Tuesday Mar 01, 2016

Self-Documented Services Using JAX-RS Analyzer

One of the things I miss the most about SOAP is the fact that much like Java, it is strongly typed. That means one can take a look at a WSDL document to understand what a service does. Similarly tools can easily read and use a SOAP service including generating clients, GUI visualizations and accurate documentation. WADL was conceived of in the REST world to overcome some of these shortcomings. Unfortunately WADL is sparsely supported and even more sparsely used. This presents a pretty big problem if you are writing REST services that are consumed by folks outside of your own team and even worse people that you may not even know. The answer so far has been manually writing documentation for REST services that are laborious, error-prone and often out of date (incidentally you should be aware that Jersey, the JAX-RS reference implementation, does support WADL).

For JAX-RS developers though there is JAX-RS Analyzer to the rescue. JAX-RS Analyzer is a simple but extremely useful open source JAX-RS plugin written by Sebastian Daschner. It reads JAX-RS annotations/metadata to automatically generate documentation - in  plain text, AsciiDoc or Swagger. The Swagger option is especially compelling. Swagger is the closest thing at the moment to closing the WSDL/UDDI gap for REST.

If you are still unfamiliar with JAX-RS Analyzer, you should definitely take a look at Sam Sepassi's  excellent recent write-up on it. It will save you from hours of tediously documenting your REST APIs.

Sunday Feb 28, 2016

Java EE @ ConFoo 2016

ConFoo 2016 took place 24-26 February in Montreal, Canada. To my knowledge it is the largest developer conference north of the border. The conference has roots in PHP, but has been making an effort to better attract a Java audience hence it was important for me to support the conference. If you are a Canadian Java developer, I would consider adding ConFoo to your radar as a more convenient (and possibly cheaper) event to go to in order to stay up-to-date. Topics covered included PHP, Ruby, Python, methodology, usability, JavaScript/HTML5, mobile, cloud, big data, DevOps, NoSQL, Java and .NET.

I delivered sessions on developing practical microservices with Java EE as well as aligning Java EE with Reactive programming. More details on the sessions and ConFoo 2016, including slide decks, videos and code, posted on my personal blog.

Thursday Feb 18, 2016

Java EE @ DevNexus 2016

DevNexus 2016 was held in historic Atlanta on February 15-17. For those of you not familiar with it, DevNexus is the most significant Java centric (but not Java focused) conference in the South Eastern US and now perhaps even at a national level. It was started by JBoss Java Champion Burr Sutter and organized by the Atlanta JUG (currently lead by Vincent Mayers, Gunnar Hillert, Pratik Patel, et al). As usual DevNexus attracted a bevy of world class speakers including Stuart Marks, Stephen Chin, Heather VanCura, Venkat Subramaniam, Yakov Fain, Burr Sutter, Freddy Guime, Bob Paulin, Jason Porter, Rafael Benevides, Scott Kramer and so on. Topics included Java SE, NoSQL, mobile, cloud, Docker, HTML5/JavaScript and of course Java EE. This was a solid, fully sold out year for DevNexus.

I ran a whole day workshop on the basics of Java EE as well as delivering a session on developing practical microservices with Java EE. More details on the sessions and DevNexus 2016, including slide decks, videos and code, posted on my personal blog.

Wednesday Feb 10, 2016

Java EE in Practice for Secure Online Voting at Scytl

One of the most important things to do at this stage of the life-cycle of Java EE is highlight successful adoption stories at a regular cadence. We have been doing just that for a long time through our adoption stories blog, this humble blog as well as JavaOne. Indeed JavaOne 2016 was particularly good in this regard. We had a number of solid adoption stories submitted that we could select from. We will highlight all of those stories here in the coming months. A particularly nice adoption story presented at JavaOne 2016 was from Scytl. The session was presented by Alex Soto.

Scytl is a very innovative and important company that enables secure online voting across the world. Alex was the architect of a service-only back end system at Scytl written using vanilla Java EE and TomEE. Alex talked about the reasons they chose Java EE (over Spring in this case) such as ease-of-use, productivity, simplicity, standardization, lack of third-party dependencies, simple deployment, fast startup and performance. He also discussed their use of some pretty cool TomEE features, Arquillian, Docker and Apache Mesos. For those unaware, Alex is a Java EE advocate, blogger, author, JCP expert and open source commiter. You can view Alex's well-rated session below (click here if you are having trouble seeing the embedded video).

If you have a similarly great Java EE adoption story to share with the community (particularly migration stories from other technologies), please do feel encouraged to reach out. In the spirit of Java EE centric vendor neutrality, what Java EE implementation or tool set you choose does not matter at all and neither does which part of the globe you are in.

Monday Feb 08, 2016

Revamping the Security API in Java EE 8

JAAS, JASPIC, JACC. If those acronyms do not sound familiar, you are in good company. I have been developing with Java EE for almost two decades and I was not terribly familiar with them until I seriously started thinking about revamping Java EE security in the early Java EE 7 time frame. Those are the three main Java EE related standard APIs that have remained largely unchanged since the J2EE era. That is until the Java EE Security API aimed for Java EE 8.

The reason I mostly didn't need to know about these APIs is because of the way Java EE security has evolved over the years. As of Java EE 7 the way applications work is that you do some minimal web.xml configuration declaring what type of authentication you want (basic, form, digest, etc), what application server "realm" (logical link name to application server security configuration) and what roles (security groups) have access to secure parts of the application. Most of the real work is typically actually done in application server admin GUI wizards like configuring what identity store you want to use (database, LDAP, etc) and how underlying groups map to roles (for most of my applications the application roles and identity store groups are exactly the same). There are certainly some benefits to this approach that most other technologies do not have. Most of the heavy lifting for security is just a few mouse clicks as opposed to writing and maintaining code. You can hand off the work of securing the application to an admin where this work often best belongs. Application servers have sophisticated security admin tooling that seems to have everything under the Sun including things like federated security through SAML.

This is not the approach more feature poor runtimes that lack admin GUIs take and the approach also has some downsides. The most significant downside is that beyond learning Java EE APIs as a developer you also need to know about each application server's security administration features. This also means that these features are slightly different from one application server to another, limiting application portability. In a PaaS environment it is a lot easier if all security configuration is done inside the application itself, making the application more self-contained. The last problem is related to the age and focus of the current APIs used in Java EE - JAAS, JASPIC, JACC. These APIs have not gone through a significant revision in a while and their focus is on vendor plug-in writers, not application developers. This becomes a problem when developers need to do things that the application server does not have built-in support for such as using a custom data store (say using a security database with a poorly designed legacy schema) or using a custom authentication mechanism (say your own homegrown HTTP headers for federated security). There are third party frameworks in the Java EE ecosystem such as Shiro and PicketLink that attempt to solve these issues - in particular making application security embedded. These frameworks are of course non-standard and increase the need to add more runtime dependencies in the application.

The new Java EE Security API slated for Java EE 8 aims to solve these problems by simplifying and modernizing security in the platform. The Security API will make it possible to embed security in most common cases in the application in the simplest way possible. It will allow for easy extensibility by providing a much simpler, modernized, developer-focused alternative to JASPIC, JAAS and JACC. In the process it will introduce simple standard terms and interfaces for Java EE security. It will also add some cool new authorization mechanisms in addition to the basic role based security that Java EE offers today.

Specification lead Alex Kosowski described all of this well during his JavaOne 2015 talk embedded below (click here if you can't see the embedded video).

The Java EE Security API is one of the most important and perhaps most awaited parts of Java EE 8. It is not very surprising that it is one of the Java EE 8 JSRs that has seen the most active participation from the community - Alex refers to some of this participation in his talk. You should feel encouraged to participate yourself perhaps starting by viewing the video above.

Friday Feb 05, 2016

Some Interesting Real World CDI Usage Statistics

The good folks over at Genuitec developing MyEclipse recently asked the Twittersphere about real world CDI usage. They ran a week-long Twitter survey asking the simple question - "Do you use CDI in your Java EE applications?". The results of the survey were pretty interesting and certainly worth sharing. As the graph below shows 60% responded they use CDI. 21% responded that they did not. 19% did not know what CDI was.

Here is a link to the actual survey on the MyEclipse twitter account. For those unaware the MyEclipse team is working hard to bridge the CDI and Java EE support gaps in Eclipse - hence the question.

It is definitely very good that a clear majority said they were using CDI. CDI is key to writing effective Java EE applications. This data point goes a long way to removing the severe CDI skepticism in certain corners of the Java EE ecosystem. The 19% that responded that they did not know what CDI was pose both a challenge and an opportunity. If you are a Java EE or CDI fan it should tell you that there are colleagues that you should educate on CDI. I am often still taken aback when a developer does not know what CDI is or still refers to Java EE as "J2EE" (the term J2EE has been long retired with the likes of "J2SE" and COM/DCOM). A large number of these same developers are very pleasantly surprised to learn how much modern Java EE can help make their day-to-day work easier.

No survey is perfect of course. The sample data size for the survey is small but respectable at around 300. Around 500-1000 data points is probably more representative of the Java ecosystem. Since it is a Twitter survey it is probably highly susceptible to selection bias. That being said the results are definitely good enough to think about seriously.

Wednesday Feb 03, 2016

Migrating from Java EE 5 to Java EE 7 at Segurnet Portugal

One of the most important things to do at this stage of the life-cycle of Java EE is highlight successful adoption stories at a regular cadence. We have been doing just that for a long time through our adoption stories blog, this humble blog as well as JavaOne. Indeed JavaOne 2015 was particularly good in this regard. We had a number of solid adoption stories submitted that we could select from. We will highlight all of those stories here in the coming months. A particularly nice adoption story presented at JavaOne 2016 was from Segurnet Portugal on migrating from Java EE 5 to Java EE 7.

Segurnet is a data sharing platform for key insurers in Portugal. It used by 65 companies, about 30,000 users with close to 1.5 million page views and over 3 million server requests. Roberto Cortez detailed how the platform was recently migrated from legacy Java EE 5 to Java EE 7 - showing specific code examples. As the end result of the migration Roberto noted latest technology adoption, improved standardization, simplicity, a net reduction in code, an increase in productivity, faster deployment times and better performance. Roberto's experience is typical for anyone considering such a migration. You can view the session below (click here if you are having trouble seeing the embedded video).

The slide deck for the talk is available on SlideShare. For those unaware, Roberto is a passionate Java EE advocate, frequent speaker, blogger and JUG leader. He now works on the TomEE Java EE application server.

If you have a similarly great Java EE adoption story to share with the community (particularly migration stories from other technologies), please do feel encouraged to reach out. In the spirit of Java EE centric vendor neutrality, what Java EE implementation or tool set you choose does not matter at all and neither does which part of the globe you are in.

Friday Jan 29, 2016

EJB3 @Lock Annotation for CDI Beans

The EJB 3 @Lock annotation is pretty unique, interesting and useful. It provides an elegant declarative way of controlling concurrency for beans that can be shared across multiple threads such as singletons. As of Java EE 7 the annotation is only available to EJB 3 @Singleton session beans. There is a lot of value to making this bean available to all CDI beans in general. Very recently Stephan Knitelius did exactly that through a pretty simple CDI interceptor. You can read his nice write-up here.

In the longer term this work probably belongs somewhere in the standard such as in an update of the Java EE Concurrency specification or a modular CDI 2 specification. Another good place for Stephen's work is the DeltaSpike project. There are many other cool EJB 3 features that could be similarly made available to CDI beans generally such as @Startup, @Asynchronous and @MaxConcurrency. Some of these issues have long been discussed in the EJB specification JIRA entries.

Wednesday Jan 27, 2016

Java EE @ Oredev

Oredev 2015 was held on 3-6 November in Malmo Sweden. This was my third time at the largest IT conference in the Scania region. The conference is rooted in .NET and development process/methodology but has been trying hard to beef up it's Java content. This year it attracted a decent section of the Java crowd including my fellow Oracle colleagues Bruno Borges and Stephen Chin. Topics covered included .NET, Java SE, Java EE, mobile, methodology, agile, HTML5, JavaScript and NoSQL.

I did talks on Java EE 8 and aligning Java EE with the reactive movement. More details, including slide decks and session videos, posted on my personal blog.

Monday Jan 25, 2016

Migrating from Tomcat to Java EE and TomEE at Dassault Systemes

One of the most important things to do at this stage of the life-cycle of Java EE is highlight successful adoption stories at a regular cadence. We have been doing just that for a long time through our adoption stories blog, this humble blog as well as JavaOne. Indeed JavaOne 2016 was particularly good in this regard. We had a number of solid adoption stories submitted that we could select from. We will highlight all of those stories here in the coming months. A particularly nice adoption story presented at JavaOne 2016 was from Dassault Systemes.

Although the average developer and consumer is probably not aware of Dassault Systemes, it is a company that powers many of the world's most critical industrial processes. It is one of the global leaders in 3D modelling (think CAD/CAM), product life-cycle management systems. Just some companies that rely on Dassault Systemes include the likes of Boeing, Toyota, BMW, Mercedes, Honda, Samsung, Coca Cola, Nokia, Nikon, Panasonic, LG, Procter & Gamble, GE, Johnson & Johnson and Exxon. French based Dassault Systemes is recognized to be one of the most innovative companies in the world. The company offers it's products both on-premise and as SaaS on their own cloud.

The company chose to standardize their very diverse set of products geared towards various industry verticals on Java EE and TomEE. They cited reasons like ensuring consistency throughout a large number of systems, avoiding third-party jar/configuration/class-path hell, providing a fully supported uniform stack, portability and modernizing technology in a managed, sustainable fashion. Their migration experience was quite varied and represents the gamut of what others can expect in adopting Java EE. They migrated a large number of Tomcat based applications using various third-party libraries to Java EE. They also migrated over legacy C/C++ applications as well as legacy J2EE applications. They even ported from one Java EE application server to another to get to a common base with TomEE. TomEE was cited as a particularly easy way to migrating from Tomcat to Java EE. They are looking forward to TomEE moving ahead with Java EE 7 support. The session explains their entire migration story in a concise, clear fashion. You can view the session below (click here if you are having trouble seeing the embedded video).

If you have a similarly great Java EE adoption story to share with the community (particularly migration stories from other technologies), please do feel encouraged to reach out. In the spirit of Java EE centric vendor neutrality, what Java EE implementation or tool set you choose does not matter at all and neither does which part of the globe you are in.

Thursday Jan 14, 2016

Java EE @ Java Day Mexico

Java2Days 2015 was held on November 2-4 in Sofia, Bulgaria. It is far and away the largest Java conference in the Balkans region and now perhaps one of the most important conferences in Europe as a whole. This was another great year for this rapidly growing, vibrant event. It attracted a host of international and local speakers including Patrick Curran, Geertjan Wielenga, Ivan St. Ivanov, Vladimir Pavlov and Andrew Lombardi. Topics included Java SE, Java EE, HTML5/JavaScript, mobile, and the cloud.

I did talks on real world microservices with Java EE and aligning Java EE with the reactive movement. I also ran a lab on JMS 2. More details, including slide decks, session video and code, posted on my personal blog.

Monday Jan 11, 2016

Java EE in Practice at Lufthansa Industry Solutions

One of the most important things to do at this stage of the life-cycle of Java EE is highlight successful adoption stories at a regular cadence. We have been doing just that for a long time through our adoption stories blog, this humble blog as well as JavaOne. Indeed JavaOne 2016 was particularly good in this regard. We had a number of solid adoption stories submitted that we could select from. We will highlight all of those stories here in the coming months. A nice JavaOne 2016 session to start with is the one from Lufthansa industry solutions.

Lufthansa industry solutions develops systems both internally at Lufthansa as well as for external customers. They chose to standardize on Java EE to ensure consistency throughout a large number of systems. The session explains what the organization does, it's architectural approach and why they chose Java EE. The session also dives into some interesting details on two different Java EE applications (one still using Java EE 6 and one already on Java EE 7) that Lufthansa industry solutions developed for clients. The session touches upon how Java EE applications can take advantage of most of the practical benefits of microservices without the added complexity. The applications use a mix of WildFly and JBoss EAP along with other JBoss ecosystem projects like Hibernate Envers, Hibernate Search, Drools. The applications also used ICEfaces and PrimeFaces (the older Java EE 6 application used ICEfaces while the newer Java EE 7 application uses PrimeFaces). You can view the session below (click here if you are having trouble seeing the embedded video).

If you have a similarly great Java EE adoption story to share with the community (particularly migration stories from other technologies), please do feel encouraged to reach out. In the spirit of Java EE centric vendor neutrality, what Java EE implementation or tool set you choose does not matter at all and neither does which part of the globe you are in.

Friday Jan 08, 2016

Meet SnoopEE, a Discovery Service for Java EE

SnoopEE is a very interesting grass roots open source Java EE ecosystem project. Akin to NetFlixOSS Eureka it enables microservices discovery, lookup and registration. SnoopEE is developed by Java EE advocate, JCP expert, speaker and blogger Ivar Grimstad. Ivar presented on SnoopEE at JavaOne 2016. One very nice aspect of Ivar's talk is that it actually discusses the basic motivation for service discovery and SnoopEE instead of simply covering the features of the project. You can see his well done session below (click here if you can't see the embedded video).

The slide deck for his talk can be found here. The project itself is on GitHub. SnoopEE is still pretty nascent and under active development. You should consider giving it a try, using it and contributing back to it.

Thursday Dec 24, 2015

Season's Greetings and Happy New Year from the GlassFish/Java EE Team

On behalf of the GlassFish and Java EE team at Oracle I wish you and your family Season's Greetings and a very Happy New Year.

This has been another important year for us. We continued our evangelism efforts worldwide, released GlassFish 4.1.1, started the GlassFish 5 branch, released a number of early drafts for critical Java EE 8 JSRs, strengthened the Adopt-a-JSR program and offered full commercial support for Java EE 7 through the best-in-class WebLogic 12.1.2 offering. In a similar vein we saw the number of available Java EE 7 options expand especially with WebSphere Liberty. We were able to warmly welcome Siwpas as a new entrant into the Java EE compatibility family. Most encouragingly we were able to share a number of real world Java EE 7 adoption stories with you and saw strong developer support for the Java EE 7 platform as well as key APIs like JSF and JPA. We are ever thankful for your support and we hope to continue to try our best to serve your interests, perhaps against what many would consider pretty tall odds.

In the coming year it is obvious we will see commercial Java EE 7 support via JBoss EAP very soon. We hope we will also see other strong Java EE 7 options such as TomEE. We hope to continue to move the Java EE 8 specifications and GlassFish 5 forward with support from our community and our JCP compatriots. On the cloud front we will very likely bring Java EE 7 to the commercial Oracle Cloud. If the current momentum of Java EE 7 holds we are sure to be able to share many more great real world adoption stories with you. We will look forward to working harder than ever in engaging you through our development and evangelism efforts certainly including this humble community blog.

As you know I and my colleague David Delabassee are the primary maintainers of this blog. Both David and I will be enjoying some well-earned time-off with our families the next few days. As a result the guns will be mostly quiet at this particular Java bulwark to return recharged and full force in the new year.

Until then, thanks and best wishes once again. We hope to see you next year!

Wednesday Dec 23, 2015

Java EE @ UberConf 2015

UberConf 2015 was held July 21-24 in Denver, Colorado. UberConf has grown to become one of the most significant US developer conferences. Consequently it is an important conference for our team to support. Topics covered included Java SE, JavaScript, JVM languages, architecture, methodology, mobile, cloud and the like. My former colleague Arun Gupta and I covered Java EE.

I had three talks total over two days, essentially back-to-back. I did talks on the basics of Java EE, real world microservices with Java EE and aligning Java EE with the reactive movement. More details, including slide decks, video and code, posted on my personal blog.