8thAirhacksQ&A

8thAirhacksQ&A.md

Questions for the November edition of the http://airhacks.io show:

1. Question about ejb scheduler vs java ee batch processing. What are pros and cons when using batch processing over ejb scheduler ? Marek
2. Question about multi datasource and EJB. What is the best way to deal with EJBs which need to use a specific database for caller/user? Should I use
   Interceptors? Should I use injection with request scoped? Wesley
3. Statement: "You forgot to say one advantage of Spring over JEE. Spring you can deploy on any container." Mauricio
4. 'How do you manage deployed microservices (status, healthchecks, restarting) locally and on servers?' Tomek
5. 'How do you use Docker (what setup) locally and on servers? Tomek
6. Does JSF play well with JavaScript frameworks? [Edward]
7. Why It Is Impossible To Automatically Handle javax.persistence.OptimisticLockException? "...I had even more finding on optimisticLockException. I had encounter this
   exception and my solution was pretty straight forward which was just retry and
   it works fine with my design and the data were good. The catch is, recently I added a new table which has a relationship to the row
   which was throwing the optimisticLockException. I noticed that the entry in the second table was not created because of this exception. However the record data consistency was maintained because of the retry. But I loose an important
   information in my related table. Does anyone have suggestion on what to do with this kind of scenario?..." [Anuj]
8. can you share some updates on how to do high availability JEE apps in light of
   JEE7 and tackling session stored data Ahmed

I have written some months ago a question to BalusC about scopes in JSF. However he didn't answer it so I'll ask it to you. I would appreciate if you could answer it.

The question came to my mind when reading this article where it talks about JSF Managed bean scopes: http://balusc.blogspot.com.es/2011/09/communication-in-jsf-20.html

My question is:
I don't understand when a request scoped bean is created, I mean, is it created for each HTTP request (so for all requests all managed beans would be created) or for a subset of the HTTP requests made (so for some request some managed beans wouldn't be created and other would)?

The same with @ViewScoped, don't know if it is created for each view you arrive to or for a subset of views.

I have this doubt because apparently if you use a request scoped bean instead of a session scoped bean, you are reducing the memory used in the server, but I don't get how you reduce the memory used if the bean is created for every HTTP request.

    JSF-2.2 problem 
(In context for large scale financial App)

1. JSF is a component and event based MVC framework, not a request (action) based MVC framework. JSF is flowed because it tries to abstract away HTML, CSS and HTTP, exactly the reverse what a modern web frameworks do.

Exp : Component based framework is not good for large form based app . Action based framework is more preferable for financial app based spring performance .

Effect: Performance and Development
2. It internally generates garbage HTML (Like Table) . Designer must know the behavior of jsf tag that which jsf tag generates which kind of html tag.
Effect: Development
3.
We can’t use JavaScript framework independently with jsf. Suppose if we have to use angular js in client side for increasing the performance and faster development
Effect : Performance and development

1. JSF (JAVA EE) document is not good .
   Effect : development
2. Spring MVC scalabity is higher than JSF2.

As a result , Financial app perspective -- from up to 5 points spring MVC is scalable over JSF2.2 .

Problem of EJB3.2/ EE7
1.High Level Transaction -- Spring is better than EJB .
2. Inheritance support --- EJB is not support Inheritance but spring supports this.
3. Declarative Transaction ---EJB transaction not good but spring is very good .
4. Need Application server --- EJB doesn't run on lightweight web server like tomcat, Pivotal TC Server etc. but spring do this
5. Deployment issue ----Due to the variations in the EJB containers supported by an application server
, it is often challenging to deploy a JEE application into a different application server.

6.Interceptors ---Implementation of spring-aop with AspectJ is more easier thanEJB interceptors
7. App Server support --- EJB not support all server (webspere, weblogic,jboss,tomcat)
Exp : one ejb app develop in glassfish/jboss then can not redeploy another java ee server .
As a result , Financial app perspective -- from up to 7 points spring is scalable over ejb .

I've come across this blog post from Andy Gibson yesterday:
http://www.andygibson.net/blog/article/deterring-tomany-relationships-in-jpa-models/

How do you usually deal in your project with the "@...ToMany" ?

About:

Statement: "You forgot to say one advantage of Spring over JEE. Spring you can deploy on any container." Mauricio

Yeah! Great Idea: Deploying some sort of container into another full-featured container to get 20000 lines of XML-style configuration and tons of spring-anykind.jar dependencies...

For sure: There is no(!!) advantage to bring nearly the same idea (namely the Dependency Injection) with another proprietary container and install it on top of a container that offers this idea (including other great ideas) out-of-the-box, specified (and compatibility-proofed with TCK) by a large and developer-friendly community.

Well, I've seen projects, deploying embedded-glassfish-all.jar inside a WAR into some sort of Application Servers to get all the best-of-breed libraries (jersey, tyrus, a.s.o.) in the application and wondering, why the application will not work as expected.

Robert

Adam, you often say that Java EE7 is really lean, which I can agree on in most cases, but when it comes to security, authentication and authorization Java EE isn't lean at all and really complicated (JAAS, JASPIC, JACC...) _compared to_ spring security (especially in combination with grails).
So what are your thoughts on this and do you know anything about future plans of Java EE8 concerning this?
In the mean time I just use a Java EE kickoff app made by the omniface guys using JASPIC, but I would really appreciate some clearance or even a dedicated video about this topic.

is JSF2.2 by default owasp supported ?

if not , which secuirity need customize/optimized  for JSF based webapp ?

OWASP security -----------------------------

A1 – Injection
A2 – Broken Authentication and Session Management
A3 – Cross-Site Scripting (XSS)
A4 – Insecure Direct Object References
A5 – Security Misconfiguration
A6 – Sensitive Data Exposure
A7 – Missing Function Level Access Control
A8 – Cross-Site Request Forgery (CSRF)
A9 – Using Known Vulnerable Components
A10 – Unvalidated Redirects and Forwards