sebastiandaschner news


monday, july 10, 2017

Welcome to my newsletter #10!

For me these days are quite full with client workshops about the topics of Docker, Kubernetes and OpenShift. Right now I’m in the city of Stuttgart in the south of Germany — next week it will be the island of Crete with the famous JCrete unconference again. Already looking forward to Java content on the beach :-)

 

What’s new

 

And now more on Java EE 8 topics:

 

Servlet 4.0 & HTTP/2

Java EE 8 will include version 4.0 of the Servlet specification that mainly targets one big topic: HTTP/2. Version 2 of HTTP aims to lower latency and maximize thoughput with multiplexing, pipelining, compressing headers and server push.

Servlet 4.0 will include support of HTTP/2, on which other specifications such as JAX-RS then can piggyback and use in a transparent way.

Most of the changes in 4.0 will mainly concern the Servlet container and less the developer’s work with the exception of server push. Server push works that way that the server directly sends HTTP responses of resources related to a client requested resource following the assumption that the client would need these resources as well. In web pages this mainly concerns Stylesheets, JS code and other assets.

Servlet 4.0 makes these server push messages possible by using PushBuilder that is instantiated with HttpServletRequest.newPushBuilder().

 

Security 1.0

Together with JSON-B, Security 1.0 will be the second brand new specification in Java EE 8. The idea behind Security is to standardize authentication and authorization with vendor-agnostic APIs as well as to use modern technology, that enable usage in the cloud.

Until now developers had to implement JASPIC themselves or use vendor-specific features of the EE containers. There was also no standard way of realizing identity stores so far.

 

Security 1.0 IdentityStore

Identity stores contain authentication and authorization information of application users, respectively. Depending on the project that is realized mostly with LDAP or databases. Security 1.0 includes IdentityStores as lightweight, portable feature to manage this information.

Developers can comparatively easily define identity stores that either authenticate or authorize users, respectively, using the interface IdentityStore.

Besides that EE containers will also be required to ship default IdentityStores that can easily be configured for external LDAP or database calls, respectively. For that reason the annotations @LdapIdentityStoreDefinition and @DataBaseIdentityStoreDefinition have been added.

 

Security 1.0 SecurityContext

Once in a while business code has to query security related information. For now this data is accessed in various ways, depending on the context.

With the @Inject-able bean SecurityContext these queries can be streamlined throughout the whole Java EE project. The SecurityContext type offers getCallerPrincipal(), isCallerInRole() and authenticate, which are implemented by the container.

 

MVC 1.0

A standard that sadly didn’t make it into the Java EE umbrella is Model View Controller 1.0. This standard has been transferred to Java Champion Ivar Grimstad and is now “owned by” the Java Community.

MVC 1.0 aims to provide action-based MVC functionality for server-side web page rendering. Therefore it complements JSF as component-based MVC framework. MVC 1.0 is built on top of JAX-RS and uses so called controllers to handle HTTP requests and forward them to views.

@Path("coffee")
@Controller
public class CoffeeController {

    @Inject
    CoffeeShop coffeeShop;

    @Inject
    Models models;

    @GET
    public String getCoffee() {
        List<Coffee> coffees = coffeeShop.getCoffees();
        models.put("coffees", coffees);

        return "coffee.jsp";
    }

}

Actually my blog that is powered by the AsciiBlog Java EE application has been using MVC for quite a while now — already in early versions of Ozark, the reference implementation.

 

Thanks a lot for reading and see you next time!

 

Did you like the content? You can subscribe to the newsletter for free:

All opinions are my own and do not reflect those of my employer or colleagues.