21stAirhacksQ&A.md

21stAirhacksQ&A.md

Ask questions and see you at December, 7th at 6.PM. CET: http://www.ustream.tv/channel/adambien Also see archives: airhacks.tv

As earlier mentioned on Twitter today, I found an article describing a deserialisation-Vulnerability for many JEE-Servers using apache-commons-collection.

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

So what is your opinion about this?
What is your recomondation?

I'm currently not running any JEE-Servers, but maybe it's a warning for those who do.

First of all, I have learned a lot from your blogs and video's , thank you for that.

My questions are:
1.Both Java SE 8 and Java EE 7 have great asynchronous support. How do you use these in your projects ?
I mean Asynchronous, Stateless beans maybe with ManagedExecutorService in Java EE vs CompleatableFuture, Split-Join or plain Future in the SE.

1. What do you think about technologies like BPEL (ex. Oracle Fusion), Service Bus etc. I have been involved in projects where these technologies have been used for years but still don't see a big advantage of them. From my opinion, they cost a lot of money and makes everything only more complex. The promise of BPM that a business person would compose a service has never been a reality as far as I know. I am curious about your opinion.
2. Could you show an example where you execute a test using Docker ? In your presentation in Rotterdam, you had shortly showed an example where you build an environment using Docker.
3. In your presentations, you heavily use Rest. I think (may be wrongly) that you are mainly interested in application development and not in the integration. If so, do you think Rest is still suitable for integration solutions ? In integration world, SOAP is still the standard (at least in the Netherlands) however, Rest is my preference too.

Thank you in advance

Hi Adam,

1. Can I use Afterburner with Gradle, if yes can you provide an example?
2. In Entity/Control/Boundary where should we put the interceptors?
3. In Entity/Control/Boundary where should we put the Util package?

Original question - https://twitter.com/agritsik/status/670909070187094016

Could you suggest some patterns how to organize code for my JavaEE microservice app? You suggested ECB pattern (here is an example http://bit.ly/1hrp8Mh). But in that case my Boundary is a really huge folder :) More ideas? More patterns?

As a rule, my microservices-based app contains the following classes:

1. RESTfull Resources - it's an entry point for my application
2. REST Clients - REST (or even SOAP) clients for getting data from external systems
3. Entity Services - db services for persisting some data in db
4. Entities - jpa entities
5. Actions - business logic
6. Configurations - configuration classes

Thank you!

Hello Adam,

I'd like to pickup a question I had previous airhacks regarding authentication in REST services. I think my question was a bit unclear, sorry - so I'll try again.

• assume a REST service with some business methods
• additionally the REST app provides a login method and accesses a user store (LDAP)
• consumers of the REST app can be different (a Angular SPA, an Android APP etc.)
• for using the REST service business methods the clients have to authenticate with users from the user store in LDAP
• on the one hand we don't want to authenticate against LDAP for EVERY business method call of the REST service but on the other hand we need some trusted method for the REST service calls

So we need somehow a session management or ticket mechanism ...

What would you recommend in that case ? Just a map with authentication tokens + REST filter, OAUTH ... ?!

Many thanks in advance,
Markus

Hi Adam,

I am maintaining a multi-tenant enterprise application in which special metadata on requests (headers, params) identify specific tenants. Each tenant has custom configurations in the system that override some defaults. The configurations come from a cache-augmented database fronted by an EJB. To successfully look up one such custom configuration, a key and a tenant identifier is needed. If the tenant identifier is not present, the key alone is used to retrieve the default for the key's entry.

From the remote interfaces that receive these requests (servlets, web services, etc) I want to retrieve such identifiers and setup contexts (e.g put properties in EJBContext) with them such that producer methods can leverage to setup appropriate beans to service each tenant's clients. I would also ideally want to favor CDI over EJBs for this case as much as reasonable.

I was thinking along the lines of the following strategy but I got stuck.

1. Create a @Config qualifier so that the CDI container resolves to the configuration producer.
2. Create a @Key(String) configuration annotation through which the lookup key of the desired configuration entry can be obtained.
3. Create a Producer method which takes an InjectionPoint as a parameter. The InjectionPoint allows to obtain the @Key annotation, the declared type of the field being targeted and the class in which this injected field is declared (enclosing class). A sweet scenario would be if InjectionPoint allows me to obtain an instance of the the enclosing class. But thinking of it, this doesn't make sense as the instance wouldn't be ready yet until all it's dependencies have been created/located and injected.

Is this a case CDI is not meant for? How could this best be implemented?

Hello Adam, thanks for your videos!!

My question is how to create a Single Sign On for all of my web systems in java ee?
Are you in favor on create a new one from scratch or to reuse something that it is already built in java?

Thank you very much !!!!

I already take the java ee 7 essentials vimeo course, thanks for these course, was great for me, because I am learning java ee!! (I already know jsf).
Do you plan to create a javascript + java course? I need to connect a java ee rest service using react.js or angular.js.
What do think about that? what are the best practices to follow to connect bouth of them?
Can you point me into an example?

Thank you very much!!!!