Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
1
1
Application ServersG22.3033-011
Session 6 - Main ThemeJ2EE Component-Based Computing Environments
Dr. Jean-Claude Franchitti
New York UniversityComputer Science Department
Courant Institute of Mathematical Sciences
2
Agenda
EJB Component ModelJ2EE Services
JNDI, JMS, JTS, CMP/BMP/JDBC, JavaMail, etc.J2EE Web ArchitecturesSecurity in J2EE Application ServersSummaryReadingsAssignment #5
2
3
Summary of Previous Session
CORBA-Based Object Management ArchitecturesJava-Based Application ServersWindows ServicesSummaryReadings
4
Additional References
Intranet Architectures and Performance Reporthttp://www.techmetrix.com/lab/benchcenter/archiperf/archiperftoc.shtml#TopOfPage
RMI FAQhttp://java.sun.com/products/javaspaces/faqs/rmifaq.html
CORBA beyond the firewallhttp://www.bejug.org/new/pages/articles/corbaevent/orbix/
Web Object Integration (vision document) http://www.objs.com/survey/web-object-integration.htm
3
5
Application Servers ArchitecturesApplication Servers for Enhanced HTML (traditional)
a.k.a., Page-Based Application ServersMostly Used to Support Standalone Web Applications
New Generation Page-Based Script-Oriented App. ServersFirst Generation Extensions (e.g., Microsoft IIS with COM+/ASP)Servlet/JSP EnvironmentsXSP EnvironmentCan now be used as front-end to enterprise applicationsHybrid development environments
Distributed Object Computing PlatformsProvide an infrastructure for distributed communications enablingStill need to merge traditional web-oriented computing with object computing
Object Management ArchitecturesDOC Platform + APIs to reusable services and facilities
OMAs + Component Models -> J2EE, CCM, DNA
6
Java Database Technology Review
Session 6 handout: “Java and Database Technology - JDBC”Data ModelingLogical Database DesignPhysical Database DesignDatabase System Programming ModelsDatabase ArchitecturesDatabase Storage ManagementDatabase System AdministrationCommercial Systems: www.oracle.com.,www.ibm.com/db2,www.informix.com,www.sybase.com
4
7
Java Database Technology Review(continued)
Parallel and Distributed DatabasesWeb DatabasesData Warehousing and Data MiningMobile DatabasesSpatial and Multimedia DatabasesGeographic Information SystemsActive DatabasesTemporal DatabasesDeductive Databases
8
Java Database Technology Review(continued)
Java and ODBs:Related Developments:
Persistent Object StoresObject-Oriented Database Management SystemsObject/Relational Mapping Automation
See Object-Oriented Database Articles athttp://www.odbmsfacts.com/
5
9
Part I
EJB Component Model
Also See Session 6 Handout on:
“The Enterprise JavaBeans (EJB) Server Component Model”“Technical Introduction to Enterprise JavaBeans”
“Introduction to Enterprise JavaBeans”“Enterprise JavaBeans FAQs”
“Is EJB Right for Me?”
and Session 6 Sub-Topic 1 Presentation on:
“Using Enterprise JavaBeans”
10
Enterprise JavaBeans (EJBs)
Enterprise Application Platforms:Provide model for the development anddeployment of reusable Java server componentsSupport component modelingHandle the serving of EJBs
Next Steps:“Model-Centric” Application Development
6
11
Enterprise JavaBeans Container
12
Enterprise JavaBeans and Services
Application ServerContainer
Enterprise JavaBean
ServicesLifecycle
Transaction
Security
Load Balancing
Error Handling
Persistence*
* In the EJB 1.0 specification support for persistence services isoptional. In the EJB 1.1 specification it is mandatory.
Threading
7
13
Sample DemoBean Application Architecture
14
Session and Entity Beans
Application Server
ATMSession
Bean
AccountEntity Bean
B
Transfer $100 fromAccount A to Account B
Subtract
$100
Add $100
Database
Update Account
Update Account
AccountEntity Bean
A
8
15
EJB Physical Partioning
WebServer
WebServer
WebServer
EJBServer
EJBServer
EJBServer
WebBrowser
WebBrowser
WebBrowser
Database
EJBs communicate to thedatabase through Java DatabaseConnectivity (JDBC). Theapplication server pools andmanages database connectionsfor maximum efficiency.
The application server distributesload across all available EJBservers and provides fail-over ifone of the EJB servers goesdown.
A Domain Name System (DNS)server routes incoming browserrequests evenly across a pool ofweb servers. This technique isreferred to as DNS round-robining.The application server providesfail-over if one of the web serversgoes down.
16
Java-Based and J2EEApplication Servers
Third-Party Vendorshttp://www.app-serv.com/contend.html
See:www.javapro.com: Special Edition on Application Servers (Fall 2001)http://www.java-zone.com/free/articles/sf0101/sf0101-1.asphttp://www.mgm-edv.de/ejbsig/ejbservers.html http://www.javaworld.com/javaworld/tools/jw-tools-appserver.htmlhttp://www.appserver-zone.com/http://www.devx.com/devxpress/gurl.asp?i=1X1095373X7360
WebSphere Architecture and Programming Model:http://www.research.ibm.com/journal/sj/373/bayeh.html
9
17
Commercial Application Servers
Xoology ConcertoSybase EAServerIONA iPortalAligo M-1Advanced Network Systems WebIxOracle9iBEA WebLogicIBM WebSphere
18
J2EE Platform:The Whole is Greater than the Sum of its Parts
10
19
J2EE: A Complete Computing Environment
Platform SpecificationLists required elements of the platformLists policies to follow for a valid implementation
Reference ImplementationSemantically correct prototype to test against
Compatibility Test SuiteAPI-level compatibility, component-level tests,end-to-end compatibility
Application Programming Model: java.sun.com/j2ee
20
The Three Cs:Components, Containers, Connectors
11
21
J2EE: Components
Enterprise JavaBeansServer-side solutions can be built without regards forthe database, transaction server, or application theyrun on
ServletsRun on vast majority of web servers
JavaServer PagesDynamic content leverages off the full power of Java
22
J2EE: Containers
Containers provide high-performance, scalableenvironments for J2EE-enabled serversJ2EE-enabled servers support EJB-basedcomponents, servlets, and JSP-based pages
12
23
J2EE: Connectors
Connectors allow J2EE-based solution to preserve,protect, and leverage off of existing enterpriseinvestments
24
J2EE: Unifying the Three Cs
Single platformStandard platform-independent technologyApplications built with components can be run onany J2EE server, and are able to talk to enterprise-class systems that exist today
13
25
Creating an EJB ComponentExample:try {
// get the JNDI naming contextContext initialCtx = new InitialContext ();
// use the context to lookup the home interfaceCheckingHome home =
(CheckingHome) initialCtx.lookup ("checking");
// use the home interface to create the enterprise BeanChecking server = home.create ();
// invoke business methods on the beanserver.createAccount (1234, "Athul", 1000671.54d);
}catch (Exception ex) {ex.printStackTrace ();
}
26
BEA WebLogic Application Server
14
27
Part II
J2EE Services
Also See Session 5 and Session 6 Handouts on:
“JNI”“JTS - Demarcated Transaction Support”
“Understanding Java Messaging and JMS”“EJB Patterns”
“Persistence in EJB Frameworks”“Efficient CMP Development”
and Session 6 Sub-Topic 2 Presentation on:
“Designing Databases for eBusiness Solutions”
28
J2EE OMA Services
Activation ServicesRMI Activation FrameworkJavaBeans Activation Framework
Naming and Directory ServiceJNDI and JNDI SPIs for CosNaming, RMI, NIS, NDS, LDAP
Trading ServiceJini
JTA and JTSMessaging Services
JMSJavaMail
15
29
Java and Database TechnologyJavaSpaces
Create and store objects with persistenceAllow process integrityhttp://www.javasoft.com/products/javaspaces/index.html
JDBC Data Access APIAccess tabular data sources from Javahttp://www.javasoft.com/products/jdbc/index.html
J2EE database access and container managed persistence(http://java.sun.com/j2ee/j2sdkee/techdocs/guides/ejb/html/DevGuideTOC.html)
Pjama: Orthogonal Persistence for the Java Platformhttp://www.sun.com/research/forest/opj.main.htmlhttp://www.dcs.gla.ac.uk/pjava/
30
EJB Persistence Service Architecture
See Persistence Service Interface for Entity Beans:http://jsp.java.sun.com/javaone/javaone2000/pdfs/TS-1498.pdf
See JBoss Persistence Manager Architecture:http://javatree.web.cern.ch/javatree/share/opt/net/jboss-2.0/docs/container.html
JAWS (Just Another Web Store) is the default CMP (ContainerManager Persistence) plugin that performs basic O/R functionalityagainst a JDBC-store
See Patterns for Object Relational Access Layershttp://www.objectarchitects.de/ObjectArchitects/orpatterns/EJBPersistence
16
31
Persistence Service Performance Issues
Complexity of an optimal access layerObject to Tuple Layer Logical MappingPhysical Layer Mapping
Caching to reduce database traffic and disk I/OData Clustering
Application must still be maintainable at a reasonable cost
See Session 6 Handouts and Presentations:“Efficient CMP Development”“Enterprise JavaBeans Patterns”“Designing Databases for eBusiness Solutions”
32
[Asset Managers]
Vendor Agnostic MiddlewareMQ Series MSMQ JMS TIBCOSeeBeyond
Open Adaptors
MessagingReliable Messaging Transactional IntegrityTwo Phase Commit
[BusinessProcess Engine]
ISO 15022
SecureIP
Network
PervasiveDevices
Asset managers
[NOI/Orders]
rendezvousDeGate
eWay
[Order Capture]
Collaboration
IQ IQ IQ
Scal
abili
ty [Order Matching]
ELBP
ELBP
Mainframe
[Settlement]
Java BeanConnectors
[ECNs]
SecureIP
Network
[Data Aggregation andintra day reporting]
• Exceptions• Real Time Analytics
1
24
5
7
[OrderExecution]
[Confirms]6
ENTERPRISE LEVEL Business Process [Trade execution]
1 2
3
4
5 6
3
[Custodians]
Faul
t Tol
eran
ce
Sample XML-Based MOM Architecture
17
33
Part III
J2EE Web Architectures
Also See Session 3 and Session 6 Handouts on:
“Applets, Servlets, and Java Server Pages”“Servlets”
“The Basics of the Palm Platform and the PalmOS Emulator”
34
Web-Enabled Architectures(evolution)
Traditional client-server technologyCGI frameworksPage-based extended HTML environmentsDistributed object computing platformsJava-BasedObject Management Architectures (OMAs)Component-based computing environmentsWeb Services platformsNext generation application servers (reflective,multimedia- and agent enabled, MDA-compliant, etc.)
18
35
Web and Client Application Services
Activation ServicesClient: MIME Handler, and Applet ActivationWeb Server: File-Stream, Process, Script Engine, Servlet, JSP, and EJBActivation
Naming and Directory ServiceDNS and Java-Based DNS InterfacingNIS, NDS, LDAP
Custom Transaction ServicesBased on Encina, Tuxedo, etc.
Custom Messaging ServicesTIBCOMQSeries
36
J2EE Web-Enabling Component Models
Javasoft’s Applet Tutorial:http://java.sun.com/docs/books/tutorial/applet/TOC.html
Swing Applets:http://java.sun.com/docs/books/tutorial/uiswing/start/swingApplet.html
Java Web Start:http://www.javasoft.com/products/javawebstart/index.html
Servlets, Servlet filters, Cocoon/XSPsSee previous sessions and related session 3 handouts
Connected DevicesSee related session 6 handout on the Palm PlatformSee http://webdev.apl.jhu.edu/~rbe/kvm/
19
37
Java Servlets & Java Server Pages
See Session 3 Handout:Applets, Servlets, and Java Server Pages
See Javasoft’s Documentation on Servlets:http://java.sun.com/products/servlet/index.html
See Javasoft’s Documentation on JSPs:http://java.sun.com/products/jsp/
Servlet Example: Cocoonhttp://xml.apache.org
38
Part IV
Security in J2EE Application Servers(more on SSL and Servlet authentication/integrity/privacy to come in session 7)
See Session 6 Sub-Topic 3 Presentation on:
“Java 2 Security”
20
39
Java Security
Java Security APIhttp://www.javasoft.com/security/index.html
Signed Applets:http://java.sun.com/products/plugin/1.2/docs/signed.html
RSA Signed Applets:http://java.sun.com/products/plugin/1.3/docs/nsobjsigning.html
40
Distributed Application Requirements
Security model based on the origin of running code is notsufficientAuthentication (i.e., checking credentials) of either orboth parties is necessary as requests themselves must betrustedBoth client and server may want to check their identities(i.e., mutual authentication)
21
41
Basic Authentication with HTTPBuilt-in challenge/response authentication: basic & digest
Verify that both parties know a shared passwordBasic:
Client: GET /secureApp/resource1 HTTP/1.1 Host:fooServer: HTTP/1.1 401 Unauthorized WWW-Authenticate: Basicrealm=“homer”Client: Get /secureApp/resource1 HTTP/1.1 Host:foo Authorization:Basic (base-64 encoded user name/password)Server: (ok) or “403 Access Denied”
Limitations:Authentication info must be included with every request, as it cannot becached securely, and base-64 encoding is not encryption => needencrypted link and strong server authentication
42
Digest Authentication with HTTP 1.1Client must prove knowledge of a password without transmitting itMore safeguards against replay attacksAuthenticate header contains authentication scheme, realm +“nonce”Client calculates a digest based on these parameters and the HTTPmethod and request URIDigest is a fixed-length encoding of some data
Data cannot be inferred from the digestTwo digests are identical for the same data
Default digest algorithm is MD5Limitations: servers must store client passwords securely, and theapproach is subject to replay attacks (need to secure the “nonce”parameter)
22
43
Basic Encrypted CommunicationEncrypt data with a key so that it can only be decryptedwith a matching keySymmetric key: same key used for encryption/decryptionAsymmetric key: key split into private/public key
Public key encryption can only be decrypted viaprivate key, while private key encryption can bepublicly decryptedCan either “hide” data (only intended recipient gets it)or sign data (recipient can tell where data comes from)
44
J2EE Security Mechanisms(to be continued)
HTTP authentication and SSL in servlet/JSP architectureIntegrity/privacy contraints for servletsProgrammatic securityetc.
23
45
Part V
Conclusion
46
Summary
J2EE component-based development environments are anevolution of distributed computing platforms based on RMI andRMI-IIOPJ2EE provides a platform specification, a referenceimplementation, a compatibility test suite, and a reusablecomponent development and deployment modelThe EJB specification describes the J2EE reusable servercomponent modelJ2EE architectures automate the integration of OMA services inJava enterprise applications, provide web-enabling and secure-messaging facilities, and enterprise assurance features
24
47
Readings
ReadingsBuilding Application Servers: Part III, Chapters 1-3Professional Java II: Chapters 1-3Handouts posted on the course web siteExplore J2EE environmentsRead related white papers/documentation on the J2EEenvironments
48
Project Frameworks
Project Frameworks Setup (ongoing)Apache Web Server (version 1.3.20, www.apache.org)Perl (version 5.x, www.perl.com), PHPMicrosoft IIS with COM+ and ASP (), ChiliSoftApache TomcatMacromedia JRunApache Cocoon 2/XSPVisibroker, OrbacusRMI-IIOP
25
49
AssignmentAssignment:
Explore the textbooks’ references to Application Servertechnology (continued)#5a: Investigate J2EE development environments. Write ashort report that documents your findings andrecommendations with respect to selection criteria insupport of development environments for application servertechnologies covered in this session#5b: See homework #5 specification (due date is 11/05/01)
50
Next Session:J2EE Component-Based
Computing Environments (Part II)
WebLogicWebSphereOpen Source J2EE Environments
Jboss, Enhydra, OpenEJB