47thAirhacksQ&A.md

47thAirhacksQ&A.md

Ask questions and see you at February, 5th, 6.PM. CET: http://www.ustream.tv/channel/adambien

Also checkout recent episode:

Database authentication: would you recommend a large company to use SSL sha2 certificates or rather username/password? Thanks a lot for your kind help.

I just want to know, what do u think about using microservices with jsf frontend? Does it make sense for you? If it does, what is your architectural suggestion?

What is your opinion about BL, DATA and UI modules (javaEE).

WARs:

1. Two seperate wars, which shares the same data jar and between UI and BL webservices
2. One war (UI contains BL jar with local ejbs, and data jar module, WS only for outer communication with other applications)

What about project organization?

1. Multi modules, seperate DATA, UI, BL modules
2. All modules in one module, root project (only different package, folder names eg. bussines, presentation)
3. Seperate DATA module and combined BL and UI modules into one module
4. How do you organize new projects ?
5. How can two developers develop application which use local ejbs for BL ? Lets say one is developing UI and one is developing BL.

The application run on one server (no seperate servers for UI and BL), with other applications.

Hi Adam,
I know most of this is a simple stuff, but I'm new, and hearing it from perspective is great insight,

1. I'm building a new application from scratch, just a front end for a legacy Oracle DB, it's an application for HR department in a big company.
   The technology of choice is JEE, what technologies from JEE stack would you recommend for such application (CDI, EJB, JSF/Primefaces, JPA) I have to mention that the database is old and generally not standardized, nothing is in normal form, no constraints, no foreign keys and they won't allow changes to the database, as they run old Oracle Forms applications on it. how would you handle it?

2. Is there a way to authenticate users from ActiveDirectory to a javaee web app? I would like to authenticate and authorize the user based on the logged in windows user, is that even possible? would you recommend it?

3. How should one do security in jee I mean identity preservation, auditing, and authorization, that the database can record, audit and know the actual user? My scenario involves JPA on Oracle DB.

4. How should the authorization to JAX-RS web service go?

5. What you use for development in a closed intranet environment where they won't allow internet connection, no central repo, nothing !!
   how would you handle that?

Thank you for the great and inspiring content.

I'm looking ways for create component more reutilizable. To do that, the component maybe need to be a stateless component (without coupling). In React tech, variables can be provide to a subtree of your component hierarchy through ChildContextTypes and the component need only embraced with a container component.

How can providing variables to a subtree of your component hierarchy without coupling?

As Infrastructure management and Application Deployment becomes easier with cloud platforms (docker, kubernetes, AWS...), do you foresee a near future where the "Developers" will cover all aspects of software lifecycle, and "Operators" will be a thing of the past?

Hi Adam,

i asked last airhacks.tv about detlaspike data.
I wrote a small example and used your docker image. LoC was reduced from 115 to 100, but startup time was increased from 4.5 seconds to 6s. Maybe i will try to investigate where the 1.5s gets lost.

Example without ds data
Example with ds data

Thank you for a lot of very good content,
Ivan

@AdamBien #airhacks #javaee How to handle transaction timeout on unpredictable long running tasks at a managed bean methode? Should I do not support transactions at all? Should I fire an cdi event and work on the task at another class? I'm not sure what will be the best approach.

— Sven (@svenehnert) February 4, 2018

Hi Adam,

I have custom authentication filter that implements javax.ws.rs.container.ContainerRequestFilter and sets my security context in requestContext.setSecurityContext(...). I can easily access this user in each REST endpoint by injecting @Context SecurityContext securityContext. How can I integrate this with EJBs, so that I can get the same user principal also in EJBs injected into REST endpoints? I expect, that in @Stateless I inject @Resource SessionContext sessionContext; and calling sessionContext.getCallerPrincipal().getName() should give me the same user. Doesn't look like it's integrated out-of-the-box in JEE7. I don't want to pass my Principal explicitly in each call to EJBs. What would be the best approach here? Thank you!

Security questions:

1. What would you recommend for authentication over SSL/TLS? OAuth/2, JWT? Why is it a bad idea to resend the password on each request?
2. What is your checklist to have when writing code on both client and server which sends and receives sensitive data like credit card information? What security measures need to be instated?

What do you think about NetBeans future?
The same transaction to Apache was done for Open Office and... current situation is not good for Open/Libre Office :(

Hi Adam, thanks for this monthly opportunity to raise questions.

Following your warning that Data Transfer Objects are widely overused we'd like to check if that is the case in our environment. We're starting to use JPA these days and it is a good oportunity to review our approach:

• For us it is typical that more than one hundred applications (different EAR files) call (most of them via the remote interface) to the same EJB responsible for dealing with a set of database tables. For that, these applications use a client jar that includes DTOs to communicate with the EJB.
• Our DTOs are most of them identical to the JPA entity: same fields, no impedance. We don't need to adapt incompatible domain layers
• We've tried to substitute the DTO with the JPA entity itself (I mean, duplicating it) but we get the following exception because the JPA entity in the client jar has different bytecode (I suppose) than the one in the EJB that is enhanced due to weaving
  java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is: org.omg.CORBA.MARSHAL: cannot locate RunTime CodeBase

Any recomendation for this scenario is welcomed.

What is your approach to this scenario:

There is an Entity with columns: ID and Name. Name is annotated as @column(unique = true)

There is a REST Resource which injects session bean.
POST Request is sent to REST Resource which invokes business method in a session bean.
In a session bean there is a line: em.persist(bean);

The goal is to throw business exception from the session bean when Constraint Violation happens in the database but the exception is not thrown unless you put em.flush(); after em.persist();

Is putting em.flush() a correct approach?
Another approach would be to first find an object with the same Name, but there is still a chance Constraint Violation happens in a race condition.