During this year Devoxx, David Blevins, founder of the Apache TomEE project - a lightweight Java EE Application Server, brought to my knowledge a little trick we can use to deal with Java EE security in a standard way that works across all Java EE compliant servers.
I have already approached this subject twice in the past. First, on my post Integrating Bean Validation with JAX-RS in Java EE 6, describing how to use Bean Validation with JAX-RS in JBoss AS 7, even before this was defined in the Java EE Platform Specification. And later, on an article written for JAX Magazine and posteriorly posted on JAXenter, using the new standard way defined in Java EE 7 with Glassfish 4 server (the first Java EE 7 certified server).
Now that WildFly 8, previously know as JBoss Application Server, has finally reached the final version and has joined the Java EE 7 certified servers club, it’s time for a new post highlighting the specificities and differences between these two application servers, GlassFish 4 and WildFly 8.
JavaBeans Validation (Bean Validation) is a new validation model available as part of Java EE 6 platform. The Bean Validation model is supported by constraints in the form of annotations placed on a field, method, or class of a JavaBeans component, such as a managed bean.
Several built-in constraints are available in the javax.validation.constraints package. The Java EE 6 Tutorial lists all the built-in constraints.
Constraints in Bean Validation are expressed via Java annotations:
public class Person {
@NotNull
@Size(min = 2, max = 50)
private String name;
// ...
}
Bean Validation and RESTful web services
JAX-RS 1.0 provides great support for extracting request values and binding them into Java fields, properties and parameters using annotations such as @HeaderParam, @QueryParam, etc. It also supports binding of request entity bodies into Java objects via non-annotated parameters (i.e., parameters that are not annotated with any of the JAX-RS annotations). Currently, any additional validation on these values in a resource class must be performed programmatically.
The next release, JAX-RS 2.0, includes a proposal to enable validation annotations to be combined with JAX-RS annotations. For example, given the validation annotation @Pattern, the following example shows how form parameters could be validated.
Drools 5 introduces the Business Logic integration Platform which provides a unified and integrated platform for Rules, Workflow and Event Processing. It’s been designed from the ground up so that each aspect is a first class citizen, with no compromises.
Drools 5 has splitted up into 4 main sub projects:
Drools Guvnor (BRMS/BPMS)
Drools Expert (rule engine)
Drools Flow (process/workflow)
Drools Fusion (cep/temporal reasoning)
In this example we will focus on how we can use Drools Expert inside JBoss Application Server 7.
In Java EE 6 Testing Part I I briefly introduced the EJB 3.1 Embeddable API using Glassfish embedded container to demonstrate how to start the container, lookup a bean in the project classpath and run a very simple integration test.
This post focus on Arquillian and ShrinkWrap and why they are awesome tools for integration testing of enterprise Java applications.
One of the most common requests we hear from Enterprise JavaBeans developers is for improved unit/integration testing support.
EJB 3.1 Specification introduced the EJB 3.1 Embeddable API for executing EJB components within a Java SE environment.
Unlike traditional Java EE server-based execution, embeddable usage allows client code and its corresponding enterprise beans to run within the same JVM and class loader. This provides better support for testing, offline processing (e.g. batch), and the use of the EJB programming model in desktop applications.
[…]
The embeddable EJB container provides a managed environment with support for the same basic services that exist within a Java EE runtime: injection, access to a component environment, container-managed transactions, etc. In general, enterprise bean components are unaware of the kind of managed environment in which they are running. This allows maximum reusability of enterprise components across a wide range of testing and deployment scenarios without significant rework.
I have created a new project named Stripes XSS Interceptor.
This project escapes all the parameters that Stripes Framework binds during its Validation & Binding phase using a wrapped request object (a convenient implementation of the HttpServletRequest interface).
The code follows the XSS (Cross Site Scripting) security guidance posted at OWASP (Open Web Application Security Project).
Please feel free to report any bug you find in the project’s Issue Tracker.…
By adding Java to their App Engine, Google has opened the door for a whole slew of languages that have been implemented on the JVM, now including PHP via Quercus.
This weekend I decided to give it a try and deploy an old tutorial of mine - PHP Tutorials - on GAE.
I must admit that I was pleasantly surprised by how effortless it was. OK, it’s a very rudimentary PHP application, the only PHP code used was to run the examples described on the code blocks and do some includes; nevertheless I didn’t feel the need to change a single line of code.
The JBoss Microcontainer is a refactoring of JBoss’s JMX Microkernel to support direct POJO deployment and standalone use outside the JBoss application server.
It allows the creation of services using simple Plain Old Java Objects (POJOs) to be deployed into a standard Java SE runtime environment.
JBoss Microcontainer uses dependency injection to wire individual POJOs together to create services. Configuration is performed using either annotations or XML depending on where the information is best located.
The goal of this article is to show how easy it is to test these services using TestNG testing framework.