New in JAX-RS 2.0 – @BeanParam annotation

JAX-RS is awesome to say the least and one of my favorites! Why?

  • Feature rich
  • Intuitive (hence the learning curve is not as steep)
  • Easy-to-use and develop with
  • Has great RIs – Jersey, RestEasy etc

There are enough JAX-RS fans out there who can add to this! ;-)

JAX-RS 2.0 is the latest version of the JSR 311 specification and it was released along with Java EE 7.

Life without @BeanParam

Before JAX-RS 2.0, in order to pass/inject information from an HTTP request into JAX-RS resource implementation methods, one could

1. Include multiple method arguments annotated with @FormParam, @PathParam, @QueryParam etc





2. Or, have a model class backed by JAXB/JSON or a custom MessageBodyReader implementation for JAX-RS Provider to be able to unmarshall the HTTP message body to a Java object – read more about this in one of my previous posts






This means that something like a HTML5 based client would need to extract the FORM input, convert it into JSON or XML payload and then POST it over the wire.

Simplification in JAX-RS 2.0

This process has been simplified by introduction of the @BeanParam annotation. It helps inject custom value/domain/model objects into fields or method parameters of JAX-RS resource classes.

In case you want to refer to the code (pretty simple) or download the example/run it yourself, here is the GitHub link

All we need to do is, annotate the fields of the model (POJO) class with the injection annotations that already exist i.e. @PathParam, @QueryParam, @HeaderParam, @MatrixParam etc – basically any of the @xxxParam metadata types and



Make sure that we include the @BeanParam annotation while injecting a reference variable of this POJO (only on METHOD, PARAMETER or FIELD).


JAX-RS provider automatically constructs and injects an instance of your domain object which you can now use within your methods.

Just fill in the form information and POST it !





That’s it. . . Short and Sweet :-)

Keep Coding !

Posted in Java EE | Tagged , , , , , | Leave a comment

Oracle IDM R2 PS2 : Rich Diagnostics



feature-img2 feature-img1





Oracle IDM R2 PS2 provides some really efficient troubleshooting, monitoring and diagnostic features. This post will provide a quick overview of the same and delve into using one such feature to resolve a practical issue.

New Diagnostic Features: Overview

1. Orchestration diagnostics - The EM console can be used to drill down into the Orchestration related details of events within OIM

  •      A Dashboard to view recent operations and events
  • Info regarding ALL the event handlers attached to a particular operation – including  CUSTOM developed. No more digging into XMLs form MDS !
  • Powerful search features for all Operations (search by Operation Type, Operation ID etc)


2. Dynamic Monitoring Service (DMS) is an Oracle FMW component which enables performance tracking of various OIM modules and services such as scheduled tasks, event handlers, platform resources etc. One can export DMS metrics for detailed introspection as well

3. Reconciliation Profile validation

  •      Validate Recon profiles via MBeans via EM console – great for debugging issues
  •      Also provides reconciliation tables related indices which can help compare Database tuning as per documented mandates

A detailed explanation of each of these features is difficult to cover in a single post – skipping this for a future blog post (series). For now, let us explore a real world use case where such diagnostic capability can be used

I happened to come across a particular issue and resolved it with the help one of the many OIM PS2 diagnostic features. This one happened to be related to OIM Reconciliation Profiles.

The problem statement

  • Reconciliation job execution was not resulting in event creation.
  • The server console logs pointed to a SAX parsing exception.


Note: Whenever I see an XML parsing (SAX or DOM) exception in context of reconciliation, the brain invariably gravitates towards the Reconciliation Profile XML – yes. It’s a boon in general, but a curse because it has a tendency to get corrupted (because of no apparent reason).

The investigation

Time to use the new Reconciliation Profile validation diagnostic feature in PS2 (mentioned above) which enables us to validate and detect errors in the OIM Reconciliation Profile. It does so by exposing this service as an MBean. Sweet !! :-)

So how to go about this?

1. Log into EM console and take up the route shown in the snapshot below (yes, a picture is worth a thousand words and 10 minutes of writing something which can be easily portrayed via a visual medium!)


2. The next obvious step was to export the Recon profile XML itself in order to further drill down on matchingRule element (since there can be multiple such elements and the error indicates that one of them might be empty – hence the schema violation error resulting in a parsing error)

Exporting the recon profile XML via EM console

Note: This is not a diagnostic feature as such or a new functionality. This is present since OIM 11g R1 era

No need to execute manual processes – use the EM GUI to get the job done fast. Follow the snapshots



Finally – click on the Invoke button and you should have the profile exported to the location mentioned above

Note: If required, you can easily change/modify the XML and use the importMetadata operation of the same MBean to import with a single click (try it out)

The profile was exported in order to investigate it further. Let’s see what was the issue was



So, finally it is evident as to which matchingRule tag was empty.


Well, it all boiled down to a missing configuration in the Connector artifact – missing KEY field configuration for the child field (in the Process Definition).

Take away point

OIM is a feature rich product. Hence, things can get complicated at times and errors can get hard to debug. We saw how easy it was to drill down to the cause of the error and ultimately fix it

Why/How did this happen? That was not really the point of this post. In case you are inquisitive, looks like this is a bug in the connector ! ;-) That’s for a later post – maybe after further introspection


  • Include the KEY field config for child field in Process Definition
  • Recreate the Recon Profile
  • Validate the same via EM console (already explained)
  • Move on with your life ! ;-)

Remember - bugs/errors/issues are an opportunity for us to learn and doscover something new. Software can never be perfect in a single go. Be patient, try to diagnose, know your tools, know how to use them – if there are no tools, just build one and blog about it !! ;-)

Until then. . . Cheers ! ! !

Posted in Oracle Identity Governance, Oracle Identity Manager | Tagged , , , , , , , | Leave a comment

Jersey SSE capability in Glass Fish 4.0.1

jerseylogo    sse




Glass Fish bundles different Reference Implementations for various Java EE specifications e.g. Weld for CDI, Mojarra for JSF, Tyrus for WebSocket, Jersey for JAX-RS. Glass Fish 4.0.1 is in the pipeline and slated to cover updates for many of the components/modules which both include new features and bug fixes of course.

Server Sent Events feature in Jersey will be supported with Glass Fish 4.0.1. Let’s try and test out this feature

  1. Download the latest Glass Fish build from here

12. Unzip the contents of the ZIP installer and configure the same in your IDE ( I am using NetBeans ). Note: I am using using JDK 8. Remember to configure Glass Fish to use the same









3. Make sure you include the highlighted JARS ( below ) in your class path. These are available under GF_INSTALL/glassfish/modules





Now, the sample code for Jersey SSE feature demonstration. Its relatively simple.

There are three primary classes involved

It serves as a Producer of stream of events and is modeled as JAX-RS resource which emits events when invoked with a GET method. The returned event streams are abstracted in the form of on to which a object is written. The OutboundEvent consists of the actual event data.


This class serves as consumer of the events produced by the class. This is a simple JAX-RS client which sends a GET request to the published JAX-RS resource, reads the org.glassfish.jersey.client.ChunkedInput and further extracts the actual event data from instance


As commonly the case with JAX-RS, this serves as bootstrap class


To test the SSE functionality from server ( producer ) to client ( consumer ), deploy your application and just access the Servlet on http://you_gfish_ip:port/JerseySSE/SSETest. You should see the following logs



About the FishCAT – Glass Fish Community Acceptance Testing program. Everyone is welcome to participate!

More on Jersey and Server Sent Events here.

This was a rather quick one.. Not bad ! Now you have time to go and do something more useful ;-)


Posted in Java, Java EE | Tagged , , , , , , , , | Leave a comment

Gearing up for JavaOne 2014 !

Hold that thought ! Yeah.. I wish I was presenting at Java One 2014 – but I am only worthy of doing that in my dreams right now ;-)

But nothing is stopping me from following Java One and tracking sessions/talks about my favorite topics. I am hoping Oracle would make the 2014 talks available online for mortals like us just like it did for the 2013 edition

I have already made my list of talks ( see below ) which I am going to pounce upon ( once they are available ) . . . Have You ? :-)

Lessons Learned from Real-World Deployments of Java EE 7 – Arun Gupta talks dissects live Java EE 7 applications and shares his thoughts and learnings

50 EJB 3 Best Practices in 50 Minutes – need I say more… ?

eBay, Connecting Buyers and Sellers Globally via JavaServer Faces

Applied Domain-Driven Design Blueprints for Java EE - Have you been following and learning from the Cargo Tracker Java EE application already? You are going to love this talk by Reza and Vijay

JPA Gotchas and Best Practices: Lessons from – nothing like listening to a ‘real’ world example

RESTful Microservices – Never heard of this one! It’s about leveraging Jersey 2.0 to achieve what you haven’t until now ;-)

Java API for JSON Binding: Introduction and Update – Potential Java EE 8 candidate and JAXB’s better half !

Is Your Code Parallel-Ready? – Love hacking on Java 8 Stream API? Yes.. this one is for you!

Java EE Game Changers – Tomitribe’s David Blevins will talk about the journey from J2EE to Java EE 7, provide insights into Java EE 8 candidates and much more!

Programming with Streams in Java 8 – I don’t think I need to comment

Unorthodox Enterprise Practices – Thoughts on Java EE design choices with live coding.. By one of my favorites.. Adam Bien :-)

Inside the CERT Oracle Secure Coding Standard for Java

RESTing on Your Laurels Will Get You Pwned – When the rest of the world in going ga-ga about REST, this talk will attempt to look at the dark side and empower us with skills to mitigate REST related vulnerabilities

Java EE 7 Batch Processing in the Real World – another live coding session using Java EE 7 standards !

Scaling a Mobile Startup Through the Cloud: A True Story – The folks at CodenameOne reveal their secrets

The Anatomy of a Secure Web Application Using Java – developing and deploying secure Java EE web application in the cloud.. now who does not want to do that ?!

Dirty Data: Why XML and JSON Don’t Cut It and What You Can Do About It – I haven’t thought beyond XML and JSON, but apparently some guys have and you must listen to them!

API Design Checklist - no comments needed

Java EE 7 and Spring 4: A Shootout — I have been waiting for this !

The Path to CDI 2.0 – Antoine, the CDI guy at Red Hat talks about . . of course. . CDI ! This includes discussion about 1.1/1.2 along with what’s coming up in CDI 2.0

Five Keys for Securing Java Web Apps – looks like I am repeating myself here.. but too much security can never be bad.. right?

Java EE 7 Recipes – Yeah! cooked up by Josh Juneau

There is still time . . .  Pick and gear up for your favorite tracks. More details on the official JavaOne website

Until then.. Happy Learning! :-)

Posted in Java | Tagged , , , , | Leave a comment

Packt Publishing celebrates 10 years with a special $10 offer !



It has been 10 years since Packt Publishing embarked on its mission to deliver effective learning and information services to IT professionals. In that time, it has published over 2000 titles and helped projects become household names, awarding over $400,000 through its Open Source Project Royalty Scheme.

To celebrate this huge milestone, Packt is offering all of its eBooks and Videos at just $10 each ! – this promotion covers every title and customers can stock up on as many copies as they like until July 5th.

If you’ve already tried a Packt title in the past, you’ll know this is a great opportunity to explore what’s new and maintain your personal and professional development. If you’re new to Packt, then now is the time to try their extensive range – Within their 2000+ titles range, you’ll find the knowledge you really need , whether that’s specific learning on an emerging technology or the key skills to keep you ahead of the competition in more established tech fields.

Hurry up . . . Don’t blame me for not reminding you about the July 5th time line because that’s when the offer ends ! ;-)

Cheers ! ! !

Posted in Books, Knowledge | Tagged , , , | Leave a comment

A closer look at the Java Identity API


Before I jump into the nitty-gritty, let’s take a look at some of the quick facts about Java Identity API JSR 351. This is a still a work in progress . . .

  • When was the JSR initiated?

This JSR passed the Approval Ballot in October 2011 which was followed by Expert Group formation in November 2011.

  • Who is leading this specification?

The Java Identity API is being lead by Ron Monzillo

  • Expert Group?

The EG consists of representatives from Oracle, IBM, RedHat, SAP and GoldmanSachs as well as individuals

  • Specification document?

This is still in a draft phase and is available at

  • Reference Implementation

Nobis is the RI for the Java Identity API and can be accessed at


If I had to explain the motive behind the Java Identity API in a single line, it would be defined as, a Java standard for Identity Management

On a high level, the primary goals of this standard are,

  • Define a representation for an Identity in Java
  • Facilitate secure usage (creation, exchange, governance) of these ‘identities’  by defining a Standard API and Interaction models between Identity consumers and providers
  • Provide a uniform, high level programming model for application to interact with identity/attribute repositories with heterogeneous domain models


Present Challenges

Currently, the Java Platform does not provide standard interfaces for managing identities. With the increasing use of internet services in day to day applications, adoption of SSO and federation, there is a need to protect network identity. Existing Java objects, such as the X509Certificate and KerberosTicket provide semblance for encapsulating identity attributes, but only to a limited extent. Instead of having disparate and non standard model, there is a requirement for a set of standards to evolve, which can be leveraged by application or identity framework developers to provide rock solid support for propagation and consumption of network identity.


A Simple Analogy

I like to think of it as an API similar to JDBC or JNDI (if not the same). Both these APIs, help developers communicate with underlying data sources or naming services in a loosely coupled fashion through standard interfaces. It allows us to adopt a pluggable architecture wherein different vendor implementations can be leveraged to connect disparate databases (be it Oracle, MySQL, Sybase DB2 . . we really do not care apart from having the vendor JARS in our class path), LDAP servers (AD, OID, Sun Java, Apache etc)


How can the Java Identity API help?

This API will

  • Allow applications to interact with heterogeneous underlying identity repositories in a portable and standard fashion.
  • Allow vendors to develop implementations using the Attribute Service framework to seamlessly interact with attributes in one or more repositories e.g. Facebook, Twitter, Linked in via supported protocols/APIs such as OAUTH, Open ID, FaceBook Connect etc.
  • Enable applications to also act as providers of attributes – this is also a part of the Attribute Service framework
  • Allow the end developers to build applications on top of these implementations.
  • Prevent dependency upon non standard, proprietary implementations to implement identity services within applications

 Salient Features

Some of the key features/highlights of this API have been listed below

  • Compatibility with Java SE 6 and Java EE 6
  • Integration with the Java Security model

The existing objects within the Java Security model like Principal, Subject, Policy etc will be integrated within the API

  • Support for Programmatic as well as Annotation driven programming models
  • Leveraging Contexts and Dependency Injection (CDI)

CDI will render services such as resource injection, life cycle callbacks and of course dependency injection of identity attributes and references within applications via Qualifiers and Producers


Key Terminologies

A brand new specification can often introduce terms or expressions which might sound vague or abstract at first. Here is a list of keywords and concepts which are intimately attached to the Java Identity API. Having a basic understanding of these terminologies is important


Term Description
Entity Nothing but collection of ‘Attributes‘ e.g. A Person can have attributes such as First Name, Last Name, SSN, Email etc.
Attribute It has a name (username, email), value (johndoe, and associated metadata (issuer, expiry)
Entity Reference A secure handle for an entity
Attribute Reference A secure, value independent handle to the Attribute itselfNote: Both Entity and Attribute references facilitate exchange without actually exposing the associated value
Attribute Repository Represents a set of contracts to be implemented in order to integrate with an identity source. Contains the business logic to interact with the end identity repository
Repository Agent It’s bound to a specific Attribute Repository and can be queried to provide a handle to the Attribute Repository it is attached to
Repository Descriptor Describes the relationship b/w a Repository Agent and the Attribute Repository which is bound to the agent
Attribute Provider Interacts with the Repository Agent and acts on its behalf to perform operations requested by the consumer
Attribute Service It’s a service component which is exposed directly to the client application. It provides access to high level interfaces for interacting with and managing identities


 Core API

The Java Identity API is fairly lightweight and compact. The packages which form a part of the core programming interface have been highlighted below

Package Description This package contains the identity attribute and reference types Contains annotations which help provide a  portable identity programming model Contains identity attribute and reference types for use in a Java Subject or AccessControlContext. Provide high-level programming interfaces to the identity attribute services. Contains provider-independent expressions that are used to compose attribute queries. Defines annotations to be used as qualifiers in CDI injection of Identity attributes. Consists of the permission and actions values used to protect the interfaces of the attribute service. Contains interfaces that are to be implemented by attribute providers and repository agents.


Some of the important annotations, interfaces and classes of the Java Identity API have been highlighted below


Component API equivalent
Entity Reference


Interfaces and Classes

Component API equivalent
Entity Reference
Attribute Reference
Attribute Repository AttributeRepository
Attribute Provider
Repository Agent
Repository Descriptor


 High Level Overview of API Usage

Applications need access to underlying repositories to interact with them and perform operations. The below example outlines the sequence of steps highlighting the ways in which an application can leverage the API to obtain handles to the underlying identities and attributes

  1. Concrete implementation of the interface. This encapsulates the services of and the
  1. An instance of the is obtained as a result of binding the LookupService with an implementation of the
  1. The ProviderLookupContext is used to get a reference to that is bound to the range of entities contained in the repository identified by the ProviderLookupContext.
  1. The AttributeProvider implementation is the gateway to the underlying identity repository and exposes CRUD like functionality via the and



 Code Snippet

Reference Implementation

As with most Java standards, JSR 351 has a reference implementation known as  Nobis. It provides implementations for

  • i.e. the ProviderLookupService and AttributeLookupService – to enable search/lookup identity attributes from the repository
  • – serves as a filtration/search criteria

As a part of the implementation, the Nobis RI also provides

  • Post Construct Interceptors corresponding to the and, which are nothing but Interceptor Bindings.
  • A factory like API equivalent for above mentioned Interceptors
  • A sample implementation of Facebook as an Attribute Provider along with JPA based and in-memory providers.


Some things to look forward to

  • How is the API going to evolve and attain final shape
  • How will it be adopted by the community
  • How would this be implemented and leveraged by products and real world applications

Cheers . . . . ! ! :-)

Posted in Java | Tagged , , , , | 1 Comment

Book Review: Java EE 7 with GlassFish4 Application Server

This is a review of the book Java EE 7 with GlassFish 4 Application Server

6886OS_Java EE 7 with GlassFish 4_Frontcover


 What is this book about?

The book is a fast paced tutorial for Java EE 7. It focuses on covering the foundational Java EE specifications including brand new standards in Java EE 7 as well as the exiting specifications which got revamped and improved.

  • Utilizes GlassFish 4 (the reference implementation for Java EE 7) as an example to illustrate the core concepts, usage of standard APIs and to deploy and execute sample applications.
  • Covers prominent Java EE 7 specifications such as JSF 2.2, JPA 2.1, EJB 3.2, CDI 1.1, JSON-P 1.0 (new in Java EE 7), WebSockets 1.0 (new in Java EE 7), JMS 2.0 (major revamp in Java EE 7), JAX-RS 2.0 (for RESTful Web Services)
  • Provides lots of code driven examples to explain API usage

Who has written this book?

This book has been authored by David R. Heffelfinger. More about him here.

Is this book for you ? How can you benefit from it ?

  • Java EE can often get intimidating for a beginner. This book however can be used to gain a quick overview of the overall Java EE landscape, its specifications, various APIs and their usage, in a structured and organized fashion which is important while learning a new technology stack.
  • If you are a relatively experienced Java EE Developer with exposure to Java EE 6 or before, you can leverage this book to empower yourself with new features in Java EE 7 and absorb the concepts with the help of extensive code samples and examples provided in the book.
  • A GlassFish enthusiast can grab this book in order to understand Java EE from GlassFish 4 Application Server perspective and benefit directly from the fact that GlassFish is the RI for Java EE 7 and is bound to implement the latest and greatest features which the platform has to offer.

Please do not be mislead by the title of the book and assume that it’s tightly coupled to GlassFish 4 Application Server.

  • The book merely uses GlassFish 4 as a medium to explain and apply Java EE concepts in a practical and code driven fashion
  • One can carry over the concepts and execute the same examples on any Java EE 7 compliant application server.

Deep Dive into the contents of the book

The book is well organized and divided into distinct chapters. Each chapter dedicated to a specific Java EE standard e.g. EJB 3.2, JPA 2.1 etc

Let’s take a peek into the individual chapters

Chapter 1 – Getting Started With GlassFish

Given the title, it is not surprising that the book begins with an introduction to the GlassFish 4 Application Server and sets the stage for the reader.

  • Introduction to Java EE with a focus on the latest offerings in Java EE 7
  • GlassFish 4 installation, management and application deployment
  • GlassFish 4 domains and JDBC pool setup

Chapter2 – JavaServer Faces

This chapter is all about the JSF API and includes brand new features in JSF 2.2 in Java EE 7.

  • Begins with a quick introduction to JSF and Facelets technology
  • Then it dives into code driven development of a simple JSF application using Facelets. It goes on to demonstrate validation, component grouping, CDI named beans usage and navigation functionality.
  • Using Ajax within JSF is discussed with the help of an example
  • To wrap it up, the chapter demonstrates HTML5 support as well as the Faces Flows feature in JSF 2.2 coupled with concrete code samples.

Chapter 3- Object Relational Mapping with JPA

This chapter deals with JPA 2.1. It explains different components of JPA, and liberally uses examples and sample code.

  • Demonstrates how to code a JPA entity class from scratch
  • Illustrates the usage of important JPA components such as the EntityManager interface and its usage within CDI named beans to execute actual CRUD operations on the backend repository along with the persistence.xml and its role as the primary configuration provider for JPA
  • It talks about JPA entity relationships i.e. one-to-one, one-to-many and many-to-many and explains them with succinct code examples.
  • Briefly touches upon the Java Persistence Query Language and demonstrates its utilization within the JPA framework
  • Delves into the Criteria API which was introduced in JPA 2.0 and serves as an object oriented way to build queries instead of using String based queries in case of JPQL
  • Finally, the reader gets to learn about the using Bean Validation in tandem with JPA in order to apply data validation prior to persistence

Chapter 4 – Enterprise JavaBeans

  • Begins with Stateful, Stateless and Singleton beans which fall under the Session Bean category
  • The book goes on to provide a code driven demonstration of how one can invoke session beans in an asynchronous fashion with the help of @javax.ejb.Asynchronous annotation
  • Message Driven Beans (MDBs) are covered briefly
  • The lifecycle of the EJB types (Stateless, Stateful and MDB) are explained with illustrations, along with guidelines to configure/control the same with the help of GlassFish 4 Application Server
  • The chapter explains the EJB Timer Service (for managed periodic invocation) functionality and calendar based EJB Timer expressions with the help of code and illustrations
  • The chapter concludes with a discussion about configuring EJB security in a declarative fashion using annotations and XML based configurations

Chapter 5 – Contexts and Dependency Injection

This chapter is all about Contexts and Dependency Injection which is a relatively new specification introduced in Java EE 6

  • The chapter starts with an illustration of Named beans and how they can be used from within JSF pages.
  • CDI bean scopes – Request, Session, Application, Dependent, Conversation have also been covered in details with the help of relevant examples.
  • In depth coverage of Dependency Injection and Qualifiers which are the core features of CDI.

Chapter 6 – JSON Processing with JSON-P

JSON-P is a brand new specification introduced in Java EE 7 which provides a standard API for working with JSON payloads.

  • The first half of this chapter introduces the reader to the Model API in JSON-P which is similar to the XML DOM API, based on loading and parsing an in-memory representation of the JSON payload
  • The final half deals with the Streaming JSON-P API along with example code to illustrate its concepts.

Chapter 7 – WebSockets

The WebSocket API in a brand new specification in Java EE 7. It enables us to build real-time, full duplex applications using standard Java EE platform

  • The book provides detailed coverage of the server side WebSocket API with the help of a simple yet effective example.
  • The common server side constructs (annotations) for building a WebSocket endpoint are demonstrated – @ServerEndpoint, @OnMessage, @OnOpen, @OnClose etc
  • The lesson then focuses on building the client portion of the WebSocket based application – it demonstrates a simple chat application built with JavaScript and leverages the server endpoint build previously
  • Finally, a Java based web socket client end-point is demonstrated with the help of a code driven example.
  • Both the client side samples showcase the usage of the @ClientEndpoint annotation and how it can be used to build client side logic for interacting with WebSocket server endpoints

Chapter 8 – The Java Message Service

This chapter discusses the Java Message Service API, specifically the 2.0 version which is the latest and revamped version introduced in Java EE 7

  • To begin with, JMS related configuration of JMS in GlassFish 4 are covered. This includes JMS Factory connection, JMS Queue and JMS Topic setup.
  • The second half of the lesson is all about code driven demonstration of the JMS 2.0 API.
  • JMS Queues – how to send messages to a JMS queue
  • How to receive  messages from a JMS queue in synchronous as well as asynchronous mode. The asynchronous mode involves usage of the MessageListener interface
  • JMS Topics – Sending/receiving messages to and from topics and working with durable subscribers are also covered.

Chapter 9 – Securing Java EE applications

This lesson covers Java EE security. It demonstrates core security features e.g. realms and demonstrates how to configure security on GlassFish 4 application server.

  • Out-of-the-box security realms in GlassFish 4 are covered. These include admin, file and the certificate realm.
  • Each realm is explained with the help of working example
  • The discussion around Security realms continues and LDAP, JDBC, Solaris realms are covered in detail.
  • The reader also gets to learn about writing his own custom security realm implementation and plug it into GlassFish 4. This is done with the help of a code drive sample.

Chapter 10 – Web Services with JAX-WS

This lesson is dedicated to SOAP based web services and the JAX-WS API in the Java EE platform which supports building server side web service implementations

  • Demonstrates the development of a simple SOAP web service using the JAX-WS APIs and its related annotations such as @WebService, @WebMethod etc. It also used the GlassFish 4 server to deploy and test the implementation end to end.
  • Web Service client development using GlassFish 4 related tooling is covered. wsimport is used to build the client side stub and which is then used to invoke the web service end point.
  • The focus shifts to EJBs and how they can be exposed as Web Service endpoints along with an example of client for an EJB masquerading as a SOAP web service endpoint
  • The final phase of the chapter deals with web service security – both basic as well as EJB based SOAP end points. It does so with the help of security constrains in the web.xml

Chapter 11 – Developing RESTful Web Services with JAX-RS

This chapter is all about building REST style web services and the reader learns how to use the latest version of the JAX-RS API i.e. 2.0 which was introduced in Java EE 7

  • It begins with a basic introduction to RESTful web services and the JAX-RS API in general
  • The lesson delves into implementation details and demonstrated building and deploying RESTful web services. The process is explained with the help of practical examples which introduces the readers to various JAX-RS annotations namely – @PUT, @POST, @DELETE, @Produces, @Consumes etc. The developed web service is then deployed in GlassFish 4 and tested with the help of curl utility
  • As a convenience to the reader, this chapter also deals with JAXB and shows some examples around XML-Java binding using JAXB annotations like @XMLRootElement etc
  • To wrap it up, the JAX-RS client API is covered to explain how to develop clients for RESTful endpoints using the standard JAX-RS API.  It also explains the concepts behind path and query parameters with the help of specific examples.


  • This book does a good job of keeping things simple enough so that a relative beginner reader can grasp the concepts and not get intimidated.
  • Leverages sample code, examples and pictorial representations in an effective manner.
  • Applicable to a wide variety of audience.
  • Covers the entire gamut of Java EE 7 platform (almost) – all the major specifications, APIs and features e.g. WebSockets, JSON-P, JMS, JAX-RS etc


Java EE 7 with GlassFish 4 Application Server provides a great outlook of the Java EE platform along with the latest and greatest features of Java EE 7. It is clear, concise and easy-to-grasp. With plenty of code examples, one can never expect things to get dry or boring.

All in all, a great tool to have in your Java EE arsenal !

Where can you grab the book?

Visit the PacktPub web site to grab your copy now !!

Happy Reading :-)

Posted in Java, Java EE | Tagged , , , , | 1 Comment

What’s in a name? Java EE? J2EE?

“What’s in a name? that which we call a rose
By any other name would smell as sweet.”

- William Shakespeare

Yes, what’s in a name, you might ask ? Java EE or J2EE? Why does it matter? After all, both names refer to the Java technology stack used to build distributed enterprise applications. . right? Maybe not so right . . . . .

I am not sure if it is just me, but in many of the interviews I have conducted, I have often seen that the candidates do not seem to be able to recall the exact version of J2EE or Java EE they have worked with ? What they is certainly sure about, is the fact that the technology name is J2EE ;-) For instance, they might say that they have experience developing applications on Weblogic 11g, but they are stuck with J2EE in their heads (and their resume of course), being unaware of the fact that they are already using Java EE 5 and its features via Weblogic 11g. As far as Java SE is concerned, the candidate, more often than not, is able to successfully enumerate the exact versions of the platform he has worked with.

I get a feeling that the ’2′ has stuck primarily due to the previous Java SE Platform nomenclature - J2SE1.x.

IMO, the distinction b/w Java EE and J2EE can be exemplified in a simpler way without getting into the finer details and debates w.r.t APIs, specification etc

Ask yourself the following questions (try pondering about these before peeking into my answers below)

  1. Did J2EE allow us to build applications without using external frameworks like Struts, Spring, Hibernate etc?
  2. Did J2EE allow us to decorate our code with appropriate metadata and allow the server to automatically understand it and weave its magic?
  3. Did J2EE allow us to deploy a POW (Plain Old WAR) without any XML configuration and expect everything to work perfectly?
  4. How were EJBs developed in the year 2005 and before, with J2EE? How many interfaces? What about XML configurations?
  5. How would we have integrated with client side frameworks like AngularJS using pure vanilla J2EE?
  6. In the J2EE era, what would you do back if you wanted your web site to serve real time data to ALL the clients connected to it? A stock trading application, a bidding web site . . . . . ???


  1. No . . loud and clear. How about Java EE 7? With 32 standards specifications and related APIs divided between Web layer (JSF, Servlets, WebSockets. JSON-P etc), Business layer (EJB, JMS, JPA, CDI etc), Integration layer (JAX-RS, JAX-WS), one need not venture into any framework. Just use Java EE 7 out-of-the-box. No external dependencies, no learning curve for new frameworks. no JAR hell . . pure Java EE stack.
  2. No . . there were no annotations in J2SE 1.4 and hence J2EE 1.4. It was all about XML and more XML. How about now? It is CoC based – Convention Over Configuration. Hardly any XML. POJO + Annotations = Magical Bean. See this presentation by Reza Rahman (Java EE/GlassFish evangelist at Oracle)
  3. Just a WAR file? Are you kidding me? What about EARs, EJB JARs within EARs, WARs within EAR, JARs within JARs etc etc? Now? It is entirely possible and the ideal way to go. I am not going to force you to believe me. You can trust David Blevins from Apache TomEE though ;-) Listen to his talk (skip to 4:40)
  4. I am scared to even write about this – in case you do not know the answer to this, it’s probably the best for you! Trust me. . . Now? EJB 3 onwards – for a simple Session bean, the @javax.ejb.Stateless annotation is all you need. No interface needed . . EJBs should be renamed to EEJB – Easy Enterprise Java Beans!
  5. A ready made API, available out-of-the-box, based on HTTP principles (protocol of the web) – none other than JAX-RS. Learn more here
  6. Polling, long polling, Comet, Atmosphere etc etc etc? Now? Thanks to the WebSocket API in Java EE 7, the solution is a POJO annotated with @javax.websocket.ServerEndpoint along with annotated callback style methods to handle business logic. Learn more about WebSockets from this talk from Daniel Coward

How about a catchy alias for Java EE . . to set it apart ?

I am not sure if Java EE has a catchy alias, akin to it’s Java SE equivalent. Tiger, Mustang and Dolphin were selected names for Java SE 5, Java SE 6 and Java SE 7 respectively. I think that can really help


Unfortunately, Shakespeare’s analogy does not apply in this scenario. J2EE was and never will be as sweet and Java EE 7 and its successors (wait till you see Java EE 8). What’s important is to realize that J2EE refers to the Enterprise Edition of Java prior to Java SE 5 i.e. during the J2SE 1.4 era. It’s obvious that the name J2EE brings back a few unwanted memories – XML Hell, multiple interfaces for one simple EJB, a few verbose APIs etc etc.

The world has changed since the J2EE era, requirements have changed, Java SE has evolved and so has J2EE – it’s now Java EE (has been since May 2006). That is why it is important not to casually throw around the term J2EE when one actually means Java EE e.g. look at this! Of course, when you are actually referring to versions prior to Java EE 5, J2EE is the appropriate word

Let us embrace and rejoice the change, and remember, that in the Java world, there is a lot in a name ;-)

Excited about Java EE? I suggest you explore Java EE 7 (if you haven’t already) . Maybe you can visit My Java EE 7 page on ZEEF ? ;-)



Posted in Java, Java EE | Tagged , , , | 1 Comment

Book Review: EJB 3 in Action, Second Edition

This is a review of the book EJB 3 in Action, Second Edition


What is this book about?

This book is essentially about EJB 3 with a prime focus on the latest version i.e. EJB 3.2. The book is aligned with the latest version of Java EE i.e. Java EE 7 and its related specifications, APIs and standards. It serves as a comprehensive guide to EJB 3 as a standard and covers almost ALL its aspects, some of which are,

  • Basic tenets, principles, architecture of EJB 3
  • Internal implementations (from a Java EE container/run time environment perspective)
  • Integration with other specifications/technologies like JPA 2.1, JSF, CDI 1.1, JAX-RS 2.0 (RESTful web services), WebSockets 1.0 (real time full-duplex applications), JAX-WS (SOAP web services)
  • Practical code to demonstrate application of concepts to implement real world use cases
  • Application testing - isolated and integration
  • Application Deployment
  • Best practices, recommendations, performance tuning

Who has written this book?

This book has been co-authored by 4 gentlemen who are distinguished authors, developers, Java architects and community leaders.

  • Debu Panda
  • Reza Rahman
  • Ryan Cuprak
  • Michael Remijan

Is this book for you ? How can you benefit from it ?

The book humbly states that - “This book is ideally suited for a Java developer with a couple of years’ experience who is curious about EJB 3″. This is correct to an extent. In my opinion though, this book caters to a broad category of audience

Developers (at various stages of their careers)

  • Beginner - folks who are coming to terms with Java EE, its goals, concepts, technologies and of course, it’s specifications. More often than not, it’s the EJBs, JMS, Serlvets which which are primary targets since they are the first Java EE specs to evolve, are the very foundation of Java EE as a technology stack and tend to encapsulate the spirit of Java EE. This book does not assume any prior exposure to Java EE and covers all the bases required for a beginner
  • Intermediate - Ones who are relatively well versed with the Java EE stack and ecosystem, but do need revisit the basics or get hold of that vital piece of info which might help them skyrocket thier current assignment/project
  • Advanced - Folks with strong Java EE development background can always come back and refer to this book since it aligns with Java EE 7 in general and covers the latest and greatest version of EJB i.e. 3.2 and other other vital specifications such as JPA 2.1, CDI 1.1, JAX-RS 2.0, JMS 2.0, WebSockets 1.0

Seasoned Architects and Java EE Technical Leads can benefit from this book by referring to sections which talk about the best practices, recommendations and design patterns. Almost each module talks about using that particular component effectively and efficiently. Some of the examples are best practices with respect to Session and Message Driven beans, EJB security, CDI, application deployment, performance tuning etc

This is an ideal book for Oracle’s EJB3 Developer Certification aspirants - it’s packed with real world examples, has a practical and code driven approach and is easy going and conversational in nature

Having said all that, the book does assume that the reader has reasonable familiarity with the Java language in general, which is a perfectly reasonable prerequisite since Java EE builds on Java SE and the Java Platform itself.

So, you have read the First Edition? How different is the Second Edition?

The first edition came out back in 2007. That was the time when Java EE 5 was ruling the roost. Needless to say, it’s 2014, and Java EE has changed significantly since then with Java EE 7 being the latest version. The book been adapted to factor-in these changes

  • Aligned with EJB 3.2 (latest version of the EJB specification)
  • Covers Singleton and Asynchronous Session Beans
  • Discusses EJB and JAX-RS integration for RESTful web services
  • Dedicated module for CDI and it’s integration points with EJB
  • In depth coverage of brand new WebSocket API introduced in Java EE 7 and how it can be used in tandem with EJB 3.2 to build real time and highly scalable applications
  • Also in general, the reader is bound to benefit from the content about the latest versions of other Java EE 7 specifications as well, such as JPA 2.1, JSF 2.2 etc

 What does the book cover?

Part 1 - must read for beginners

  • Serves as a comprehensive introduction to EJB ecosystem including its architecture, types and new features (in EJB 3.2)
  • Code driven tour of the EJB technologies with the help of a real world eCommerce Bidding application. Gives the reader a feel of how EJBs can be used for actual hard core development and how they can be practically integrated with other related technologies like JSF, JPA, CDI, WebSockets, Web Services etc (these technologies are in fact introduced prior to in-depth discussion/references)

Part 2 - builds upon the concepts introduced in Part 1

  • Answers the WHYs, WHENs and HOWs of Session and Message Driven beans (including a brief peek into JMS)
  • Covers Transactions in an easy-to-understand fashion and helps correlate it with respect to the EJB world
  • Delves into other fundamental concepts such as EJB Security as well as Schedulers, Timers
  • Deals with advanced EJB concepts like AOP, DI and gives us a peek into the EJB world from the perspective of the EJB Container i.e. the run time itself and how to access it’s Services via the EJBContext interface
  • Showcases the versatility of EJBs and deals with how to expose EJBs as Web Services (REST and SOAP) and leverage to build a SOA based solution

Part 3 – focuses on Java EE specs/technologies which are closely related to EJB

  • In depth coverage of JPA and its concepts ORM and Domain Modelling
  • EJB-JPA integration layer, which includes EntityManager and its related concepts (bread and butter of the JPA) and extensive code driven discussion about JPQL
  • Although CDI was introduced as a dedicated specification in Java EE 6, it’s still relatively new and grasping the concepts can get tricky. This book discusses CDI and its fundamentals (decorators, stereotypes, events etc) in an intuitive, practical and example driven fashion. It then talks about how EJB and CDI interplay/integrate with each other in the context of a Java EE application

Part 4 – it’s all about the Action!

  • Covers Java EE components (EJB, JPA, CDI etc) packaging and deployment in an in-depth fashion including a thorough explanation of Java EE class loading and module system
  • WebSockets is a brand new spec added in Java EE 7 and deserves a dedicated book to itself, but this book explains WebSockets effectively !
  • Discusses EJB testing in an isolated fashion (unit testing) using JUnit and Mockito as well as with the help of embedded containers and Arquillian (integration testing)

Apart from the all chunk of the content which resides in the aforementioned units/modules, the book also covers the following

  • Guides the reader through the Java EE 7 SDK install process, managing the GlassFish Application server and executing a basic Hello World application
  • Discusses Oracle’s EJB 3 Developer Certification exam. It takes into consideration a newbie and explains the complete process, right from the pre-requisites, registration process, how to prepare etc
  • Provides a reference to the EJB Deployment descriptor (better known as the ejb-jar.xml) – talks about its various XML tags/elements

 Standout features

  • Does not rely on the reader having EJB experience or exposure to related specs/technologies like JSF, JPA, JSP etc
  • The overall demeanor of the book is informal and easy going which sets it apart from a regular Java EE related book
  • It demonstrates how to solve real world problems with code driven examples and sample applications
  • The manner in which related Java EE specifications have been covered is quiet heartening to see. Technologies like JPA, CDI, JAX-RS, WebSockets (new in Java EE 7) deserve a book dedicated to them, but the way they have been dealt with and explained in this book, makes the reader feel as if it’s a free bonus ;-) This is in my opinion is one of the major highlights !
  • Covers Oracle EJB 3 Certification process – rare feature in any book and it clearly reflects that the book is aimed at th
  • A special mention about Chapter 13, which is titled, Packaging EJB 3 applications - Do not be fooled by the humble naming convention. This chapter takes application packaging and deployment very seriously indeed. It pays attention to packaging different artifacts such as Session and Message Drive beans, JPA, CDI components – illustrated with flow charts and diagrams! it also explains the Java EE module system, Java EE Class Loading – which in fact drive the standards behind specific ways of packaging and deploying Java EE applications
  • Consistently adds best practices, recommendations section to most of the discussed modules/sections of the book


For a technology stack which is as comprehensive and advanced as Java EE, it can get a little intimidating, especially for a relative new comer. One can often get lost in the vast sea of standards, specifications, APIs, multiple implementations etc. The right thing to do is to stick to the basics first

  • EJB (for core business logic)
  • JPA (data access layer)
  • JSF (presentation layer)
  • CDI (Dependency injection, cross cutting logic, event based messaging)
  • JAX-RS (REST-fully exposing your functionality over HTTP to heterogeneous clients)

This book will enable you to do exactly that. It helps clear the cloud, clarify the concepts, build strong fundamentals, see Java EE for what it really is and empowers you to explore the rest . . .

Excited Already?

CLICK HERE to grab your copy now !!!

Happy Reading :-)

Posted in Java, Java EE | Tagged , , , , , , , , , | Leave a comment