Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
47thAirhacksQ&A.md
@vernetto

This comment has been minimized.

Show comment Hide comment
@vernetto

vernetto Jan 10, 2018

Database authentication: would you recommend a large company to use SSL sha2 certificates or rather username/password? Thanks a lot for your kind help.

Database authentication: would you recommend a large company to use SSL sha2 certificates or rather username/password? Thanks a lot for your kind help.

@Luckylukeluke

This comment has been minimized.

Show comment Hide comment
@Luckylukeluke

Luckylukeluke Jan 12, 2018

I just want to know, what do u think about using microservices with jsf frontend? Does it make sense for you? If it does, what is your architectural suggestion?

I just want to know, what do u think about using microservices with jsf frontend? Does it make sense for you? If it does, what is your architectural suggestion?

@scrmtrey91

This comment has been minimized.

Show comment Hide comment
@scrmtrey91

scrmtrey91 Jan 20, 2018

What is your opinion about BL, DATA and UI modules (javaEE).

WARs:

  1. Two seperate wars, which shares the same data jar and between UI and BL webservices
  2. One war (UI contains BL jar with local ejbs, and data jar module, WS only for outer communication with other applications)

What about project organization?

  1. Multi modules, seperate DATA, UI, BL modules
  2. All modules in one module, root project (only different package, folder names eg. bussines, presentation)
  3. Seperate DATA module and combined BL and UI modules into one module
  4. How do you organize new projects ?
  5. How can two developers develop application which use local ejbs for BL ? Lets say one is developing UI and one is developing BL.

The application run on one server (no seperate servers for UI and BL), with other applications.

What is your opinion about BL, DATA and UI modules (javaEE).

WARs:

  1. Two seperate wars, which shares the same data jar and between UI and BL webservices
  2. One war (UI contains BL jar with local ejbs, and data jar module, WS only for outer communication with other applications)

What about project organization?

  1. Multi modules, seperate DATA, UI, BL modules
  2. All modules in one module, root project (only different package, folder names eg. bussines, presentation)
  3. Seperate DATA module and combined BL and UI modules into one module
  4. How do you organize new projects ?
  5. How can two developers develop application which use local ejbs for BL ? Lets say one is developing UI and one is developing BL.

The application run on one server (no seperate servers for UI and BL), with other applications.

@alibttb

This comment has been minimized.

Show comment Hide comment
@alibttb

alibttb Jan 21, 2018

Hi Adam,
I know most of this is a simple stuff, but I'm new, and hearing it from perspective is great insight,

  1. I'm building a new application from scratch, just a front end for a legacy Oracle DB, it's an application for HR department in a big company.
    The technology of choice is JEE, what technologies from JEE stack would you recommend for such application (CDI, EJB, JSF/Primefaces, JPA) I have to mention that the database is old and generally not standardized, nothing is in normal form, no constraints, no foreign keys and they won't allow changes to the database, as they run old Oracle Forms applications on it. how would you handle it?

  2. Is there a way to authenticate users from ActiveDirectory to a javaee web app? I would like to authenticate and authorize the user based on the logged in windows user, is that even possible? would you recommend it?

  3. How should one do security in jee I mean identity preservation, auditing, and authorization, that the database can record, audit and know the actual user? My scenario involves JPA on Oracle DB.

  4. How should the authorization to JAX-RS web service go?

  5. What you use for development in a closed intranet environment where they won't allow internet connection, no central repo, nothing !!
    how would you handle that?

Thank you for the great and inspiring content.

alibttb commented Jan 21, 2018

Hi Adam,
I know most of this is a simple stuff, but I'm new, and hearing it from perspective is great insight,

  1. I'm building a new application from scratch, just a front end for a legacy Oracle DB, it's an application for HR department in a big company.
    The technology of choice is JEE, what technologies from JEE stack would you recommend for such application (CDI, EJB, JSF/Primefaces, JPA) I have to mention that the database is old and generally not standardized, nothing is in normal form, no constraints, no foreign keys and they won't allow changes to the database, as they run old Oracle Forms applications on it. how would you handle it?

  2. Is there a way to authenticate users from ActiveDirectory to a javaee web app? I would like to authenticate and authorize the user based on the logged in windows user, is that even possible? would you recommend it?

  3. How should one do security in jee I mean identity preservation, auditing, and authorization, that the database can record, audit and know the actual user? My scenario involves JPA on Oracle DB.

  4. How should the authorization to JAX-RS web service go?

  5. What you use for development in a closed intranet environment where they won't allow internet connection, no central repo, nothing !!
    how would you handle that?

Thank you for the great and inspiring content.

@hugoworks

This comment has been minimized.

Show comment Hide comment
@hugoworks

hugoworks Jan 22, 2018

I'm looking ways for create component more reutilizable. To do that, the component maybe need to be a stateless component (without coupling). In React tech, variables can be provide to a subtree of your component hierarchy through ChildContextTypes and the component need only embraced with a container component.

How can providing variables to a subtree of your component hierarchy without coupling?

I'm looking ways for create component more reutilizable. To do that, the component maybe need to be a stateless component (without coupling). In React tech, variables can be provide to a subtree of your component hierarchy through ChildContextTypes and the component need only embraced with a container component.

How can providing variables to a subtree of your component hierarchy without coupling?

@vernetto

This comment has been minimized.

Show comment Hide comment
@vernetto

vernetto Jan 25, 2018

As Infrastructure management and Application Deployment becomes easier with cloud platforms (docker, kubernetes, AWS...), do you foresee a near future where the "Developers" will cover all aspects of software lifecycle, and "Operators" will be a thing of the past?

vernetto commented Jan 25, 2018

As Infrastructure management and Application Deployment becomes easier with cloud platforms (docker, kubernetes, AWS...), do you foresee a near future where the "Developers" will cover all aspects of software lifecycle, and "Operators" will be a thing of the past?

@zorcic

This comment has been minimized.

Show comment Hide comment
@zorcic

zorcic Jan 26, 2018

Hi Adam,

i asked last airhacks.tv about detlaspike data.
I wrote a small example and used your docker image. LoC was reduced from 115 to 100, but startup time was increased from 4.5 seconds to 6s. Maybe i will try to investigate where the 1.5s gets lost.

Example without ds data
Example with ds data

Thank you for a lot of very good content,
Ivan

zorcic commented Jan 26, 2018

Hi Adam,

i asked last airhacks.tv about detlaspike data.
I wrote a small example and used your docker image. LoC was reduced from 115 to 100, but startup time was increased from 4.5 seconds to 6s. Maybe i will try to investigate where the 1.5s gets lost.

Example without ds data
Example with ds data

Thank you for a lot of very good content,
Ivan

@AdamBien

This comment has been minimized.

Show comment Hide comment
@AdamBien

AdamBien Feb 4, 2018

@AdamBien #airhacks #javaee How to handle transaction timeout on unpredictable long running tasks at a managed bean methode? Should I do not support transactions at all? Should I fire an cdi event and work on the task at another class? I'm not sure what will be the best approach.

— Sven (@svenehnert) February 4, 2018
Owner

AdamBien commented Feb 4, 2018

@AdamBien #airhacks #javaee How to handle transaction timeout on unpredictable long running tasks at a managed bean methode? Should I do not support transactions at all? Should I fire an cdi event and work on the task at another class? I'm not sure what will be the best approach.

— Sven (@svenehnert) February 4, 2018
@bkaminnski

This comment has been minimized.

Show comment Hide comment
@bkaminnski

bkaminnski Feb 4, 2018

Hi Adam,

I have custom authentication filter that implements javax.ws.rs.container.ContainerRequestFilter and sets my security context in requestContext.setSecurityContext(...). I can easily access this user in each REST endpoint by injecting @Context SecurityContext securityContext. How can I integrate this with EJBs, so that I can get the same user principal also in EJBs injected into REST endpoints? I expect, that in @Stateless I inject @Resource SessionContext sessionContext; and calling sessionContext.getCallerPrincipal().getName() should give me the same user. Doesn't look like it's integrated out-of-the-box in JEE7. I don't want to pass my Principal explicitly in each call to EJBs. What would be the best approach here? Thank you!

Hi Adam,

I have custom authentication filter that implements javax.ws.rs.container.ContainerRequestFilter and sets my security context in requestContext.setSecurityContext(...). I can easily access this user in each REST endpoint by injecting @Context SecurityContext securityContext. How can I integrate this with EJBs, so that I can get the same user principal also in EJBs injected into REST endpoints? I expect, that in @Stateless I inject @Resource SessionContext sessionContext; and calling sessionContext.getCallerPrincipal().getName() should give me the same user. Doesn't look like it's integrated out-of-the-box in JEE7. I don't want to pass my Principal explicitly in each call to EJBs. What would be the best approach here? Thank you!

@omega09

This comment has been minimized.

Show comment Hide comment
@omega09

omega09 Feb 5, 2018

Security questions:

  1. What would you recommend for authentication over SSL/TLS? OAuth/2, JWT? Why is it a bad idea to resend the password on each request?
  2. What is your checklist to have when writing code on both client and server which sends and receives sensitive data like credit card information? What security measures need to be instated?

omega09 commented Feb 5, 2018

Security questions:

  1. What would you recommend for authentication over SSL/TLS? OAuth/2, JWT? Why is it a bad idea to resend the password on each request?
  2. What is your checklist to have when writing code on both client and server which sends and receives sensitive data like credit card information? What security measures need to be instated?
@m1k0-registered

This comment has been minimized.

Show comment Hide comment
@m1k0-registered

m1k0-registered Feb 5, 2018

What do you think about NetBeans future?
The same transaction to Apache was done for Open Office and... current situation is not good for Open/Libre Office :(

What do you think about NetBeans future?
The same transaction to Apache was done for Open Office and... current situation is not good for Open/Libre Office :(

@pgutierrezn2

This comment has been minimized.

Show comment Hide comment
@pgutierrezn2

pgutierrezn2 Feb 5, 2018

Hi Adam, thanks for this monthly opportunity to raise questions.

Following your warning that Data Transfer Objects are widely overused we'd like to check if that is the case in our environment. We're starting to use JPA these days and it is a good oportunity to review our approach:

  • For us it is typical that more than one hundred applications (different EAR files) call (most of them via the remote interface) to the same EJB responsible for dealing with a set of database tables. For that, these applications use a client jar that includes DTOs to communicate with the EJB.
  • Our DTOs are most of them identical to the JPA entity: same fields, no impedance. We don't need to adapt incompatible domain layers
  • We've tried to substitute the DTO with the JPA entity itself (I mean, duplicating it) but we get the following exception because the JPA entity in the client jar has different bytecode (I suppose) than the one in the EJB that is enhanced due to weaving
    java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is: org.omg.CORBA.MARSHAL: cannot locate RunTime CodeBase

Any recomendation for this scenario is welcomed.

Hi Adam, thanks for this monthly opportunity to raise questions.

Following your warning that Data Transfer Objects are widely overused we'd like to check if that is the case in our environment. We're starting to use JPA these days and it is a good oportunity to review our approach:

  • For us it is typical that more than one hundred applications (different EAR files) call (most of them via the remote interface) to the same EJB responsible for dealing with a set of database tables. For that, these applications use a client jar that includes DTOs to communicate with the EJB.
  • Our DTOs are most of them identical to the JPA entity: same fields, no impedance. We don't need to adapt incompatible domain layers
  • We've tried to substitute the DTO with the JPA entity itself (I mean, duplicating it) but we get the following exception because the JPA entity in the client jar has different bytecode (I suppose) than the one in the EJB that is enhanced due to weaving
    java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is: org.omg.CORBA.MARSHAL: cannot locate RunTime CodeBase

Any recomendation for this scenario is welcomed.

@vanuatoo

This comment has been minimized.

Show comment Hide comment
@vanuatoo

vanuatoo Feb 5, 2018

What is your approach to this scenario:

There is an Entity with columns: ID and Name. Name is annotated as @column(unique = true)

There is a REST Resource which injects session bean.
POST Request is sent to REST Resource which invokes business method in a session bean.
In a session bean there is a line: em.persist(bean);

The goal is to throw business exception from the session bean when Constraint Violation happens in the database but the exception is not thrown unless you put em.flush(); after em.persist();

Is putting em.flush() a correct approach?
Another approach would be to first find an object with the same Name, but there is still a chance Constraint Violation happens in a race condition.

vanuatoo commented Feb 5, 2018

What is your approach to this scenario:

There is an Entity with columns: ID and Name. Name is annotated as @column(unique = true)

There is a REST Resource which injects session bean.
POST Request is sent to REST Resource which invokes business method in a session bean.
In a session bean there is a line: em.persist(bean);

The goal is to throw business exception from the session bean when Constraint Violation happens in the database but the exception is not thrown unless you put em.flush(); after em.persist();

Is putting em.flush() a correct approach?
Another approach would be to first find an object with the same Name, but there is still a chance Constraint Violation happens in a race condition.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment