Mais conteúdo relacionado
Semelhante a Servlet 3.1 (20)
Servlet 3.1
- 1. 1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 2. Servlet 3.1
John Clingan, Principal Product Manager
2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 3. The following is intended to outline our general product direction.
It is intended for information purposes only, and may not be
incorporated into any contract. It is not a commitment to deliver
any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and
timing of any features or functionality described for Oracle s
products remains at the sole discretion of Oracle.
3 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 4. Agenda
• Servlet 3.0 recap
• Servlet 3.1 Overview
• NIO API
• Protocol Upgrade
• Security
• Resources
4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 5. Servlet 3.0 recap
• Part of Java EE 6
• Focused on
– Ease-of-Development
– Pluggability
– Asynchronous support
– Dynamic registration of servlets, filters and listeners
– Security enhancements
• Adoption
– GlassFish 3.x, Tomcat 7, JBOSS, Caucho, IBM, Weblogic
5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 6. Servlet 3.0 recap
Ease of Development
• Annotations to declare
– Servlets
– Filters
– Listeners
– Security
• Defaults for attributes of annotations
6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 7. Example
@WebServlet( urlPatterns = {“/foo”} )
public class SimpleSample extends HttpServlet {
public void doGet(HttpServletRequest req,
HttpServletResponse res) {
}
}
7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 8. Servlet 3.0 recap
Pluggability
• Drag-and-drop model
• Web frameworks as fully configured libraries
• Contain “fragments” of web.xml
• META-INF/web-fragment.xml
• Extensions can register servlets, filters, listeners
dynamically
• Extensions can also discover and process annotated
classes
8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 9. Servlet 3.0 recap
Using pluggability
• Bundle static resources and jsps in a jar that can be re-
used
• Look for ready-to-use frameworks, libraries
• Re-factor your libraries into re-usable, auto-configured
frameworks
9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 10. Agenda
• Servlet 3.0 recap
• Servlet 3.1 Overview
• NIO API
• Protocol Upgrade
• Security
• Resources
10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 11. The content described in the following slides are subject to change
based on expert group discussions
11 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 12. JAVA EE 7 THEME: CLOUD / PAAS
Java EE 7 platform to be ready for the cloud
12 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 13. Java EE 7 PaaS support
• Provide customers and users ability to leverage cloud
environments
• Enable multi-tenancy
– One application instance per tenant
– Mapping to tenant done by container
– Isolation between applications
• Define metadata for services
13 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 14. Servlet 3.1
Feature set
• Align with Java EE 7 for cloud support
– For web container there will a virtual server mapping per tenant
– Ability to load custom web resources per tenant
– Use the services exposed in Java EE 7
• Scale
– Expose NIO2 API
• Support newer technologies that leverage http protocol for the
initial handshake
– Support general upgrade mechanism for protocols like WebSocket
• Security enhancements
14 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 15. Agenda
• Servlet 3.0 recap
• Servlet 3.1 Overview
• NIO API
• Protocol Upgrade
• Security
• Resources
15 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 16. Expose NIO API
Overview: NonBlocking IO
• Add two listeners: ReadListener, WriteListener
• Add two interfaces:
– AsyncIOInputSource with abstract classes ServletInputStream,
ServletReader
– AsyncIOOutputSink with abstract classes ServletOutputStream,
ServletWriter
• Add APIs to ServletRequest, ServletResponse
16 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 17. Expose NIO API
javax.servlet.ReadListener
public interface ReadListener extends EventListener {
public void onDataAvailable(ServletRequest request);
public void onAllDataRead(ServletRequest request);
public void onError(Throwable t);
}
17 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 18. Expose NIO API
javax.servlet.WriteListener
public interface WriteListener extends EventListener {
public void onWritePossible(ServletResponse response);
public void onError(Throwable t);
}
18 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 19. Expose NIO API
javax.servlet.AsyncIOInputSource
public interface AsyncIOInputSource {
public int dataAvailable();
public boolean isFinished();
public isReady();
}
19 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 20. Expose NIO API
ServletInputStream, ServletReader
InputStream Reader
ServletInputStream AsyncIOInputSource ServletReader
20 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 21. Expose NIO API
javax.servlet.AsyncIOOutputSink
public interface AsyncIOOutputSink {
public boolean canWrite(int size);
public void complete();
}
21 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 22. Expose NIO API
NIOOutputStream, NIOWriter
OutputStream Writer
ServletOutputStream AsyncIOOutputSink ServletWriter
22 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 23. Expose NIO API
ServletRequest, ServletResponse
• ServletRequest
– Public ServletInputStream getServletInputStream()
– Public ServletReader getServletReader()
– public void addListener(ReadListener listener)
• ServletResponse
– Public ServletOutputStream getServletOutputStream()
– Public ServletWriter getServletWriter()
– public addListener(WriteListener listener)
23 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 24. Expose NIO API
Sample Usage
public class NIOSampleServlet extends HttpServlet
protected void doGet(HttpServletRequest request, HttpServletResponse response)
{
request.addListener(new ReadListener() {
public void onDataAvailable(ServletRequest request) {
ServletInputStream nis = request.getServletInputStream();
try {
nis.read(new byte[nis.dataAvailable()]);
…
}
24 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 25. Expose NIO API
Sample Usage (cont’d)
public void onAllDataRead(ServletRequest request) {
try {
request.getServletInputStream().close();
….
}
public void onError(Throwable t) { … }
});
final byte[] b = new byte[100];
….
25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 26. Expose NIO API
Sample Usage (cont’d 2)
• response.addListener(new WriteListener() {
public void onWritePossible(ServletResponse response) {
AsyncIOOutputStream nos = response.getAsyncIOOutputStream();
try {
nos.write(b);
nos.complete();
…
}
public void onError(Throwable t) { … }
});
}
}
26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 27. Expose NIO API
• Discussion with expert group on alternate approach
• Use NIO 2 approach
27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 28. Program Agenda
• Servlet 3.0 recap
• Servlet 3.1 Overview
• NIO API
• Protocol Upgrade
• Security
• Resources
28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 29. Upgrade
• HTTP 1.1
• Connection
• Transition to some other, incompatible protocol
• For example,
Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9
29 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 30. Upgrade
Example: WebSocket
• Protocol: IETF
• API: W3C (JavaScript)
• Bi-directional, full-duplex / TCP
30 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 31. Upgrade
WebSocket Example
• GET /chat HTTP/1.1 • HTTP/1.1 101 Switching Protocols
Host: server.example.com Upgrade: websocket
Upgrade: websocket Connection: Upgrade
Connection: Upgrade Sec-WebSocket-Accept:
Sec-WebSocket-Key: s3pPLMBiTxaQ9kYGzzhZRbK
dGhlIHNhbXBsZSBub25jZQ== +xOo=
Origin: http://example.com Sec-WebSocket-Protocol: chat
Sec-WebSocket-Protocol: chat,
superchat
Sec-WebSocket-Version: 13
31 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 32. Upgrade
HTTP Request
Servlet
….
upgrade(…); ProtocolHandler
32 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 33. Agenda
• Servlet 3.0 recap
• Servlet 3.1 Overview
• NIO API
• Protocol Upgrade
• Security
• Resources
33 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 34. Security Enhancement
• Made good progress in Servlet 3.0
• Continue from where we left off
• Include support for preventing against CSRF
• Provide an easy way to support denying all unlisted http
methods
• Encoding / escaping support to prevent XSS
34 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 35. Align with other Java EE JSRs
• Integrate with Concurrency Utilities for Java EE
– Utilize it Async programming model
• Align with CDI
• Align with Bean Validation
• Align with Jcache (JSR 107)
35 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 36. Transparency
• High level of transparency for all Java EE JSRs
• Use java.net project to run our JSRs in the open
– One java.net project per specification
• Publicly viewable Expert Group mailing list archive
• Users observer list gets copies of all emails to the EG
• Download area
• JIRA for issue tracking
• Wiki and source repository at EG’s discretion
• JCP.org private mailing list for administrative / confidential info
36 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 37. Agenda
• Servlet 3.0 recap
• Servlet 3.1 Overview
• NIO API
• Protocol Upgrade
• Security
• Resources
37 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 38. Webtier related projects
• https://servlet-spec.java.net
• http://jcp.org/en/jsr/summary?id=340
• webtier@glassfish.java.net
– For users of GlassFish webtier
38 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 39. Tokyo 2012
April 4–6, 2012
39 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 40. Q&A
40 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 41. 41 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 42. 42 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.