SlideShare a Scribd company logo

Java EE 8 - An instant snapshot

David Delabassee
David Delabassee

The document discusses plans for Java EE 8 based on feedback from the Java EE community. Key areas of focus for Java EE 8 include enhancements to support HTML5/web standards like JSON binding, processing and server-sent events. The document outlines specific APIs and features being considered for these areas based on industry trends and priorities identified in a community survey. Additional themes for Java EE 8 are improved ease of development, alignment with CDI and infrastructure for cloud deployments.

Internet
1 of 66
Downloaded 62 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
David Delabassee (@delabassee) Oracle Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Java EE 8 “An instant snapshot” J-­‐Fall 2014 1
Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 2
Preview of Java EE 8 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Program Agenda How did we get here? What do we want to do? How can you get involved? 1 2 3 3
DEVELOPER PRODUCTIVITY Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 7 ENTERPRISE EDITION ▪Batch ▪Concurrency ▪Simplified JMS ▪More annotated POJOs ▪Less boilerplate code ▪Cohesive integrated platform ▪WebSockets ▪JSON ▪Servlet 3.1 NIO ▪REST MEETING ENTERPRISE DEMANDS Java EE 7 4
Industry Trends We're Seeing Reactive Programming Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Cloud Mobile HTTP/2 User Experience SECURITY 5
Feedback from the Community Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Many sources – Users lists of java.net projects – JIRAs – JavaOne 2013 Java EE BOF and Java EE EG meeting – Outreach by evangelists • Consolidated into Community Survey 6
Java EE 8 Community Survey Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • 3 parts over 3½ months – 47 questions – 15 fill-­‐ins – 1000’s of comments • 4500+ respondents • Prioritization of most-­‐popular features 7
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 8
Community-­‐Prioritized Features Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 9
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 8 ! ! Driven by Community Feedback You asked for it, you got it! 10
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 8 Themes • HTML5 / Web Tier Enhancements • Ease of Development / CDI alignment • Infrastructure for running in the Cloud 11
HTML5 Support / Web Tier Enhancements Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • JSON Binding • JSON Processing enhancements • Server-­‐sent Events • Action-­‐based MVC • HTTP/2 support 12
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐B Java API for JSON Binding Which of these APIs do you think is important to be included in Java EE 8? 13
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐B Java API for JSON Binding • API to marshal/unmarshal Java objects to/from JSON – Similar to JAXB runtime API in XML world • Default mapping of classes to JSON – Annotations to customize the default mappings – JsonProperty, JsonTransient, JsonNillable, JsonValue, … • Draw from best practices of existing JSON binding implementations – MOXy, Jackson, GSON, Genson, Xstream, … – Allow switch of JSON binding providers 14
JSON-­‐B @Entity public class Person { ! @Id String name; { String gender; @ElementCollection Map<String,String> phones; ... // getters and setters } ! Person duke = new Person(); duke.setName("Duke"); duke.setGender("M"); phones = new HashMap<String,String>(); phones.put("home", "650-­‐123-­‐4567"); phones.put("mobile", "650-­‐234-­‐5678"); duke.setPhones(phones); ! Marshaller marshaller = new JsonContext().createMarshaller().setPrettyPrinting(true); marshaller.marshal(duke, System.out); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐234-­‐5678"} } 15
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐B • All the way from client to database – JSON-­‐B will provide JAX-­‐RS a standard way to support “application/json” media type JPA JSON-­‐B Data Source JSON JAX-­‐RS Java Objects 16
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P 1.1 Java API for JSON Processing • Keep JSON-­‐P spec up-­‐to-­‐date • Track new standards • Add editing operations to JsonObject and JsonArray • Helper classes and methods to better utilize SE 8’s stream operations 17
JSON-­‐P: Java API for JSON Processing 1.1 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Tracking new standards • JSON-­‐Pointer – IETF RFC 6901 – String syntax for referencing a value "/0/phones/mobile" 18
JSON-­‐P JsonArray contacts = Json.createArrayBuilder() .add(Json.createObjectBuilder() .add("name", "Duke") .add("gender", "M") .add("phones", Json.createObjectBuilder() .add("home", "650-­‐123-­‐4567") .add("mobile", "650-­‐234-­‐5678"))) Copyright © 2014, Oracle and/or its affiliates. All rights reserved. .add(Json.createObjectBuilder() .add("name", "Jane") .add("gender", "F") .add("phones", Json.createObjectBuilder() .add("mobile", "707-­‐555-­‐9999"))) .build(); 19 ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐234-­‐5678"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-­‐555-­‐9999"}} ] !
JSON-­‐P JsonArray contacts = … JsonPointer p = Json.createPointer("/0/phones/mobile"); JsonValue v = p.getValue(contacts); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐234-­‐5678"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-­‐555-­‐9999"}} ] ! 20
JSON-­‐P: Java API for JSON Processing 1.1 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Tracking new standards • JSON-­‐Patch – IETF RFC 6902 • Patch is a JSON document – Array of objects / operations for modifying a JSON document – Must have "op" field and "path" field – add, replace, remove, move, copy, test [ {"op":"replace","path":"/0/phones/mobile","value":"650-­‐111-­‐222"}, {"op":"remove","path":"/1"} ] 21
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P [ { "op":"replace", "path":"/0/phones/mobile", "value":"650-­‐111-­‐2222"}, { "op":"remove", "path":"/1"} ] ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐234-­‐5678"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-­‐555-­‐9999"}} ] ! 22
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P [ { "op":"replace", "path":"/0/phones/mobile", "value":"650-­‐111-­‐2222"}, { "op":"remove", "path":"/1"} ] ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐111-­‐2222"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-­‐555-­‐9999"}} ] ! 23
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P [ { "op":"replace", "path":"/0/phones/mobile", "value":"650-­‐111-­‐2222"}, { "op":"remove", "path":"/1"} ] ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐111-­‐2222"}} ] ! 24
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P 1.1 • JsonObject and JsonArray are immutable • Need editing capability to implement JSON patch • Possible approach: use builder pattern – Builder creates mutable object for temporary editing – Convert to immutable object when done JSON Patch 25
JSON-­‐P 1.1 JSON Query using Lambda Operations JsonArray contacts = ...; List<String> femaleNames = contacts.getValuesAs(JsonObject.class).stream() .filter(x-­‐>"F".equals(x.getString("gender"))) .map(x-­‐>(x.getString("name")) .collect(Collectors.toList()); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 26
JSON-­‐P 1.1 JSON Query collecting results in JsonArray JsonArray contacts = ...; JsonArray femaleNames = contacts.getValuesAs(JsonObject.class).stream() .filter(x-­‐>"F".equals(x.getString("gender"))) .map(x-­‐>(x.getString("name")) .collect(JsonCollectors.toJsonArray()); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 27
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-­‐sent Events Should we also standardize a Java API for server-­‐sent events? 28
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-­‐sent Events • Part of HTML5 standardization • Server-­‐to-­‐client streaming of text data • Mime type : “text/event-­‐stream” • Long-­‐lived HTTP connection – Client establishes connection – Server pushes update notifications to client – Commonly used for one-­‐way transmission for period updates or updates due to events 29
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-­‐sent Events • Several possibilities: Servlet; WebSocket; JAX-­‐RS; standalone –We polled the experts • JAX-­‐RS deemed most natural fit – Streaming HTTP resources already supported – Small extension • Server API: new media type; EventOutput • Client API: new handler for server side events – Convenience of mixing with other HTTP operations; new media type – Jersey (JAX-­‐RS RI) already supports SSE 30
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-­‐sent Events JAX-­‐RS resource class @Path("tickers") public class StockTicker { @Get @Produces("text/event-­‐stream") public EventOutput getQuotes() { EventOutput eo = new EventOutput(); new StockThread(eo).start() return eo; } } 31
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JAX-­‐RS StockThread class class StockThread extends Thread { private EventOutput eo; private AtomicBoolean ab = new AtomicBoolean(true); ! public StockThread(EventOutput eo) { this.eo = eo; } public void terminate() { ab.set(false); } @Override public void run() { while (ab.get()) { try { // ... eo.send(new StockQuote("...")); // ... } catch (IOException e) { // ... } } } } 32 Server-­‐sent Events
JAX-­‐RS Client WebTarget target = client.target("http://example.com/tickers"); EventSource Copyright © 2014, Oracle and/or its affiliates. All rights reserved. eventSource = new EventSource(target) { @Override public void onEvent(InboundEvent inboundEvent) { StockQuote sq = inboundEvent.readData(StockQuote.class); // ... } }; eventSource.open(); 33 Server-­‐sent Events
Model View Controller 1.0 (MVC) Should Java EE provide support for MVC alongside JSF? ! ! ! Is there any one de-­‐facto standard technology in this space to which we should look for inspiration? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 34
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. MVC 1.0 • Action-­‐based model-­‐view-­‐controller architecture • Glues together key Java EE technologies: – Model • CDI, Bean Validation, JPA – View • Facelets, JSP – Controller • Invent new technology? • Leverage existing technologies such as JAX-­‐RS, … ? 35
Address the Limitations of HTTP 1.x Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 HTTP/2 expected as Proposed Standard from IETF in November • Reduce latency • Address the HOL blocking problem • Support parallelism (without requiring multiple connections) • Retain semantics of HTTP 1.1 • Define interaction with HTTP 1.x 36
HTTP 1.1 HTTP/2 stream 1 HEADERS stream 3 HEADERS Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 Multiplexed Binary Frames • One TCP Connection • Request -­‐> Stream - Multiplexed - Prioritised • Binary Framing Layer - Prioritisation - Flow Control - Server Push • Header Compression 37 POST /upload HTTP/1.1 Host: www.test.com Content-­‐Type: application/json Content-­‐Length: 15 !{ “name”:“duke”} HEADERS frame DATA frame stream 1 DATA stream 3 DATA Client Server stream 4 DATA stream 6 DATA
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 38 Header Compression
Client Server Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 39 Server Push /index.html : stream 1 /style.css : stream 2 /script.js : stream 4 stream 1 HEADERS stream 1 FRAME x stream 2 PROMISE stream 4 PROMISE
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Servlet 4.0 HTTP/2 Features in Servlet API • Request/response multiplexing – Servlet Request as HTTP/2 message • Stream prioritization – Add stream priority to HttpServletRequest • Server push • Binary framing • Upgrade from HTTP 1.1 40
Ease of Development / CDI Alignment Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Security interceptors • Simplified messaging through CDI-­‐based “MDBs” • JAX-­‐RS injection alignment • WebSocket scopes • Pruning of EJB 2.x client view and IIOP interoperability 41
Security Simplifications / CDI Alignment Should we consider adding Security Interceptors in Java EE 8? ! ! ! Should we simplify authorization by introducing an EL-­‐enabled authorization annotation? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 42
Authorization via CDI Interceptors Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 @IsAuthorized("hasRoles('Manager') && schedule.officeHrs") void transferFunds() ! @IsAuthorized("hasRoles('Manager') && hasAttribute('directReports', employee.id)") double getSalary(long employeeId); ! @IsAuthorized(ruleSourceName="java:app/payrollAuthRules", rule="report") void displayReport(); 43
New API to receive messages asynchronously Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JMS 2.1 • Alternative to EJB message-­‐driven beans • Simpler JMS-­‐specific annotations • Usable by any CDI bean • No need for MessageListener implementation 44
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JMS 2.1 JMS MDBs Today @MessageDriven(activationConfig = { @ActivationConfigProperty(propertyName="connectionFactoryLookup", propertyValue="jms/myCF"), @ActivationConfigProperty(propertyName="destinationLookup", propertyValue="jms/myQueue"), @ActivationConfigProperty(propertyName="destinationType", propertyValue="javax.jms.queue")}) ! public class MyMDB implements MessageListener { public void onMessage(Message message) { // extract message body String body = message.getBody(String.class)); // process message body } } 45
Allow any Java EE bean to be a listener Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JMS 2.1 @RequestScoped public class MyListenerBean { @JMSListener(destinationLookup="jms/myQueue") @Transactional public void myCallback(Message message) { ... } } 46
Candidates for Proposed Optional status Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Pruning Should we prune EJB 2.x remote and local client view (EJBObject, EJBLocalObject, EJBHome, and EJBLocalHome interfaces)? ! ! ! Should we prune CORBA, including support for interoperability by means of IIOP? 47
Modernize the Infrastructure For On-­‐Premise and for in the Cloud Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Java EE Management 2.0 – REST-­‐based APIs for Management and Deployment • Java EE Security 1.0 – Authorization – Password Aliasing – User Management – Role Mapping – Authentication – REST Authentication 48
Management and Deployment APIs Should we define new APIs to deploy and manage applications? ! ! ! Should such new Deployment and Management APIs be REST APIs or JMX APIs? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 49
Java EE Management 2.0 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Update to JSR 77 (“J2EE Management”) • REST-­‐based interfaces to augment (or replace) current Management EJB APIs – Currently used OBJECT_NAME to become URL – Define CRUD operations over individual managed objects – Server-­‐sent events used for event support • Simple deployment interfaces also to be considered as part of management API 50
Java EE Security 1.0 Candidate Areas to Enhance Portability, Flexibility, Ease-­‐of-­‐Use • Password Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Aliasing • User Management • Role Mapping • Authentication • REST Authentication • Authorization 51
Java EE Security 1.0 Enhance Portability, Flexibility, Ease-­‐of-­‐Use Should we add support for password aliases (including the ability to provision credentials along with the application)? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 52
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 Password Aliasing • Standardized syntax for password aliases – Avoids storing passwords in clear text in code, deployment descriptors, files • @DataSourceDefinition( name="java:app/MyDataSource", className="com.example.MyDataSource", ... user="duke", password="${ALIAS=dukePassword}") • Standardized secure credentials archive for bundling alias and password with App – Used by platform as credential store for resolving alias 53
Java EE Security 1.0 Enhance Portability, Flexibility, Ease-­‐of-­‐Use Should we standardize on requirements for simple security providers and their configuration? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 54
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 User Management • Allow application to manage its own users and groups –Without need to access server configuration • Users stored in application-­‐specified repository (e.g., LDAP) • User service manipulates users from user source App LDAP UserInfo UserService LDAP UserSource 55
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 User Management • UserSourceDefinition • UserService – Create/delete users, create/delete groups, add user to group, load UserInfo by user name; etc… • UserInfo – get user name, password, get user’s roles, get user’s attributes, … 56
Java EE Security 1.0 User Management @LdapUserSourceDefinition( name="java:app/ldapUserSource", ldapUrl="ldap://someURL", ldapUser="ElDap", ldapPassword="${ALIAS=LdapPW}", ... ) public class MyAuthenticator { @Resource(lookup="java:app/ldapUserSource") private UserService userService; private boolean isAccountEnabled(String username) { return userService.loadUserByUsername(username).isEnabled(); } ... } Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 57
Java EE Security 1.0 Enhance Portability, Flexibility, Ease-­‐of-­‐Use Should we standardize group-­‐to-­‐role-­‐mapping? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 58
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 Role Mapping • Standardize role service – Role mappings can be stored in app-­‐specified repository (e.g., LDAP) – Application can assign roles to users and groups, based on application-­‐specific model –Without need to access server configuration App LDAP RoleService LDAP RoleMapper 59
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 Role Mapping • RoleMapperDefinition – DataSource, Ldap, Memory/File, Custom, predefined • RoleService – grant/revoke roles for user/group, get roles for user/group, ... ! @Resource(lookup="java:app/devRoleMapper") RoleService roleService; List<String> getRoles(String username) { return roleService.getRolesForUser(username); } ... 60
Context and Dependency Injection 2.0 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Events – Asynchronous – Ordering – Range (war, ear, server, cluster) • Interceptors and Decorators enhancements • Parts – “CDI Light” • … 61
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 8 JSRs • Java EE 8 Platform • CDI 2.0 • JSON Binding 1.0 • JAX-­‐RS 2.1 • MVC 1.0 • Java Servlet 4.0 • JSF 2.3 • JMS 2.1 • JSON-­‐P 1.1 • Java EE Security 1.0 • Java EE Management 2.0 • … and more to follow … So far….. Coming soon ….. 62
Summary and Current Status • Tentative Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Delivery Schedule – Q3 2014: JSR 369 Expert Group formed – Q1 2015: early draft – Q3 2015: public review – Q4 2015: proposed final draft – Q3 2016: final release • Contribute! 63
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. How to Get Involved • Join an Expert Group project – http://javaee-­‐spec.java.net • Adopt a JSR – http://glassfish.org/adoptajsr • The Aquarium – http://blogs.oracle.com/theaquarium • Java EE 8 Reference Implementation – http://glassfish.org 64
Thanks! Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 65
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 66

More Related Content

Similar to Java EE 8 - An instant snapshot (20)

PDF
Java EE 8 - An instant snapshot
David Delabassee
 
PDF
What's Coming in Java EE 8
PT.JUG
 
PDF
JavaCro'15 - Java EE 8 - An instant snapshot - David Delabassee
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Java EE 8 Overview (Japanese)
Logico
 
PDF
Java EE 8 Adopt a JSR : JSON-P 1.1 & MVC 1.0
David Delabassee
 
PDF
Java EE 8 - What’s new on the Web front
David Delabassee
 
PPTX
What's new in the Java API for JSON Binding
Dmitry Kornilov
 
PDF
112815 java ee8_davidd
Takashi Ito
 
PPTX
Introduction to Yasson
Dmitry Kornilov
 
PPTX
JSON Support in Java EE 8
Dmitry Kornilov
 
PPTX
JSON Support in Java EE 8
Dmitry Kornilov
 
PDF
Java EE 7 overview
Masoud Kalali
 
PDF
Java API for JSON Binding - Introduction and update
Martin Grebac
 
PDF
What's new in Java 8
jclingan
 
PDF
Java 8
jclingan
 
PPTX
Adopt-a-JSR session (JSON-B/P)
Dmitry Kornilov
 
PDF
2015 Java update and roadmap, JUG sevilla
Trisha Gee
 
PDF
Json
Anderson Oliveira
 
PPTX
Java EE for the Cloud
Dmitry Kornilov
 
PDF
Jakarta EE and MicroProfile - EclipseCon 2020
Josh Juneau
 
Java EE 8 - An instant snapshot
David Delabassee
 
What's Coming in Java EE 8
PT.JUG
 
JavaCro'15 - Java EE 8 - An instant snapshot - David Delabassee
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Java EE 8 Overview (Japanese)
Logico
 
Java EE 8 Adopt a JSR : JSON-P 1.1 & MVC 1.0
David Delabassee
 
Java EE 8 - What’s new on the Web front
David Delabassee
 
What's new in the Java API for JSON Binding
Dmitry Kornilov
 
112815 java ee8_davidd
Takashi Ito
 
Introduction to Yasson
Dmitry Kornilov
 
JSON Support in Java EE 8
Dmitry Kornilov
 
JSON Support in Java EE 8
Dmitry Kornilov
 
Java EE 7 overview
Masoud Kalali
 
Java API for JSON Binding - Introduction and update
Martin Grebac
 
What's new in Java 8
jclingan
 
Java 8
jclingan
 
Adopt-a-JSR session (JSON-B/P)
Dmitry Kornilov
 
2015 Java update and roadmap, JUG sevilla
Trisha Gee
 
Json
Anderson Oliveira
 
Java EE for the Cloud
Dmitry Kornilov
 
Jakarta EE and MicroProfile - EclipseCon 2020
Josh Juneau
 

More from David Delabassee (20)

PDF
JVMs in Containers - Best Practices
David Delabassee
 
PDF
JVMs in Containers
David Delabassee
 
PDF
Serverless Java Challenges & Triumphs
David Delabassee
 
PDF
Serverless Java - Challenges and Triumphs
David Delabassee
 
PDF
Randstad Docker meetup - Serverless
David Delabassee
 
PDF
Java Serverless in Action - Voxxed Banff
David Delabassee
 
PPTX
Serverless Kotlin
David Delabassee
 
PDF
REST in an Async World
David Delabassee
 
PDF
JAX-RS 2.1 Reloaded
David Delabassee
 
PDF
Java EE 8 - February 2017 update
David Delabassee
 
PDF
Java EE Next
David Delabassee
 
PDF
Java EE Next - BeJUG JavaOne Afterglow 2016
David Delabassee
 
PDF
HTTP/2 comes to Java
David Delabassee
 
PDF
Java EE 8 - Work in progress
David Delabassee
 
PDF
HTTP/2 comes to Java (Dec. 2015 version)
David Delabassee
 
PDF
EJB and CDI - Alignment and Strategy
David Delabassee
 
PDF
HTTP/2 Comes to Java
David Delabassee
 
PDF
HTTP/2 Comes to Java
David Delabassee
 
PDF
MVC 1.0 / JSR 371
David Delabassee
 
PDF
Avatar 2.0
David Delabassee
 
JVMs in Containers - Best Practices
David Delabassee
 
JVMs in Containers
David Delabassee
 
Serverless Java Challenges & Triumphs
David Delabassee
 
Serverless Java - Challenges and Triumphs
David Delabassee
 
Randstad Docker meetup - Serverless
David Delabassee
 
Java Serverless in Action - Voxxed Banff
David Delabassee
 
Serverless Kotlin
David Delabassee
 
REST in an Async World
David Delabassee
 
JAX-RS 2.1 Reloaded
David Delabassee
 
Java EE 8 - February 2017 update
David Delabassee
 
Java EE Next
David Delabassee
 
Java EE Next - BeJUG JavaOne Afterglow 2016
David Delabassee
 
HTTP/2 comes to Java
David Delabassee
 
Java EE 8 - Work in progress
David Delabassee
 
HTTP/2 comes to Java (Dec. 2015 version)
David Delabassee
 
EJB and CDI - Alignment and Strategy
David Delabassee
 
HTTP/2 Comes to Java
David Delabassee
 
HTTP/2 Comes to Java
David Delabassee
 
MVC 1.0 / JSR 371
David Delabassee
 
Avatar 2.0
David Delabassee
 
Ad

Recently uploaded (20)

PDF
Empowering Local Language Email with IDN & EAI – Powered by XgenPlus
XgenPlus Technologies
 
PDF
BRKSP-2551 - Introduction to Segment Routing.pdf
fcesargonca
 
PDF
web application development company in bangalore.pdf
https://dkpractice.co.in/seo.html tech
 
PPTX
美国电子毕业证帕克大学电子版成绩单UMCP学费发票办理学历认证
Taqyea
 
PDF
Beginning-Laravel-Build-Websites-with-Laravel-5.8-by-Sanjib-Sinha-z-lib.org.pdf
TagumLibuganonRiverB
 
PPTX
Meloniusk_Communication_Template_best.pptx
howesix147
 
PPTX
Lesson 1.1 Career-Opportunities-in-Ict.pptx
lizelgumadlas1
 
PPTX
Class_4_Limbgvchgchgchgchgchgcjhgchgcnked_Lists.pptx
test123n
 
PDF
Digital burnout toolkit for youth workers and teachers
asociatiastart123
 
PPTX
My Mother At 66! (2).pptx00000000000000000000000000000
vedapattisiddharth
 
PPTX
Introduction-to-the-AWS-Solution-Architect.pptx
Prince391830
 
PPTX
PHIPA-Compliant Web Hosting in Toronto: What Healthcare Providers Must Know
steve198109
 
PPTX
Ransomware attack and its effects on cyber crimes
ShilpaShreeD
 
PDF
Materi tentang From Digital Economy to Fintech.pdf
Abdul Hakim
 
PDF
Strategic Plan New and Completed Templeted
alvi932317
 
PPTX
CHAPTER 1 - PART 3 FOR GRADE 11 STUDENTS
FSBTLEDNathanVince
 
PPTX
原版一样(毕业证书)法国蒙彼利埃大学毕业证文凭复刻
Taqyea
 
PPTX
Metaphysics_Presentation_With_Visuals.pptx
erikjohnsales1
 
PDF
AI security AI security AI security AI security
elite44
 
PDF
Learning Exemplar_Technology and Livelihood Education 7 Q1_W2.pdf
mjhiludo16
 
Empowering Local Language Email with IDN & EAI – Powered by XgenPlus
XgenPlus Technologies
 
BRKSP-2551 - Introduction to Segment Routing.pdf
fcesargonca
 
web application development company in bangalore.pdf
https://dkpractice.co.in/seo.html tech
 
美国电子毕业证帕克大学电子版成绩单UMCP学费发票办理学历认证
Taqyea
 
Beginning-Laravel-Build-Websites-with-Laravel-5.8-by-Sanjib-Sinha-z-lib.org.pdf
TagumLibuganonRiverB
 
Meloniusk_Communication_Template_best.pptx
howesix147
 
Lesson 1.1 Career-Opportunities-in-Ict.pptx
lizelgumadlas1
 
Class_4_Limbgvchgchgchgchgchgcjhgchgcnked_Lists.pptx
test123n
 
Digital burnout toolkit for youth workers and teachers
asociatiastart123
 
My Mother At 66! (2).pptx00000000000000000000000000000
vedapattisiddharth
 
Introduction-to-the-AWS-Solution-Architect.pptx
Prince391830
 
PHIPA-Compliant Web Hosting in Toronto: What Healthcare Providers Must Know
steve198109
 
Ransomware attack and its effects on cyber crimes
ShilpaShreeD
 
Materi tentang From Digital Economy to Fintech.pdf
Abdul Hakim
 
Strategic Plan New and Completed Templeted
alvi932317
 
CHAPTER 1 - PART 3 FOR GRADE 11 STUDENTS
FSBTLEDNathanVince
 
原版一样(毕业证书)法国蒙彼利埃大学毕业证文凭复刻
Taqyea
 
Metaphysics_Presentation_With_Visuals.pptx
erikjohnsales1
 
AI security AI security AI security AI security
elite44
 
Learning Exemplar_Technology and Livelihood Education 7 Q1_W2.pdf
mjhiludo16
 
Ad

Java EE 8 - An instant snapshot

  • 1. David Delabassee (@delabassee) Oracle Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Java EE 8 “An instant snapshot” J-­‐Fall 2014 1
  • 2. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 2
  • 3. Preview of Java EE 8 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Program Agenda How did we get here? What do we want to do? How can you get involved? 1 2 3 3
  • 4. DEVELOPER PRODUCTIVITY Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 7 ENTERPRISE EDITION ▪Batch ▪Concurrency ▪Simplified JMS ▪More annotated POJOs ▪Less boilerplate code ▪Cohesive integrated platform ▪WebSockets ▪JSON ▪Servlet 3.1 NIO ▪REST MEETING ENTERPRISE DEMANDS Java EE 7 4
  • 5. Industry Trends We're Seeing Reactive Programming Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Cloud Mobile HTTP/2 User Experience SECURITY 5
  • 6. Feedback from the Community Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Many sources – Users lists of java.net projects – JIRAs – JavaOne 2013 Java EE BOF and Java EE EG meeting – Outreach by evangelists • Consolidated into Community Survey 6
  • 7. Java EE 8 Community Survey Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • 3 parts over 3½ months – 47 questions – 15 fill-­‐ins – 1000’s of comments • 4500+ respondents • Prioritization of most-­‐popular features 7
  • 8. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 8
  • 9. Community-­‐Prioritized Features Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 9
  • 10. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 8 ! ! Driven by Community Feedback You asked for it, you got it! 10
  • 11. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 8 Themes • HTML5 / Web Tier Enhancements • Ease of Development / CDI alignment • Infrastructure for running in the Cloud 11
  • 12. HTML5 Support / Web Tier Enhancements Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • JSON Binding • JSON Processing enhancements • Server-­‐sent Events • Action-­‐based MVC • HTTP/2 support 12
  • 13. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐B Java API for JSON Binding Which of these APIs do you think is important to be included in Java EE 8? 13
  • 14. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐B Java API for JSON Binding • API to marshal/unmarshal Java objects to/from JSON – Similar to JAXB runtime API in XML world • Default mapping of classes to JSON – Annotations to customize the default mappings – JsonProperty, JsonTransient, JsonNillable, JsonValue, … • Draw from best practices of existing JSON binding implementations – MOXy, Jackson, GSON, Genson, Xstream, … – Allow switch of JSON binding providers 14
  • 15. JSON-­‐B @Entity public class Person { ! @Id String name; { String gender; @ElementCollection Map<String,String> phones; ... // getters and setters } ! Person duke = new Person(); duke.setName("Duke"); duke.setGender("M"); phones = new HashMap<String,String>(); phones.put("home", "650-­‐123-­‐4567"); phones.put("mobile", "650-­‐234-­‐5678"); duke.setPhones(phones); ! Marshaller marshaller = new JsonContext().createMarshaller().setPrettyPrinting(true); marshaller.marshal(duke, System.out); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐234-­‐5678"} } 15
  • 16. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐B • All the way from client to database – JSON-­‐B will provide JAX-­‐RS a standard way to support “application/json” media type JPA JSON-­‐B Data Source JSON JAX-­‐RS Java Objects 16
  • 17. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P 1.1 Java API for JSON Processing • Keep JSON-­‐P spec up-­‐to-­‐date • Track new standards • Add editing operations to JsonObject and JsonArray • Helper classes and methods to better utilize SE 8’s stream operations 17
  • 18. JSON-­‐P: Java API for JSON Processing 1.1 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Tracking new standards • JSON-­‐Pointer – IETF RFC 6901 – String syntax for referencing a value "/0/phones/mobile" 18
  • 19. JSON-­‐P JsonArray contacts = Json.createArrayBuilder() .add(Json.createObjectBuilder() .add("name", "Duke") .add("gender", "M") .add("phones", Json.createObjectBuilder() .add("home", "650-­‐123-­‐4567") .add("mobile", "650-­‐234-­‐5678"))) Copyright © 2014, Oracle and/or its affiliates. All rights reserved. .add(Json.createObjectBuilder() .add("name", "Jane") .add("gender", "F") .add("phones", Json.createObjectBuilder() .add("mobile", "707-­‐555-­‐9999"))) .build(); 19 ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐234-­‐5678"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-­‐555-­‐9999"}} ] !
  • 20. JSON-­‐P JsonArray contacts = … JsonPointer p = Json.createPointer("/0/phones/mobile"); JsonValue v = p.getValue(contacts); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐234-­‐5678"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-­‐555-­‐9999"}} ] ! 20
  • 21. JSON-­‐P: Java API for JSON Processing 1.1 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Tracking new standards • JSON-­‐Patch – IETF RFC 6902 • Patch is a JSON document – Array of objects / operations for modifying a JSON document – Must have "op" field and "path" field – add, replace, remove, move, copy, test [ {"op":"replace","path":"/0/phones/mobile","value":"650-­‐111-­‐222"}, {"op":"remove","path":"/1"} ] 21
  • 22. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P [ { "op":"replace", "path":"/0/phones/mobile", "value":"650-­‐111-­‐2222"}, { "op":"remove", "path":"/1"} ] ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐234-­‐5678"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-­‐555-­‐9999"}} ] ! 22
  • 23. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P [ { "op":"replace", "path":"/0/phones/mobile", "value":"650-­‐111-­‐2222"}, { "op":"remove", "path":"/1"} ] ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐111-­‐2222"}}, { "name":"Jane", "gender":"F", "phones":{ "mobile":"707-­‐555-­‐9999"}} ] ! 23
  • 24. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P [ { "op":"replace", "path":"/0/phones/mobile", "value":"650-­‐111-­‐2222"}, { "op":"remove", "path":"/1"} ] ! [ { "name":"Duke", "gender":"M", "phones":{ "home":"650-­‐123-­‐4567", "mobile":"650-­‐111-­‐2222"}} ] ! 24
  • 25. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JSON-­‐P 1.1 • JsonObject and JsonArray are immutable • Need editing capability to implement JSON patch • Possible approach: use builder pattern – Builder creates mutable object for temporary editing – Convert to immutable object when done JSON Patch 25
  • 26. JSON-­‐P 1.1 JSON Query using Lambda Operations JsonArray contacts = ...; List<String> femaleNames = contacts.getValuesAs(JsonObject.class).stream() .filter(x-­‐>"F".equals(x.getString("gender"))) .map(x-­‐>(x.getString("name")) .collect(Collectors.toList()); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 26
  • 27. JSON-­‐P 1.1 JSON Query collecting results in JsonArray JsonArray contacts = ...; JsonArray femaleNames = contacts.getValuesAs(JsonObject.class).stream() .filter(x-­‐>"F".equals(x.getString("gender"))) .map(x-­‐>(x.getString("name")) .collect(JsonCollectors.toJsonArray()); Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 27
  • 28. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-­‐sent Events Should we also standardize a Java API for server-­‐sent events? 28
  • 29. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-­‐sent Events • Part of HTML5 standardization • Server-­‐to-­‐client streaming of text data • Mime type : “text/event-­‐stream” • Long-­‐lived HTTP connection – Client establishes connection – Server pushes update notifications to client – Commonly used for one-­‐way transmission for period updates or updates due to events 29
  • 30. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-­‐sent Events • Several possibilities: Servlet; WebSocket; JAX-­‐RS; standalone –We polled the experts • JAX-­‐RS deemed most natural fit – Streaming HTTP resources already supported – Small extension • Server API: new media type; EventOutput • Client API: new handler for server side events – Convenience of mixing with other HTTP operations; new media type – Jersey (JAX-­‐RS RI) already supports SSE 30
  • 31. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Server-­‐sent Events JAX-­‐RS resource class @Path("tickers") public class StockTicker { @Get @Produces("text/event-­‐stream") public EventOutput getQuotes() { EventOutput eo = new EventOutput(); new StockThread(eo).start() return eo; } } 31
  • 32. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JAX-­‐RS StockThread class class StockThread extends Thread { private EventOutput eo; private AtomicBoolean ab = new AtomicBoolean(true); ! public StockThread(EventOutput eo) { this.eo = eo; } public void terminate() { ab.set(false); } @Override public void run() { while (ab.get()) { try { // ... eo.send(new StockQuote("...")); // ... } catch (IOException e) { // ... } } } } 32 Server-­‐sent Events
  • 33. JAX-­‐RS Client WebTarget target = client.target("http://example.com/tickers"); EventSource Copyright © 2014, Oracle and/or its affiliates. All rights reserved. eventSource = new EventSource(target) { @Override public void onEvent(InboundEvent inboundEvent) { StockQuote sq = inboundEvent.readData(StockQuote.class); // ... } }; eventSource.open(); 33 Server-­‐sent Events
  • 34. Model View Controller 1.0 (MVC) Should Java EE provide support for MVC alongside JSF? ! ! ! Is there any one de-­‐facto standard technology in this space to which we should look for inspiration? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 34
  • 35. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. MVC 1.0 • Action-­‐based model-­‐view-­‐controller architecture • Glues together key Java EE technologies: – Model • CDI, Bean Validation, JPA – View • Facelets, JSP – Controller • Invent new technology? • Leverage existing technologies such as JAX-­‐RS, … ? 35
  • 36. Address the Limitations of HTTP 1.x Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 HTTP/2 expected as Proposed Standard from IETF in November • Reduce latency • Address the HOL blocking problem • Support parallelism (without requiring multiple connections) • Retain semantics of HTTP 1.1 • Define interaction with HTTP 1.x 36
  • 37. HTTP 1.1 HTTP/2 stream 1 HEADERS stream 3 HEADERS Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 Multiplexed Binary Frames • One TCP Connection • Request -­‐> Stream - Multiplexed - Prioritised • Binary Framing Layer - Prioritisation - Flow Control - Server Push • Header Compression 37 POST /upload HTTP/1.1 Host: www.test.com Content-­‐Type: application/json Content-­‐Length: 15 !{ “name”:“duke”} HEADERS frame DATA frame stream 1 DATA stream 3 DATA Client Server stream 4 DATA stream 6 DATA
  • 38. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 38 Header Compression
  • 39. Client Server Copyright © 2014, Oracle and/or its affiliates. All rights reserved. HTTP/2 39 Server Push /index.html : stream 1 /style.css : stream 2 /script.js : stream 4 stream 1 HEADERS stream 1 FRAME x stream 2 PROMISE stream 4 PROMISE
  • 40. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Servlet 4.0 HTTP/2 Features in Servlet API • Request/response multiplexing – Servlet Request as HTTP/2 message • Stream prioritization – Add stream priority to HttpServletRequest • Server push • Binary framing • Upgrade from HTTP 1.1 40
  • 41. Ease of Development / CDI Alignment Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Security interceptors • Simplified messaging through CDI-­‐based “MDBs” • JAX-­‐RS injection alignment • WebSocket scopes • Pruning of EJB 2.x client view and IIOP interoperability 41
  • 42. Security Simplifications / CDI Alignment Should we consider adding Security Interceptors in Java EE 8? ! ! ! Should we simplify authorization by introducing an EL-­‐enabled authorization annotation? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 42
  • 43. Authorization via CDI Interceptors Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 @IsAuthorized("hasRoles('Manager') && schedule.officeHrs") void transferFunds() ! @IsAuthorized("hasRoles('Manager') && hasAttribute('directReports', employee.id)") double getSalary(long employeeId); ! @IsAuthorized(ruleSourceName="java:app/payrollAuthRules", rule="report") void displayReport(); 43
  • 44. New API to receive messages asynchronously Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JMS 2.1 • Alternative to EJB message-­‐driven beans • Simpler JMS-­‐specific annotations • Usable by any CDI bean • No need for MessageListener implementation 44
  • 45. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JMS 2.1 JMS MDBs Today @MessageDriven(activationConfig = { @ActivationConfigProperty(propertyName="connectionFactoryLookup", propertyValue="jms/myCF"), @ActivationConfigProperty(propertyName="destinationLookup", propertyValue="jms/myQueue"), @ActivationConfigProperty(propertyName="destinationType", propertyValue="javax.jms.queue")}) ! public class MyMDB implements MessageListener { public void onMessage(Message message) { // extract message body String body = message.getBody(String.class)); // process message body } } 45
  • 46. Allow any Java EE bean to be a listener Copyright © 2014, Oracle and/or its affiliates. All rights reserved. JMS 2.1 @RequestScoped public class MyListenerBean { @JMSListener(destinationLookup="jms/myQueue") @Transactional public void myCallback(Message message) { ... } } 46
  • 47. Candidates for Proposed Optional status Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Pruning Should we prune EJB 2.x remote and local client view (EJBObject, EJBLocalObject, EJBHome, and EJBLocalHome interfaces)? ! ! ! Should we prune CORBA, including support for interoperability by means of IIOP? 47
  • 48. Modernize the Infrastructure For On-­‐Premise and for in the Cloud Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Java EE Management 2.0 – REST-­‐based APIs for Management and Deployment • Java EE Security 1.0 – Authorization – Password Aliasing – User Management – Role Mapping – Authentication – REST Authentication 48
  • 49. Management and Deployment APIs Should we define new APIs to deploy and manage applications? ! ! ! Should such new Deployment and Management APIs be REST APIs or JMX APIs? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 49
  • 50. Java EE Management 2.0 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Update to JSR 77 (“J2EE Management”) • REST-­‐based interfaces to augment (or replace) current Management EJB APIs – Currently used OBJECT_NAME to become URL – Define CRUD operations over individual managed objects – Server-­‐sent events used for event support • Simple deployment interfaces also to be considered as part of management API 50
  • 51. Java EE Security 1.0 Candidate Areas to Enhance Portability, Flexibility, Ease-­‐of-­‐Use • Password Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Aliasing • User Management • Role Mapping • Authentication • REST Authentication • Authorization 51
  • 52. Java EE Security 1.0 Enhance Portability, Flexibility, Ease-­‐of-­‐Use Should we add support for password aliases (including the ability to provision credentials along with the application)? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 52
  • 53. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 Password Aliasing • Standardized syntax for password aliases – Avoids storing passwords in clear text in code, deployment descriptors, files • @DataSourceDefinition( name="java:app/MyDataSource", className="com.example.MyDataSource", ... user="duke", password="${ALIAS=dukePassword}") • Standardized secure credentials archive for bundling alias and password with App – Used by platform as credential store for resolving alias 53
  • 54. Java EE Security 1.0 Enhance Portability, Flexibility, Ease-­‐of-­‐Use Should we standardize on requirements for simple security providers and their configuration? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 54
  • 55. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 User Management • Allow application to manage its own users and groups –Without need to access server configuration • Users stored in application-­‐specified repository (e.g., LDAP) • User service manipulates users from user source App LDAP UserInfo UserService LDAP UserSource 55
  • 56. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 User Management • UserSourceDefinition • UserService – Create/delete users, create/delete groups, add user to group, load UserInfo by user name; etc… • UserInfo – get user name, password, get user’s roles, get user’s attributes, … 56
  • 57. Java EE Security 1.0 User Management @LdapUserSourceDefinition( name="java:app/ldapUserSource", ldapUrl="ldap://someURL", ldapUser="ElDap", ldapPassword="${ALIAS=LdapPW}", ... ) public class MyAuthenticator { @Resource(lookup="java:app/ldapUserSource") private UserService userService; private boolean isAccountEnabled(String username) { return userService.loadUserByUsername(username).isEnabled(); } ... } Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 57
  • 58. Java EE Security 1.0 Enhance Portability, Flexibility, Ease-­‐of-­‐Use Should we standardize group-­‐to-­‐role-­‐mapping? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 58
  • 59. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 Role Mapping • Standardize role service – Role mappings can be stored in app-­‐specified repository (e.g., LDAP) – Application can assign roles to users and groups, based on application-­‐specific model –Without need to access server configuration App LDAP RoleService LDAP RoleMapper 59
  • 60. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE Security 1.0 Role Mapping • RoleMapperDefinition – DataSource, Ldap, Memory/File, Custom, predefined • RoleService – grant/revoke roles for user/group, get roles for user/group, ... ! @Resource(lookup="java:app/devRoleMapper") RoleService roleService; List<String> getRoles(String username) { return roleService.getRolesForUser(username); } ... 60
  • 61. Context and Dependency Injection 2.0 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • Events – Asynchronous – Ordering – Range (war, ear, server, cluster) • Interceptors and Decorators enhancements • Parts – “CDI Light” • … 61
  • 62. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Java EE 8 JSRs • Java EE 8 Platform • CDI 2.0 • JSON Binding 1.0 • JAX-­‐RS 2.1 • MVC 1.0 • Java Servlet 4.0 • JSF 2.3 • JMS 2.1 • JSON-­‐P 1.1 • Java EE Security 1.0 • Java EE Management 2.0 • … and more to follow … So far….. Coming soon ….. 62
  • 63. Summary and Current Status • Tentative Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Delivery Schedule – Q3 2014: JSR 369 Expert Group formed – Q1 2015: early draft – Q3 2015: public review – Q4 2015: proposed final draft – Q3 2016: final release • Contribute! 63
  • 64. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. How to Get Involved • Join an Expert Group project – http://javaee-­‐spec.java.net • Adopt a JSR – http://glassfish.org/adoptajsr • The Aquarium – http://blogs.oracle.com/theaquarium • Java EE 8 Reference Implementation – http://glassfish.org 64
  • 65. Thanks! Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 65
  • 66. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 66