47thAirhacksQ&A.md

47thAirhacksQ&A.md

Ask questions and see you at February, 5th, 6.PM. CET: http://www.ustream.tv/channel/adambien

Also checkout recent episode:

I'm looking ways for create component more reutilizable. To do that, the component maybe need to be a stateless component (without coupling). In React tech, variables can be provide to a subtree of your component hierarchy through ChildContextTypes and the component need only embraced with a container component.

How can providing variables to a subtree of your component hierarchy without coupling?

As Infrastructure management and Application Deployment becomes easier with cloud platforms (docker, kubernetes, AWS...), do you foresee a near future where the "Developers" will cover all aspects of software lifecycle, and "Operators" will be a thing of the past?

Hi Adam,

i asked last airhacks.tv about detlaspike data.
I wrote a small example and used your docker image. LoC was reduced from 115 to 100, but startup time was increased from 4.5 seconds to 6s. Maybe i will try to investigate where the 1.5s gets lost.

Example without ds data
Example with ds data

Thank you for a lot of very good content,
Ivan

@AdamBien #airhacks #javaee How to handle transaction timeout on unpredictable long running tasks at a managed bean methode? Should I do not support transactions at all? Should I fire an cdi event and work on the task at another class? I'm not sure what will be the best approach.

— Sven (@svenehnert) February 4, 2018

Hi Adam,

I have custom authentication filter that implements javax.ws.rs.container.ContainerRequestFilter and sets my security context in requestContext.setSecurityContext(...). I can easily access this user in each REST endpoint by injecting @Context SecurityContext securityContext. How can I integrate this with EJBs, so that I can get the same user principal also in EJBs injected into REST endpoints? I expect, that in @Stateless I inject @Resource SessionContext sessionContext; and calling sessionContext.getCallerPrincipal().getName() should give me the same user. Doesn't look like it's integrated out-of-the-box in JEE7. I don't want to pass my Principal explicitly in each call to EJBs. What would be the best approach here? Thank you!

Security questions:

1. What would you recommend for authentication over SSL/TLS? OAuth/2, JWT? Why is it a bad idea to resend the password on each request?
2. What is your checklist to have when writing code on both client and server which sends and receives sensitive data like credit card information? What security measures need to be instated?

What do you think about NetBeans future?
The same transaction to Apache was done for Open Office and... current situation is not good for Open/Libre Office :(

Hi Adam, thanks for this monthly opportunity to raise questions.

Following your warning that Data Transfer Objects are widely overused we'd like to check if that is the case in our environment. We're starting to use JPA these days and it is a good oportunity to review our approach:

• For us it is typical that more than one hundred applications (different EAR files) call (most of them via the remote interface) to the same EJB responsible for dealing with a set of database tables. For that, these applications use a client jar that includes DTOs to communicate with the EJB.
• Our DTOs are most of them identical to the JPA entity: same fields, no impedance. We don't need to adapt incompatible domain layers
• We've tried to substitute the DTO with the JPA entity itself (I mean, duplicating it) but we get the following exception because the JPA entity in the client jar has different bytecode (I suppose) than the one in the EJB that is enhanced due to weaving
  java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is: org.omg.CORBA.MARSHAL: cannot locate RunTime CodeBase

Any recomendation for this scenario is welcomed.

What is your approach to this scenario:

There is an Entity with columns: ID and Name. Name is annotated as @column(unique = true)

There is a REST Resource which injects session bean.
POST Request is sent to REST Resource which invokes business method in a session bean.
In a session bean there is a line: em.persist(bean);

The goal is to throw business exception from the session bean when Constraint Violation happens in the database but the exception is not thrown unless you put em.flush(); after em.persist();

Is putting em.flush() a correct approach?
Another approach would be to first find an object with the same Name, but there is still a chance Constraint Violation happens in a race condition.