book

Java Enterprise in a Nutshell, Third Edition

by Jim Farley, William Crawford

November 2005

Intermediate to advanced

896 pages

31h 5m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Java Enterprise in a Nutshell, 3rd Edition
Preface
What’s New in This Edition
Contents of This Book
Java Programming Resources
Examples Online
Conventions Used in This Book
Typographic ConventionsXML Schema/DTD Diagrams
Using Code Examples
Safari® Enabled
Comments and Questions
Acknowledgments
Jim FarleyWilliam CrawfordPrakash MalaniJohn G. NormanJustin Gehtland

I. The Java Enterprise APIs
1. Introduction
Enterprise Computing Defined
Enterprise Computing Demystified
Standard Java Enterprise APIs
Basic ToolsJava API for XML Processing (JAXP)J2EE securityWeb UIs and ComponentsJava servlets: Basic web-enabled componentsJavaServer Pages (JSPs): Dynamic web pagesJavaServer Faces (JSF): Web UI componentsAccessing Information SystemsJDBC: Working with relational databasesJava Naming and Directory Interface (JNDI): Working with directory servicesJava Transaction API (JTA): Accessing transactional resourcesDistributed ComputingJAX-RPC and SAAJ: Using and writing web servicesJava RMI: Java-to-Java remote objectsJava IDL: Using and writing CORBA remote objectsEnterprise JavaBeans: Distributed business componentsMessagingJava Message Service (JMS): General enterprise messagingJavaMail: Email-based messaging
De Facto Standard Enterprise Development Tools
Ant: Building and Deploying ApplicationsJUnit and Cactus: Testing Your Objects, Components, and ApplicationsStruts: Implementing Model-View-Controller SystemsHibernate: Object Relational MappingsXDoclet and Java Annotations: Simplifying Development with Metadata
An Enterprise Computing Scenario
Enabling E-Commerce for a Mail-Order EnterpriseUpdating CornCo with Enterprise JavaBeansOther Potential Directions
Other Enterprise APIs
2. Application Assembly and Deployment
J2EE Application Assembly ModelAssembling ApplicationsJNDI Configuration ServicesNaming conventionsTwo-level name resolutionDeploying ApplicationsResolving resource and component referencesRuntime classloading modelsPhysical deployment
Component Modules
Module Jar FilesDeployment DescriptorsComponent Module Assembly ExampleEJB module descriptorWeb module descriptor
Application Assemblies
Application Assembly Example
Deploying J2EE Applications
Adjust Deployment DescriptorsPerform Server-Specific ConfigurationGenerate Container-Specific Classes
3. Java Servlets
Getting a Servlet Environment
Servlet Basics
The Servlet LifecycleWriting ServletsHTTP Servlets
Web Applications
Structure of Web ApplicationsMapping Requests with a ContextContext Methods
Servlet Requests
Forms and InteractionPOST, HEAD and Other Requests
Servlet Responses
Request DispatchingError HandlingStatus codesServlet exceptionsA file-serving servlet
Custom Servlet Initialization
Servlet Context Initialization
Security
Servlet Filters
Filters and Request Dispatchers
Thread Safety
Cookies
Session Tracking
HttpSessionBindingListener
Databases and Non-HTML Content
4. JavaServer Pages
JSP BasicsDirectives and DeclarationsBuilt-in ObjectsSharing Data Between JSPs, Other JSPs, and Servlets
JSP Actions
JSP Tags and JavaBeansScoping Beans
The JSP Expression Language
Using the EL with Tags
JSP Standard Tag Library
Variables and Flow ControlFlow controlURL managementInternationalization
Custom Tags
Implementing Custom TagsMore About the Tag LifecycleBody TagsIntertag Communication
Wrapping Up
5. JavaServer Faces
The Sample Application
Structure of a JSF Application
JSF LifecycleThe JSF Configuration File
Managed Beans
The JSF Expression Language
JSF Actions and Views
NavigationDynamic actions and navigationSophisticated ViewsUser Interface Events
Building Tables
Panel GridsData GridsEditing data tablesData model objects
Validation
Adding Validators to FormsDisplaying Validation MessagesCustom Validators
Moving on with JSF
6. Enterprise JavaBeans
What Version Is Covered Here?
EJB Component Model Overview
The Enterprise JavaBeans ObjectTypes of EJBsEJB code artifactsThe EJB ClientThe EJB Container
EJB Tutorial
Client InterfacesRemote client interfacesLocal client interfacesHome InterfacesThe Bean Implementation
Deploying EJBs
EJB Deployment DescriptorsSecurity-Related Deployment AttributesClient security rolesMethod permissionsPropagating identitiesPackaging EJBsGenerating the container classesDelivering the package
Using Enterprise JavaBeans
Local Versus Remote ClientsFinding Home Interfaces Through JNDICreating and Finding BeansEJB Handles and Home Handles
Session Bean Specifics
Session Bean Implementation ClassesStateless Versus Stateful Session BeansContainer Management of Session BeansOptional Transaction Support
Entity Beans
Finder MethodsSelect MethodsEntity Bean ImplementationsPrimary keysEntity bean container callbacksDeployment Options for Entity BeansThe Entity ContextLifecycle of an Entity BeanBean-Managed PersistenceContainer-Managed PersistenceMapping container-managed fields: Abstract persistence schemaHandling complex data structuresFinder and select methodsEJB relationships
Message-Driven Beans
Deploying Message-Driven EJBsMessage-Driven Clients
Transaction Management
Transaction Management: Bean-Managed Versus Container-ManagedTransaction Support AttributesMessage-driven beansCMP entity beansStateful session beansStateless session beans
EJB 3.0
7. Java and XML
Using XML DocumentsXML Schema
Java API for XML Processing
Getting a Parser or Processor
SAX
SAX HandlersContentHandlerErrorHandlerDefaultHandlerUsing a SAX ParserA SAX example: Processing orders
DOM
Getting a DOM ParserNavigating the DOM TreeElement attributesManipulating DOM TreesExtending DOM Trees
XSLT
JAXP Data SourcesDetermining data source supportCustom URI resolution
8. JDBC
JDBC ArchitectureJDBC BasicsJDBC DriversJDBC URLsThe JDBC-ODBC Bridge
Connecting to the Database
DataSource ObjectsConnection Pooling
Statements
Multiple Result Sets
Results
Handling NullsLarge Data TypesDates and TimesAdvanced Results HandlingJava-Aware Databases
Handling Errors
SQL Warnings
Prepared Statements
Batch UpdatesAuto-Generated Keys
BLOBs and CLOBs
Metadata
DatabaseMetaDataResultSetMetaData
Transactions
Distributed TransactionsSavepoints
Stored Procedures
Escape Sequences
RowSets
9. JNDI
JNDI Architecture
A Simple Example
Introducing the Context
Using the InitialContext ClassOther Naming Systems
Looking Up Objects in a Context
The NamingShell Application
The Command InterfaceA Command for Loading an Initial ContextRunning the Shell
Listing the Children of a Context
How Names WorkBrowsing a Naming SystemListing the Bindings of a Context
Creating and Destroying Contexts
Binding Objects
Accessing Directory Services
The DirContext InterfaceThe Attributes InterfaceThe Attribute Interface
Modifying Directory Entries
Creating Directory Entries
Searching a Directory
Search CriteriaSearch ResultsSearch ControlsA Search Command
Event Notification
Event SourcesWriting Event ListenersRegistering Event ListenersA listen command
10. J2EE Security
Basic Security ConceptsPublic-Key CryptographyTransport Layer Security: Integrity and ConfidentialityApplication Layer Security: Authentication and Authorization
A Look at Java and J2EE Security Standards
Authentication and Authorization in Java SecurityEncryption in Java Security
Declarative Security Versus Programmatic Security
Web Component Security
Web-Tier Transport-Level SecurityWeb-Tier AuthenticationBASIC authenticationDIGEST authenticationFORM authenticationCLIENT authenticationCustom authenticationWeb-Tier AuthorizationDeclarative authorizationProgrammatic authorizationIdentity Propagation from the Web Tier to the EJB TierWeb Tier Best Practices
EJB Component Security
EJB-Tier Transport-Level SecurityEJB-Tier AuthenticationEJB-Tier AuthorizationEJB-tier declarative authorizationEJB-tier programmatic authorizationEJB Tier Best Practices
Other J2EE Security Topics
Accessing Enterprise Resource ManagersWeb Services SecuritySingle Sign-On (SSO)SSO productsSecurity stores
Limitations of J2EE Security
11. Java Message Service
JMS in the J2EE Environment
Elements of Messaging with JMS
Messaging Styles: Point-to-Point and Publish-SubscribeKey JMS InterfacesA Generic JMS ClientGeneral setupClient identifiersAuthenticated connectionsSessionsSending messagesReceiving messagesTemporary destinationsCleaning up
The Anatomy of Messages
Message Header Fields and PropertiesJMS Message TypesAccessing Message ContentFiltering Messages
Point-to-Point Messaging
Sample ClientBrowsing Queues
Publish-Subscribe Messaging
Sample ClientDurable Subscriptions
Unified Messaging
Transactional Messaging
12. Web Services with JAX-RPC and SAAJ
What’s Covered Here?
Brief Introduction to Web Services
Simple Object Access Protocol (SOAP)Web Service Description Language (WSDL)Web Service Styles and Encoding
Java Web Services
Mapping SOAP and WSDL to JavaWeb Service Deployment
Writing Web Service Clients
Static Proxy ApproachDynamic Proxy ApproachDynamic Invocation Interface (DII) Approach
Writing Web Services
Simple Java Web ServicesEJB Web ServicesNonstandard Implementation SchemesAxis JWS approach
Deploying Web Services
J2EE Standard ModelSimple Java web servicesEJB web servicesAxis Deployment Model
13. Remote Method Invocation
What’s Covered Here?
Introduction to RMI
RMI in ActionRMI ArchitectureRMI Object ServicesNaming/registry serviceObject activation serviceDistributed garbage collection
Defining Remote Objects
Key RMI Classes for Remote Object Implementations
Creating the Stubs and Skeletons
Accessing Remote Objects as a Client
The Registry and Naming ServicesRemote Method Arguments and Return ValuesFactory Classes
Dynamic Classloading
Configuring Clients and Servers for Remote ClassloadingLoading Classes from Applets
Remote Object Activation
Persistent Remote ReferencesDefining an Activatable Remote ObjectThe Activatable classImplementing an activatable objectRegistering Activatable ObjectsRegistering an activatable object without instantiatingPassing data with the MarshalledObjectActivation GroupsRegistering activation groupsAssigning activatable objects to groupsThe Activation DaemonThe daemon’s dual personality
RMI and Native Method Calls
RMI with JNI Versus CORBA
RMI Over IIOP
Accessing RMI Objects from CORBA
14. Java IDL (CORBA)
A Note on Evolving Standards
The CORBA Architecture
Interface Definition LanguageThe Object Request Broker and the Object AdaptorThe Naming ServiceInter-ORB Communication
Creating CORBA Objects
An IDL PrimerModulesInterfacesData members and methodsA complete IDL exampleTurning IDL into JavaThe delegation server-side modelA simple server classThe helper class and narrowing referencesThe holder classThe client stubServer skeletonsWriting the Implementation
Putting It in the Public Eye
Initializing the ORBRegistering with a Naming ServiceAdding Objects to a Naming ContextA slightly simpler approach: The Interoperable Naming Service
Finding and Using Remote Objects
Remote Object References and NarrowingAccessing Remote ObjectsORB Initial Object ReferencesGetting Objects from Other Remote ObjectsNaming Service lookupsObject URLs
What If I Don’t Have the Interface?
Dynamic Invocation Interface
15. JavaMail
Email and JavaMailJavaMail LayersInstalling and Configuring JavaMailProvider registriesThe Mail SessionAuthenticatorsProvidersURL names
Creating and Sending Messages
Sending Messages
Retrieving Messages
Message StoresHandling Incoming MessagesSearches and Message Management
Multipart Messages
Displaying Multipart MessagesSending Multipart Messages
16. Transactions
Transaction OverviewTransaction PropertiesTransaction Isolation Problems and LevelsTransaction isolation violationsTransaction isolation levelsTransaction ModelsDistributed Transactions and the JTADistributed Transaction ScenariosDatabase and message queueMultiple databasesMultiple application serversClient demarcationTwo-Phase CommitEmulating two-phase commit
Programmatic Transactions Versus Declarative Transactions
Programmatic TransactionsDeclarative Transactions
Optimistic Concurrency
EJB Transaction Management
BMTD with JTAStateless session beans and message-driven beansStateful session beansContainer-Managed Transaction Demarcation (CMTD)Inducing rollbacks in CMTD
Some Common Programming Scenarios
Using a Session FaçadeUsing Transaction Attributes with CMTDDistributed Transactions Involving a JMS Destination and Database
Transaction Best Practices
II. Open Source Enterprise Tools
17. Ant
What Version Is Covered Here?
Ant Overview
Ant Fundamentals
BuildfilesDefining Targets, Their Tasks, and Their RelationshipsPropertiesSetting propertiesReferencing properties
Core Tasks
File and Directory TasksBasic entitiesCreating, moving, copying, and deletingMaking archivesBasic Java TasksPaths and classpathsCompiling Java codeRunning Java programsMiscellaneous UtilitiesAnt’s echo task: System.out.println()Calling external programsImporting custom Ant tasksInvoking targets
Enterprise Tasks
Assembling ComponentsWeb componentsEJB componentsAssembling ApplicationsDeploying Components and Applications
Creating Portable Build Processes
Hierarchical Property FilesModular Target DefinitionsImporting targets in older Ant versionsPutting It All Together
18. JUnit and Cactus
What’s Covered Here?Other Tools to Consider
Unit Testing Concepts
Units and DependenciesUnit Testing Versus Integration TestingWhite Box Versus Black Box TestingKeep the Tests SimpleTest Coverage
JUnit Overview
Defining Tests by Writing TestCasesMaking Assertions in Test MethodsFailing TestsManaging Test FixturesOrganizing Tests Using TestSuites
Using JUnit with Ant
Controlling the Build with Unit TestsRunning Batches of TestsFormatting Test Results
Testing Enterprise Components with Cactus
The Cactus Model and ArchitectureThe Cactus test processCactus test proxiesWriting Cactus TestsIntroduction to Cactus tests: Testing servletsTesting JSPsTesting JSP custom tagsTesting servlet filtersTesting EJBs and component typesTesting asynchronous codeRunning Cactus TestsRunning Cactus tests with AntRunning Cactus tests using ServletTestRunner
19. Struts
The Scope of Struts
The Sample Application
The Development Process with Struts
The Struts Controller
The ActionServletThe RequestProcessor
The Action Class
RequestProcessor and ActionsThe Struts Configuration File
Views in Struts
The ActionForm ClassValidationScopeThe ActionForm and the JSP
Struts Tags
Form Handling and Form Tags<html:form><html:text>, <html:password>, and <html:submit><html:select>, <html:options>, and <html:checkbox><html:multibox>Additional Tags<html:link><html:errors><logic:forward>Using the JSTL Expression Language in Struts Tags
Struts Plug-ins
DynaActionForms and the Struts Validator
20. Hibernate
The Sample Application
Principles of Hibernate
TransparencyReflectionJava, JDBC, and RDBMSPluggabilityPerformance
Configuration and Mapping
Global ConfigurationDebuggingOther JDBC propertiesTransaction managementOptimizationJNDISQLThe Hibernate Type SystemClass MappingsUnique IDsPropertiesCollection TypesRelationship MappingsOne-to-oneOne-to-many and many-to-oneMany-to-manyProxiesLazy loadingSpecial note about lazy initializationPolymorphic MappingsOne table per class hierarchyOne table per classOne table per concrete classMapping Tools
The Hibernate API
Configuration and HibernateSessionFactorySessionLoading objectsSaving new objectsUpdating existing objectsRetrieving multiple objectsConnection managementDisconnected objectsQueryInterceptorsEvents
HQL (Hibernate Query Language)
FROMSELECTWHERE
Hibernate Services
TransactionsCachingThe second-level cacheThe Query cacheSecurity
Conclusion
21. Annotations with XDoclet and J2SE Metadata
What’s Covered Here?
What Are Code Annotations?
Annotation Tools
XDoclet Tutorial
Annotating Your CodeProcessing XDoclet AnnotationsGenerating Deployment Descriptors“Pure” annotation-driven deployment descriptorsMixed models: Deployment using annotations and external dataGenerating Source CodeWeb servicesEJBsOther AnnotationsCustom XDoclet AnnotationsA Word of Caution
J2SE Annotations Tutorial
General Programming ModelCore Annotations@Override@SuppressWarnings@DeprecatedCreating and Using Custom AnnotationsProcessing Annotations at RuntimeThe Future of J2SE Annotations
III. Appendixes
A. J2EE Deployment Descriptor Reference
Web Components (web.xml)General Cross-Component SettingsWeb Component DeclarationsWeb Handler DeclarationsSecurity ConfigurationComponent ReferencesResources and Environment Entries
Enterprise JavaBeans (ejb-jar.xml)
Session EJB DeclarationsMessage-Driven EJB DeclarationsEntity EJB DeclarationsEntity EJB Relationship DeclarationsCross-Component Runtime Settings
Application Archives (application .xml)
Web Services (webservices.xml)
Web Service Java/WSDL Mappings
B. JavaServer Faces Tag Libraries
JSF Core Tags<f:actionListener><f:attribute><f:convertDateTime><f:convertNumber><f:converter><f:facet><f:loadBundle><f:param><f:selectItem><f:selectItems><f:subview><f:validator><f:validateDoubleRange><f:validateLength><f:validateLongRange><f:valueChangeListener><f:view><f:verbatim>
JSF HTML Tags
Pass-Through Attributes<h:column><h:commandButton><h:commandLink><h:dataTable><h:form><h:graphicImage><h:inputHidden><h:inputSecret><h:inputText><h:inputTextarea><h:message><h:messages><h:outputFormat><h:outputLabel><h:outputLink><h:outputText><h:panelGrid><h:panelGroup><h:selectBooleanCheckbox><h:selectManyCheckbox><h:selectManyListbox><h:selectManyMenu><h:selectOneListbox><h:selectOneMenu><h:selectOneRadio>
C. Enterprise JavaBeans Query Language Syntax
Basic Structure of EJB QL Queries
FROM Clause
Range VariablesCollection Member Variables
SELECT Clause
Aggregation expressionsDISTINCT Queries
WHERE Clause
LiteralsVariablesSimple query variablesInput parameter variablesPath expression variablesFunctionsConditional ExpressionsLogical operatorsArithmetic operatorsComparison operators
ORDER BY Clause
D. SQL Reference
Relational Databases
Data Types
Schema Manipulation Commands
CREATE TABLEALTER TABLEDROP
Data Manipulation Commands
SELECTString comparisonsSubqueries and joinsGroupsINSERTUPDATEDELETE
Functions
Aggregate FunctionsValue FunctionsDate/time functionsString manipulation functions
Return Codes
E. JMS Message Selector Syntax
Structure of a Selector
Identifiers
Literals
Operators
Logical OperatorsArithmetic OperatorsComparison Operators
Expressions
F. FRMI Tools
rmic: The Java RMI Compiler
rmid : The RMI Activation Daemon
rmiregistry : The Java RMI Object Registry
serialver: The RMI Serial Version Utility
G. IDL Reference
IDL Keywords
Identifiers
Mapping Identifiers to Java
Comments
Mapping Comments to Java
Basic Data Types
Strings and CharactersMapping strings and characters to Java
Constants and Literals
Mapping Constants to JavaBoolean LiteralsNumeric LiteralsInteger literalsFloating-point literalsFixed-point literalsMapping numeric literals to JavaCharacter LiteralsString Literals
Naming Scopes
User-Defined Data Types
TypedefsMapping typedefs to JavaArraysMapping arrays to JavaSequencesMapping sequences to JavaStructsMapping structs to JavaEnumerationsMapping enumerations to JavaUnionsMapping unions to Java
Exceptions
Standard ExceptionsMapping Exceptions to Java
Module Declarations
Mapping Modules to Java
Interface Declarations
AttributesMethodsArgumentsExceptionsContext valuesCall semanticsInterface InheritanceMethod and attribute inheritanceConstant, type, and exception inheritanceIDL early bindingMapping Interfaces to JavaHelper and holder classesAttributesMethods
Value Type Declarations
Mapping Valuetypes to Java
H. HJava IDL Tools
idlj : The Java IDL Compiler
orbd : Naming Service Daemon
servertool
tnameserv: Transient Naming Service Daemon
About the Authors
Index
Colophon

Content preview from Java Enterprise in a Nutshell, Third Edition

Chapter 10. J2EE Security

Security is paramount in any application, especially in large-scale, distributed J2EE applications. Although J2EE security is critical, it is only one piece of a much larger picture. Security requires an enterprise strategy that addresses physical security, application security, and network security. J2EE security is but one link in that larger chain.

When developing J2EE applications, security is a critical concern. You want to make sure that only authorized users access the application and that hackers can’t steal sensitive data. This chapter describes how you can secure your J2EE application.

The chapter begins by providing an overview of transport and application security as well as defining the important concepts of authentication and authorization. It then explains security in the web and application tiers. The chapter explains the concepts of programmatic security as well as declarative security and then goes on to address various specific enterprise security concerns. Finally, we conclude this chapter by highlighting some of the limitations of the current J2EE security model.

Before we get started, here’s a caveat. In order to cover J2EE security in some detail in this chapter, we assume that you are familiar with numerous security concepts and techniques, including authentication, authorization, encryption, message digests, and digital signatures, to name a few. Depending on your background, you may want to do some further reading in this area as ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Java Enterprise in a Nutshell, Second Edition

Publisher Resources

ISBN: 0596101422Catalog Page Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Java Enterprise in a Nutshell, Third Edition

by Jim Farley, William Crawford

Chapter 10. J2EE Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Java Enterprise in a Nutshell, Second Edition

Professional Java for Web Applications

Java EE 7: The Big Picture

Modernizing Enterprise Java

Publisher Resources