1

1

Application ServersG22.3033-011

Session 6 - Main ThemeJ2EE Component-Based Computing Environments

Dr. Jean-Claude Franchitti

New York UniversityComputer Science Department

Courant Institute of Mathematical Sciences

2

Agenda

EJB Component ModelJ2EE Services

JNDI, JMS, JTS, CMP/BMP/JDBC, JavaMail, etc.J2EE Web ArchitecturesSecurity in J2EE Application ServersSummaryReadingsAssignment #5

2

3

Summary of Previous Session

CORBA-Based Object Management ArchitecturesJava-Based Application ServersWindows ServicesSummaryReadings

4

Additional References

Intranet Architectures and Performance Reporthttp://www.techmetrix.com/lab/benchcenter/archiperf/archiperftoc.shtml#TopOfPage

RMI FAQhttp://java.sun.com/products/javaspaces/faqs/rmifaq.html

CORBA beyond the firewallhttp://www.bejug.org/new/pages/articles/corbaevent/orbix/

Web Object Integration (vision document) http://www.objs.com/survey/web-object-integration.htm

3

5

Application Servers ArchitecturesApplication Servers for Enhanced HTML (traditional)

a.k.a., Page-Based Application ServersMostly Used to Support Standalone Web Applications

New Generation Page-Based Script-Oriented App. ServersFirst Generation Extensions (e.g., Microsoft IIS with COM+/ASP)Servlet/JSP EnvironmentsXSP EnvironmentCan now be used as front-end to enterprise applicationsHybrid development environments

Distributed Object Computing PlatformsProvide an infrastructure for distributed communications enablingStill need to merge traditional web-oriented computing with object computing

Object Management ArchitecturesDOC Platform + APIs to reusable services and facilities

OMAs + Component Models -> J2EE, CCM, DNA

6

Java Database Technology Review

Session 6 handout: “Java and Database Technology - JDBC”Data ModelingLogical Database DesignPhysical Database DesignDatabase System Programming ModelsDatabase ArchitecturesDatabase Storage ManagementDatabase System AdministrationCommercial Systems: www.oracle.com.,www.ibm.com/db2,www.informix.com,www.sybase.com

4

7

Java Database Technology Review(continued)

Parallel and Distributed DatabasesWeb DatabasesData Warehousing and Data MiningMobile DatabasesSpatial and Multimedia DatabasesGeographic Information SystemsActive DatabasesTemporal DatabasesDeductive Databases

8

Java Database Technology Review(continued)

Java and ODBs:Related Developments:

Persistent Object StoresObject-Oriented Database Management SystemsObject/Relational Mapping Automation

See Object-Oriented Database Articles athttp://www.odbmsfacts.com/

5

9

Part I

EJB Component Model

Also See Session 6 Handout on:

“The Enterprise JavaBeans (EJB) Server Component Model”“Technical Introduction to Enterprise JavaBeans”

“Introduction to Enterprise JavaBeans”“Enterprise JavaBeans FAQs”

“Is EJB Right for Me?”

and Session 6 Sub-Topic 1 Presentation on:

“Using Enterprise JavaBeans”

10

Enterprise JavaBeans (EJBs)

Enterprise Application Platforms:Provide model for the development anddeployment of reusable Java server componentsSupport component modelingHandle the serving of EJBs

Next Steps:“Model-Centric” Application Development

6

11

Enterprise JavaBeans Container

12

Enterprise JavaBeans and Services

Application ServerContainer

Enterprise JavaBean

ServicesLifecycle

Transaction

Security

Load Balancing

Error Handling

Persistence*

* In the EJB 1.0 specification support for persistence services isoptional. In the EJB 1.1 specification it is mandatory.

Threading

7

13

Sample DemoBean Application Architecture

14

Session and Entity Beans

Application Server

ATMSession

Bean

AccountEntity Bean

B

Transfer $100 fromAccount A to Account B

Subtract

$100

Add $100

Database

Update Account

Update Account

AccountEntity Bean

A

8

15

EJB Physical Partioning

WebServer

WebServer

WebServer

EJBServer

EJBServer

EJBServer

WebBrowser

WebBrowser

WebBrowser

Database

EJBs communicate to thedatabase through Java DatabaseConnectivity (JDBC). Theapplication server pools andmanages database connectionsfor maximum efficiency.

The application server distributesload across all available EJBservers and provides fail-over ifone of the EJB servers goesdown.

A Domain Name System (DNS)server routes incoming browserrequests evenly across a pool ofweb servers. This technique isreferred to as DNS round-robining.The application server providesfail-over if one of the web serversgoes down.

16

Java-Based and J2EEApplication Servers

Third-Party Vendorshttp://www.app-serv.com/contend.html

See:www.javapro.com: Special Edition on Application Servers (Fall 2001)http://www.java-zone.com/free/articles/sf0101/sf0101-1.asphttp://www.mgm-edv.de/ejbsig/ejbservers.html http://www.javaworld.com/javaworld/tools/jw-tools-appserver.htmlhttp://www.appserver-zone.com/http://www.devx.com/devxpress/gurl.asp?i=1X1095373X7360

WebSphere Architecture and Programming Model:http://www.research.ibm.com/journal/sj/373/bayeh.html

9

17

Commercial Application Servers

Xoology ConcertoSybase EAServerIONA iPortalAligo M-1Advanced Network Systems WebIxOracle9iBEA WebLogicIBM WebSphere

18

J2EE Platform:The Whole is Greater than the Sum of its Parts

10

19

J2EE: A Complete Computing Environment

Platform SpecificationLists required elements of the platformLists policies to follow for a valid implementation

Reference ImplementationSemantically correct prototype to test against

Compatibility Test SuiteAPI-level compatibility, component-level tests,end-to-end compatibility

Application Programming Model: java.sun.com/j2ee

20

The Three Cs:Components, Containers, Connectors

11

21

J2EE: Components

Enterprise JavaBeansServer-side solutions can be built without regards forthe database, transaction server, or application theyrun on

ServletsRun on vast majority of web servers

JavaServer PagesDynamic content leverages off the full power of Java

22

J2EE: Containers

Containers provide high-performance, scalableenvironments for J2EE-enabled serversJ2EE-enabled servers support EJB-basedcomponents, servlets, and JSP-based pages

12

23

J2EE: Connectors

Connectors allow J2EE-based solution to preserve,protect, and leverage off of existing enterpriseinvestments

24

J2EE: Unifying the Three Cs

Single platformStandard platform-independent technologyApplications built with components can be run onany J2EE server, and are able to talk to enterprise-class systems that exist today

13

25

Creating an EJB ComponentExample:try {

// get the JNDI naming contextContext initialCtx = new InitialContext ();

// use the context to lookup the home interfaceCheckingHome home =

(CheckingHome) initialCtx.lookup ("checking");

// use the home interface to create the enterprise BeanChecking server = home.create ();

// invoke business methods on the beanserver.createAccount (1234, "Athul", 1000671.54d);

}catch (Exception ex) {ex.printStackTrace ();

}

26

BEA WebLogic Application Server

14

27

Part II

J2EE Services

Also See Session 5 and Session 6 Handouts on:

“JNI”“JTS - Demarcated Transaction Support”

“Understanding Java Messaging and JMS”“EJB Patterns”

“Persistence in EJB Frameworks”“Efficient CMP Development”

and Session 6 Sub-Topic 2 Presentation on:

“Designing Databases for eBusiness Solutions”

28

J2EE OMA Services

Activation ServicesRMI Activation FrameworkJavaBeans Activation Framework

Naming and Directory ServiceJNDI and JNDI SPIs for CosNaming, RMI, NIS, NDS, LDAP

Trading ServiceJini

JTA and JTSMessaging Services

JMSJavaMail

15

29

Java and Database TechnologyJavaSpaces

Create and store objects with persistenceAllow process integrityhttp://www.javasoft.com/products/javaspaces/index.html

JDBC Data Access APIAccess tabular data sources from Javahttp://www.javasoft.com/products/jdbc/index.html

J2EE database access and container managed persistence(http://java.sun.com/j2ee/j2sdkee/techdocs/guides/ejb/html/DevGuideTOC.html)

Pjama: Orthogonal Persistence for the Java Platformhttp://www.sun.com/research/forest/opj.main.htmlhttp://www.dcs.gla.ac.uk/pjava/

30

EJB Persistence Service Architecture

See Persistence Service Interface for Entity Beans:http://jsp.java.sun.com/javaone/javaone2000/pdfs/TS-1498.pdf

See JBoss Persistence Manager Architecture:http://javatree.web.cern.ch/javatree/share/opt/net/jboss-2.0/docs/container.html

JAWS (Just Another Web Store) is the default CMP (ContainerManager Persistence) plugin that performs basic O/R functionalityagainst a JDBC-store

See Patterns for Object Relational Access Layershttp://www.objectarchitects.de/ObjectArchitects/orpatterns/EJBPersistence

16

31

Persistence Service Performance Issues

Complexity of an optimal access layerObject to Tuple Layer Logical MappingPhysical Layer Mapping

Caching to reduce database traffic and disk I/OData Clustering

Application must still be maintainable at a reasonable cost

See Session 6 Handouts and Presentations:“Efficient CMP Development”“Enterprise JavaBeans Patterns”“Designing Databases for eBusiness Solutions”

32

[Asset Managers]

Vendor Agnostic MiddlewareMQ Series MSMQ JMS TIBCOSeeBeyond

Open Adaptors

MessagingReliable Messaging Transactional IntegrityTwo Phase Commit

[BusinessProcess Engine]

ISO 15022

SecureIP

Network

PervasiveDevices

Asset managers

[NOI/Orders]

rendezvousDeGate

eWay

[Order Capture]

Collaboration

IQ IQ IQ

Scal

abili

ty [Order Matching]

ELBP

ELBP

Mainframe

[Settlement]

Java BeanConnectors

[ECNs]

SecureIP

Network

[Data Aggregation andintra day reporting]

• Exceptions• Real Time Analytics

1

24

5

7

[OrderExecution]

[Confirms]6

ENTERPRISE LEVEL Business Process [Trade execution]

1 2

3

4

5 6

3

[Custodians]

Faul

t Tol

eran

ce

Sample XML-Based MOM Architecture

17

33

Part III

J2EE Web Architectures

Also See Session 3 and Session 6 Handouts on:

“Applets, Servlets, and Java Server Pages”“Servlets”

“The Basics of the Palm Platform and the PalmOS Emulator”

34

Web-Enabled Architectures(evolution)

Traditional client-server technologyCGI frameworksPage-based extended HTML environmentsDistributed object computing platformsJava-BasedObject Management Architectures (OMAs)Component-based computing environmentsWeb Services platformsNext generation application servers (reflective,multimedia- and agent enabled, MDA-compliant, etc.)

18

35

Web and Client Application Services

Activation ServicesClient: MIME Handler, and Applet ActivationWeb Server: File-Stream, Process, Script Engine, Servlet, JSP, and EJBActivation

Naming and Directory ServiceDNS and Java-Based DNS InterfacingNIS, NDS, LDAP

Custom Transaction ServicesBased on Encina, Tuxedo, etc.

Custom Messaging ServicesTIBCOMQSeries

36

J2EE Web-Enabling Component Models

Javasoft’s Applet Tutorial:http://java.sun.com/docs/books/tutorial/applet/TOC.html

Swing Applets:http://java.sun.com/docs/books/tutorial/uiswing/start/swingApplet.html

Java Web Start:http://www.javasoft.com/products/javawebstart/index.html

Servlets, Servlet filters, Cocoon/XSPsSee previous sessions and related session 3 handouts

Connected DevicesSee related session 6 handout on the Palm PlatformSee http://webdev.apl.jhu.edu/~rbe/kvm/

19

37

Java Servlets & Java Server Pages

See Session 3 Handout:Applets, Servlets, and Java Server Pages

See Javasoft’s Documentation on Servlets:http://java.sun.com/products/servlet/index.html

See Javasoft’s Documentation on JSPs:http://java.sun.com/products/jsp/

Servlet Example: Cocoonhttp://xml.apache.org

38

Part IV

Security in J2EE Application Servers(more on SSL and Servlet authentication/integrity/privacy to come in session 7)

See Session 6 Sub-Topic 3 Presentation on:

“Java 2 Security”

20

39

Java Security

Java Security APIhttp://www.javasoft.com/security/index.html

Signed Applets:http://java.sun.com/products/plugin/1.2/docs/signed.html

RSA Signed Applets:http://java.sun.com/products/plugin/1.3/docs/nsobjsigning.html

40

Distributed Application Requirements

Security model based on the origin of running code is notsufficientAuthentication (i.e., checking credentials) of either orboth parties is necessary as requests themselves must betrustedBoth client and server may want to check their identities(i.e., mutual authentication)

21

41

Basic Authentication with HTTPBuilt-in challenge/response authentication: basic & digest

Verify that both parties know a shared passwordBasic:

Client: GET /secureApp/resource1 HTTP/1.1 Host:fooServer: HTTP/1.1 401 Unauthorized WWW-Authenticate: Basicrealm=“homer”Client: Get /secureApp/resource1 HTTP/1.1 Host:foo Authorization:Basic (base-64 encoded user name/password)Server: (ok) or “403 Access Denied”

Limitations:Authentication info must be included with every request, as it cannot becached securely, and base-64 encoding is not encryption => needencrypted link and strong server authentication

42

Digest Authentication with HTTP 1.1Client must prove knowledge of a password without transmitting itMore safeguards against replay attacksAuthenticate header contains authentication scheme, realm +“nonce”Client calculates a digest based on these parameters and the HTTPmethod and request URIDigest is a fixed-length encoding of some data

Data cannot be inferred from the digestTwo digests are identical for the same data

Default digest algorithm is MD5Limitations: servers must store client passwords securely, and theapproach is subject to replay attacks (need to secure the “nonce”parameter)

22

43

Basic Encrypted CommunicationEncrypt data with a key so that it can only be decryptedwith a matching keySymmetric key: same key used for encryption/decryptionAsymmetric key: key split into private/public key

Public key encryption can only be decrypted viaprivate key, while private key encryption can bepublicly decryptedCan either “hide” data (only intended recipient gets it)or sign data (recipient can tell where data comes from)

44

J2EE Security Mechanisms(to be continued)

HTTP authentication and SSL in servlet/JSP architectureIntegrity/privacy contraints for servletsProgrammatic securityetc.

23

45

Part V

Conclusion

46

Summary

J2EE component-based development environments are anevolution of distributed computing platforms based on RMI andRMI-IIOPJ2EE provides a platform specification, a referenceimplementation, a compatibility test suite, and a reusablecomponent development and deployment modelThe EJB specification describes the J2EE reusable servercomponent modelJ2EE architectures automate the integration of OMA services inJava enterprise applications, provide web-enabling and secure-messaging facilities, and enterprise assurance features

24

47

Readings

ReadingsBuilding Application Servers: Part III, Chapters 1-3Professional Java II: Chapters 1-3Handouts posted on the course web siteExplore J2EE environmentsRead related white papers/documentation on the J2EEenvironments

48

Project Frameworks

Project Frameworks Setup (ongoing)Apache Web Server (version 1.3.20, www.apache.org)Perl (version 5.x, www.perl.com), PHPMicrosoft IIS with COM+ and ASP (), ChiliSoftApache TomcatMacromedia JRunApache Cocoon 2/XSPVisibroker, OrbacusRMI-IIOP

25

49

AssignmentAssignment:

Explore the textbooks’ references to Application Servertechnology (continued)#5a: Investigate J2EE development environments. Write ashort report that documents your findings andrecommendations with respect to selection criteria insupport of development environments for application servertechnologies covered in this session#5b: See homework #5 specification (due date is 11/05/01)

50

Next Session:J2EE Component-Based

Computing Environments (Part II)

WebLogicWebSphereOpen Source J2EE Environments

Jboss, Enhydra, OpenEJB