapper#isWrapperFor(Class<?> c) §  ServletResponseWrapper#isWrapperFor(Class<?> c) §  HandlesTypes#value return Class<?>[ ] Generic
  • 47. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.47 Miscellaneous §  Add method ServletContext#getVirtualServerName() §  Add method ServletRequest#getContentLengthLong() §  Add method ServletResponse#setContentLengthLong(long len) Others
  • 48. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.48 Agenda §  Servlet 3.1 Overview §  Non-blocking IO §  Protocol Upgrade §  Security §  Miscellaneous §  Resources
  • 49. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.49 Resources §  Spec and Javadoc –  http://jcp.org/en/jsr/detail?id=340 –  http://servlet-spec.java.net §  GlassFish 4.0 –  http://glassfish.java.net –  webtier@glassfish.java.net §  blog –  http://www.java.net/blog/swchan2
  • 50. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.50 Graphic Section Divider
  • 51. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.51