Watermarking in Source Code: Applications and Security Challenges
Java EE Pattern: Infrastructure
1. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
1
Session:
Pattern of the Infrastructure Layer
Bean Locator
Payload Extractor
Asynchronous Resource Integrator
Resource Binder
2. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
2
Objectives
Learn about:
✔ How to access other components using JNDI instead of CDI
✔ How enhance robustness in the field of messaging and message
types
✔ How to integrate 3rd party systems using Messaging
✔ An alternative to @Inject
3. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
3
Some orientation
Consumer
Consumer
Layer
Integration
Layer
Business Process
Layer
Services
Layer
Component
Layer
OS
Layer
4. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
4
ECB Pattern
Entity Control Boundary
✔ Based upon Robustness Diagrams
(http://www.agilemodeling.com/artifacts/robustnessDiagram.htm)
➢ Boundary: user interface
➢ Control: actual process or activity
➢ Entity: a concept from an enterprise context.
✔ Elements are generic enough to be mapped either to service-
oriented or object-oriented architectures.
Boundary Control Entity
Adam Bien
5. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
5
Services, components and patterns
Boundary Control Entity
DAO &
Domain
Store
Generic
DAO
Singleton
Service
Starter
Dual View
SOA Facade
Lightweight
asynchronous
Facade
Multichannel
Facade
TO
&
DTO
Paginator
Bean
Locator
Multichannel
Facade
Resource
Binder
Payload
Extractor
Aynchronous
Resource
Integrator
Infrastructure
6. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
6
Module
Bean Locator
7. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
7
Bean Locator
According to Adam Bien, Dependency Injection
has also some disadvantages:
➢ It is static - the dependencies are resolved at start
time.
➢ The service user has to live with the given contracts
or conventions.
➢ DI is only available for certain classes which are managed by a
container.
✔ Sometimes the need to rely on JNDI lookups might occur.
✔ A convenient way to access these ressouces should be provided
8. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
8
You have to decide
✔ .. whether EJBs from different jars should be injected (ear
deployment only) or looked-up for.
Boundary Control Entity
Boundary Control Entity
9. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
9
JNDI names
✔ Have not been standardized for a long time
✔ EJB 3.1 solves the above problem by mandating that every
container must assign (at least one) well defined global JNDI
names to EJBs.
✔ The general syntax of a (portable) global JNDI name of an EJB is of
the form:
✔ BUT: application name and module name vary if using maven
Right now I'm working with 3 different ejb containers (Glassfish, JBoss and
OpenEjb) and they use totally different conventions for ejb names. It's
incredible, isn't it?
--- Posted by Filippo on December 24, 2006 at 09:25 AM CET
java:global/[<application-name>]/<module-name>/<bean-name>!
<fully-qualified-bean-interface-name>
10. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
10
Even within ...
✔ … the same JBoss 6.1 but different configurations, lookup will be
different:
default configuration
standard configuration
11. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
11
Service Locator 2.0 (Bean Locator)
✔ We need to find something which is configurable and allows to
retrieve the JNDI name at runtime:
➢ Combination of Builder pattern and Strategy pattern
➢ Builder pattern: construct the utility class
➢ Strategy pattern: various strategies to create
the appropriate JNDI look-up string
12. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
12
Implementation
13. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
13
Lab
Implement Bean Locator
(not more than 15 min.)
14. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
14
Module
Resource Binder
15. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
15
Resource Binder
✔ Application server registeres resources like EJBs, JMS destinations
or DataSources at startup time
✔ These components are injectable into Servlets and/or EJBs
✔ If you want to do the same with your components, you need to do
a little work:
➢ Make use of the @Inject annotation and a DI framework like WELD or
Google Guice
➢ Bind the resources yourself into JNDI and inject later on using
@Resource annotation
16. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
16
Injecting by @Inject
✔ The @Inject annotation provides a convenient way to inject non-
EJB resources
✔ @Inject is more general than EJB and is part of CDI specification.
So if you want to use @Inject, you need an implementation of it in
your server.
✔ For POJOs (not EJBs) you have to
use @Inject.
✔ In JBoss/WELD using @Inject
requires the jar to contain a
beans.xml file in
META-INF subdirectory
17. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
17
Using @Inject
Example:
@Stateless
@Remote(SomeService.class)
public class SomeServiceBean implements SomeService
{
@Inject
private SomeProcess process;
public void someBusinessMethod(int amount) throws ProcessException
{
// was before
//de.brockhaus.userMgmt.util.Process p =
new de.brockhaus.userMgmt.control.process.SomeProcess(amount);
process.setAmount(amount);
process.proceed();
}
}
18. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
18
Using @Resource
✔ Alternatively the @Resource annotation can be used to access
resources bound to the JNDI tree
✔ As the result is the same compared to @Inject, @Inject is less
work …
✔ The @Resource annotation explained for being complete only
✔ Doesn't work under JBoss 6.1 if resource is bound by Singleton
bean with @PostConstruct and
@DependsOn annotations
19. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
19
Binding the resources
@Singleton
@Startup
public class ResourceBinder
{
private Logger log = Logger.getLogger(this.getClass());
@PostConstruct
public void bindResources()
{
try
{
InitialContext ctx = new InitialContext();
ctx.rebind("SomeProcess", new SomeProcess());
log.info(">>>>> SomeProcess bound");
}
catch (NamingException e)
{
e.printStackTrace();
}
}
}
20. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
20
Injecting the resource
✔ Using @Resource annotation
@Stateless
@Remote(SomeService.class)
public class SomeServiceBean implements SomeService
{
@Resource(mappedName="SomeProcess")
private SomeProcess process;
public void someBusinessMethod(int amount) throws ProcessException
{
process.setAmount(amount);
process.proceed();
}
}
21. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
21
Lab
Implement Resource Binder
(not more than 15 min.)
22. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
22
Module
Payload Extractor
23. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
23
Extracting the payload
Why:
✔ As no one Type checking and error handling needs to be factored
out from the MDB
✔ Corrupted messages have to be send to DLQ
Approach:
✔ Decorate onMessage() method of
MDB using an interceptor
24. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
24
The interceptor
✔ ...
public class PayloadInterceptor
{
private static final String CALLED_METHOD_NAME = "proceedXMLMessage";
private Logger log = Logger.getLogger(this.getClass());
@AroundInvoke
public Object intercept(InvocationContext ctx){
Object ret = null;
try{
// getting the parameters from InvocationContext
Object[] params = ctx.getParameters();
if(params[0] instanceof TextMessage){
TextMessage msg = (TextMessage) params[0];
String payload = msg.getText();
this.invokeMethod(ctx.getTarget(), payload);
log.info("TextMessage received");
}
ret = ctx.proceed();
}
catch (Exception e){
this.dealWithException(e);
}
return ret;
}
25. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
25
Wrapping the MDB
✔ onMessage method annotated, service injected ...
@MessageDriven(
activationConfig = {
@ActivationConfigProperty(propertyName = "acknowledgeMode",
propertyValue = "Auto-acknowledge"),
@ActivationConfigProperty(propertyName = "destinationType",
propertyValue = "javax.jms.Queue"),
@ActivationConfigProperty(propertyName="destination",
propertyValue="queue/facade/UserMgmt")
})
public class UserManagementQueueListenerBean implements MessageListener {
private Logger log = Logger.getLogger(this.getClass());
@EJB
private UserManagementServiceLocal userService;
@Interceptors(PayloadInterceptor.class)
public void onMessage(Message msg){
log.info("invoked but nothing will happen");
}
...
26. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
26
Wrapping the MDB
✔ Delegating to the service ...
public void proceedXMLMessage(String xml) throws JAXBException
{
log.info(xml + "received");
userService.createUserThroughXML(xml);
}
27. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
27
Lab
Implement Payload Extractor
(not more than 15 min.)
28. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
28
Module
Asynchronous Resource
Integrator
29. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
29
Purpose
✔ In the majority of the environments, many applications still run on
heterogeneous platforms (heterogeneosity meant in terms of
technologies like programming languages)
✔ Existing Java EE services need to be integrated with these legacy
services.
✔ There are several technologies you might
want to make use of like HTTP-based
REST or SOAP or even CORBA.
✔ If Messaging is supported on both
platforms, why not using it?
30. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
30
Lab
Implement Asynchronous Resource Integrator
(not more than 15 min.)
31. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
31
Review
Session Review:
✔ Why do we need to access other components not using JNDI?
✔ Is there a way to get out of the JNDI name hazzle?
✔ Messaging is nice but which types of messages to deal with and
how to check?
32. Copyright by Brockhaus GmbH, alle Rechte reserviert, unautorisierte Vervielfältigung untersagt
32
Recommeded reading
✔ http://java.sun.com/blueprints/corej2eepatterns/
✔ http://www.corej2eepatterns.com/Patterns2ndEd/
✔ Adam Bien, J2EE Patterns,
Addison Wesley 2002,
ISBN: 3-8273-1903-X
✔ Floyd Marinescu, Ed Roman:
Ejb Design Patterns: Advanced Patterns,
Processes, and Idioms; Wiley & Sons,
ISBN-10: 0471208310
✔ And other ...
Photo: Bundesarchiv
Notas do Editor
You can see that there is no tight coupling between the classes. Both can be changed independently without affecting each other. Of course, if there is any change in the public methods of Class Callee, Class Caller needs to change as well. But how Object &quot;c&quot; is created and managed is not decided in the implementation of Object &quot;a&quot;. Instead, the IoC framework uses the setB() method in Object &quot;a&quot; to inject Object &quot;c&quot;.