Skip to content

Instantly share code, notes, and snippets.

@AdamBien
Created November 4, 2020 06:40
Show Gist options
  • Save AdamBien/4b9214b29ed1810390bbe7ed303db6c4 to your computer and use it in GitHub Desktop.
Save AdamBien/4b9214b29ed1810390bbe7ed303db6c4 to your computer and use it in GitHub Desktop.
81stAirhacksQ&A.md

Ask questions and see you at December, 7th, 8.PM. CET: https://vimeo.com/event/154379

Also checkout recent episode:

80th airhacks.tv

Please keep the questions Jakarta EE-stic. Means: as short and as concise as only possible. Feel free to ask several, shorter questions. Upcoming airhacks.tv events are also going to be announced at meetup.com/airhacks

@wanderer2097
Copy link

wanderer2097 commented Nov 25, 2020

How to keep the service (boundary + control) layer DRY in an application with hundreds of entities? In your demos I typically see a REST resource & corresponding "Manager" on a 1:1 with an entity (at least a DDD "aggregate"). One way to address this could be to create a universal "Manager" using generics (including some cross cutting concerns like security) and inject it into a generic REST endpoint. The latter could then be subclassed with specific Entity type (and a corresponding URL path). I think I picked up in one of your talks (or workshops - can't remember) that you don't typically see inheritance used in the business code outside of maybe JPA entities. So are there any alternatives? Writing 100+ Managers and Resources gets old fast… Is it OK to introduce some inheritance - maybe at least for master data?

I was thinking of using some variations of the Gateway pattern from your green book but that seems difficult due to stateless nature of REST (and not quite ready to directly expose the Entity Manager to a javascript web client).

@wanderer2097
Copy link

Within a single monolithic Jakarta EE application there exist two separate logical "modules" (single jar). Let's imagine a shipping module and a billing module. The business requirement is that as soon as a shipment is sent from the warehouse the customer must be invoiced. The shipping module should not know anything (or care) about the billing module or the invoicing process itself. It could, however, be responsible for raising an event (e.g. ShipmentSent). What would you recommend for communication between these - e.g. CDI events, JMS, outbox pattern, etc.?

Keep in mind - there could be instances where the shipment transaction succeeds (resulting in a commit in the db) but the invoicing fails (e.g. due to the customer record missing a billing address or (your favorite :-) VAT ID). In such cases there needs to be a way for the billing module (or some agent in between) to keep track of such "unprocessed" events in a queue so that they can be completed later on (i.e. when the customer master record is updated). Needless to say - the recovery mechanism will require some extra application logic/code (e.g. to reprocess periodically) but the critical point is how to keep track of this queue.

How does the answer change if the two modules are refactored later on to two separate applications?

@wanderer2097
Copy link

How would you go about fulfilling dynamic entity projection requests from a REST client? Imagine a purchase order entity which has a lot of fields. Sometimes the client needs to read all and sometimes only a few but exactly which isn't known until runtime and is provided as query params. Also - there are associated entities (like order items). Sometimes the client wants to see them, sometimes not. Creating specific projection DTO's is therefore not an option. Need something similar to OData expand.

Using JSON-B adapters and serializers feels like a glorified DTO approach and the main pain point is there would need to be one for every class. JSON-P is good but it introduces coupling to a specific format (can't support XML then). At one point I implemented a simple object cloner running as the last step in the REST resource "GET" calls copying an entity instance to another instance of the same class but only picking and choosing the fields requested by the client and the rest was set to null (default JSONB skips nulls so this was kind of a hack). That seemed a little heavy handed though so I ended up writing a custom Message Body Writer and injecting @context UriInfo into it so that I can extract the list of fields & expand options requested by the client from the query params and perform the projection dynamically using reflection and some JPA metadata. That's probably not the best way to go about it - do you have any suggestions?

@dhufnagel
Copy link

I was willing to upgrade my javax.javaee-api-8.0 maven project to jakartaee-api 8.0.0 but I came across the issue, that it broke my application. The application uses the java mail api with IMAP and POP3 but the dependency is not automatically resolved with the jakartaee-api. I have to manually add the dependency to jakarta-mail as provided to make it work. But this breaks the "one-dependency" thing I loved with javaee. Am I doing it wrong or is this the "new" way to go?

@AdamBien
Copy link
Author

AdamBien commented Dec 3, 2020

Interesting paper:

"Hey
@AdamBien
I found this paper https://tinyurl.com/y5ny9rf8, researching how to do fast unit testing with MicroProfile Config API. What bothers me: how does this project compare to weld-junit and cdi-unit ? Maybe Gunnar is an interesting guest for an http://airhacks.fm episode?" by @poi_ki_lo_therm
=> https://twitter.com/poi_ki_lo_therm/status/1334422453108563970?s=20

@hrstoyanov
Copy link

hrstoyanov commented Dec 3, 2020

@AdamBien
As creator of Jwtenizer do you recommend to you clients to implement in-house authentication and authorization workflows? Quarkus JPA Security and JWT Security makes it look like an easy job initially, but I fear things get tough when you realize you need:

  • self-registration
  • login
  • passwordless login
  • profile update
  • forgotten password workflow
  • multi-factor authentication
  • email verification
  • user management UI console

... Or do you recommend external providers such as Okta, Auth0, AWS Cogito?

There is also this up-and-coming German middleware ORY/Kratos, but they are very opinionated, do not recommend JWT tokens and do a lot fo server-side rendering to implement workflows.

What do your clients usually end up doing?

@hrstoyanov
Copy link

hrstoyanov commented Dec 3, 2020

@AdamBien
In you classes you recommend to manage locally your ES6 assets (with snowpack). However is it not more economical to use free CDNs and lower you AWS network bill instead?

What is your opinion on new web developments like:

@MikeEdgar
Copy link

Adam, I've heard you recently mention both OData and GraphQL on your podcast along with some pros/cons for each. Have you heard of or used the JSON:API specification? It has a clean representation for both URLs and requests/responses and is intuitive to use. Certainly not as popular as either OData/GraphQL, but I find it to be more in alignment with RESTful and HTTP conventions.

I have a work-in-progress library (jsonapi-rvp) that drops in to Jakarta EE-stic runtime environments to expose JPA entities via JSON:API. The only dependencies are runtime Jakarta EE specs and it requires Java 11. Just posting in case you or any listeners would like to play with it and suggest improvements if it's found to be useful.

@dabkhazi
Copy link

dabkhazi commented Dec 7, 2020

Hi Adam!
I watched your latest videos and I'm interested in a question about a rest client fault. For example, the task is to periodically send data through the scheduler using rest client, how to properly handle the case of a client crash (fault) so that the scheduler can stop before the client is restored to work? I am thinking of a global flag that stores client state information, maybe failover has a more elegant solution?

@thehpi
Copy link

thehpi commented Dec 7, 2020

I building code where there are data models in different layers of the application which are very much alike. This causes a lot of boilerplate code and unittests which is hard to maintain.

I would like to use some mechanism from which I could generate the model classes and use mapping software to get data from model1 to model2.

What would be a good library which can be configured to

  • generate the different model classes (also the jpa entity classes)
  • do the data mapping for these models

I know about odata but this has its own data model which is another extra model from which I need to map to my internal model(s).
I also know about graphql but I want to use plain REST resources from my client software for now.

@thehpi
Copy link

thehpi commented Dec 7, 2020

I want to be able to configure for a user how many request per second he can fire onto my server.
And my server then should return the nr of possible requests in a response header.
And of course my server should return http response code 429 (too many request) when the max nr requests/sec is depleted.

How would you do this?

@ashburnere
Copy link

@thephi did you have a look at Mapstruct (https://mapstruct.org/)?

@thehpi
Copy link

thehpi commented Dec 9, 2020

@ashburnere yes I am investigating it, it is a very elaborate tool but I'm not sure yet if I can use it but it looks promising.

@vaibhavkulkarni
Copy link

@AdamBien
As creator of Jwtenizer do you recommend to you clients to implement in-house authentication and authorization workflows? Quarkus JPA Security and JWT Security makes it look like an easy job initially, but I fear things get tough when you realize you need:

  • self-registration
  • login
  • passwordless login
  • profile update
  • forgotten password workflow
  • multi-factor authentication
  • email verification
  • user management UI console

... Or do you recommend external providers such as Okta, Auth0, AWS Cogito?

There is also this up-and-coming German middleware ORY/Kratos, but they are very opinionated, do not recommend JWT tokens and do a lot fo server-side rendering to implement workflows.

What do your clients usually end up doing?

Have you had a look at https://gluu.org/? It probably suites you better?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment