Thursday Sep 12, 2013

Asynchronous Servlets and Java EE Concurrency Utilities

As many of you might already be aware, one of the key changes in Servlet 3/Java EE 6 was the introduction of asynchronous Servlets. Interestingly enough, a lot of the code examples at the time used native Java SE concurrency APIs to demonstrate the asynchronous Servlets feature. The problem in a Java EE environment is that Java SE concurrency essentially bypasses the Java EE runtime altogether and misses valuable contextual information (security, class-loader, naming, etc), not to mention potentially compromising stability/scalability since it sidesteps the container's internal thread/resource pools. Native Java SE threads also can't be managed or monitored via the application server (such as providing admin console visualizations, automatic timeouts, long-running warnings, etc). This of course is where the Java EE concurrency utilities standardized in Java EE 7 comes in. In a recent code-driven blog post, Shing Wai Chan demonstrates how to properly use asynchronous Servlets via the Java EE concurrency utilities.

For those that aren't big fans of lower level concurrency APIs (I sympathize :-)), it is certainly possible to use asynchronous Servlets with EJB 3 @Asynchronous instead as demonstrated here.

Sunday Apr 04, 2010

Leveraging Servlet 3.0 - Authentication without Forms using GlassFish v3 and Vaadin

The new Servlet 3.0 specification in JavaEE 6 (JSR website, JavaOne Session, VC podcast) packs many new features, including Annotations, Dynamic Registration, Pluggability and Asynchronous Support.

Servlet 3.0 also includes quite a number of security improvements, as described by Kumar a couple of months ago in a Summary of new Security Features in Servlet 3.0. As Ron explains, one of the themes is that Java EE 6 and Servlet 3.0 Converge on Container Security Functionality, another is extra functionality, as explained by Nithya's 3 recent posts ([1], [2], [3]) covering http-method-omission element in web.xml, and the authenticate and login methods of HttpServletRequest.


A great example of the new functionality is Bobby's Authentication Without the Form where he modifies the RIA app in Creating Secure Vaadin Applications using JavaEE 6 to use the new login machinery and thus remove the need for extraneous JSP files.

Bobby's very complete post includes full source code and a nice Screencast; note it requires a recent build of GlassFish 3.0.1 due to a bug in 3fcs.

You may also want to refer to the JavaEE 6 javadocs (e.g. HttpServletRequest) and to the JavaEE 6 Tutorial: Part I (e.g. see Web Application Security) and Part II (requires free registration).

I had not noticed Vaadin previously but it seems to be gaining some popularity; its programming model is strongly server-centric and generates client-code via GWT. You can see a Online Sampler and it recently deployed a Component Directory; its KB has a number of articles on how to use it with GlassFish Server. They also announced deals recently with BlackBelt Factory and with our old Liferay friends.

While chasing the sources for this spotlight I bumped into a number of other Java-based RIA frameworks including: Echo and ZK as well as frameworks like Flex/BlazeDS, GWT, and the JSF-based frameworks we know.

Monday Jun 08, 2009

NetBeans 6.7 RC2 Now Available - And Writting Servlet 3.0 and EJB 3.1 Applications


The second release candidate for NetBeans 6.7 is now available - check RC2 Download Page and James' Writeup. The next RC should be the final.

Note that NB 6.7 still includes the old "GFv3 Prelude" release and you need to manually install GFv3 Preview (the J1 release). For example, check Arun's writeup for has a detailed explanation on how to use NB 6.7 to write Servlet 3.0 and EJB 3.1 Applications

Thursday May 07, 2009

New Security Annotations in Servlet 3.0


The new (not yet published) Servlet 3.0 PFD also includes an expanded set of Security Annotations, to expand the existing annotations like @DeclareRoles and @RunAs with @DenyAll, @PermitAll, @RolesAllowed and @TransportProtected.

Check Shing Wai Shing Wai's writeup for details.

I'll post when the actual Servlet 3.0 PFD document is available.