Jakarta EE Cookbook - Second Edition

By : Elder Moraes

Jakarta EE Cookbook - Second Edition

By: Elder Moraes

Overview of this book

Jakarta EE is widely used around the world for developing enterprise applications for a variety of domains. With this book, Java professionals will be able to enhance their skills to deliver powerful enterprise solutions using practical recipes. This second edition of the Jakarta EE Cookbook takes you through the improvements introduced in its latest version and helps you get hands-on with its significant APIs and features used for server-side development. You'll use Jakarta EE for creating RESTful web services and web applications with the JAX-RS, JSON-P, and JSON-B APIs and learn how you can improve the security of your enterprise solutions. Not only will you learn how to use the most important servers on the market, but you'll also learn to make the best of what they have to offer for your project. From an architectural point of view, this Jakarta book covers microservices, cloud computing, and containers. It allows you to explore all the tools for building reactive applications using Jakarta EE and core Java features such as lambdas. Finally, you'll discover how professionals can improve their projects by engaging with and contributing to the community. By the end of this book, you'll have become proficient in developing and deploying enterprise applications using Jakarta EE.

Preface

Who this book is for

What this book covers

To get the most out of this book

Sections

Get in touch

New Features and Improvements

Running your first Jakarta Bean Validation 2.0 code

Running your first Jakarta CDI 2.0 code

Running your first JAX-RS 2.1 code

Running your first JSF 2.3 code

Running your first JSON-P 1.1 code

Running your first JSON-B 1.0 code

Running your first Jakarta Servlet 4.0 code

Running your first Jakarta Security code

Running your first MVC 1.0 code

Free Chapter

Server-Side Development

Using Jakarta CDI to inject context and dependencies

Using Jakarta Bean Validation for data validation

Using Jakarta Servlet for request and response management

Using Server Push to make objects available beforehand

Using EJB and JTA for transaction management

Using EJB to deal with concurrency

Using JPA for smart data persistence

Using EJB and JPA for data caching

Using Jakarta Batch processing

Building Powerful Services with JSON and RESTful Features

Building server-side events with JAX-RS

Improving service's capabilities with JAX-RS and Jakarta CDI

Easing data and objects representation with Jakarta JSON Binding

Parsing, generating, transforming, and querying JSON objects using Jakarta JSON Processing

Web and Client-Server Communication

Using servlets for request and response management

Building a UI with template features using JSF

Improving response performance with Server Push

Security of the Enterprise Architecture

Domain protection with authentication

Granting rights through authorization

Protecting data confidentiality and integrity with SSL/TLS

Using declarative security

Using programmatic security

Reducing Coding Effort by Relying on Standards

Preparing your application to use a connection pool

Using messaging services for asynchronous communication

Understanding a servlet's life cycle

Transaction management

Deploying and Managing Applications on Major Jakarta EE Servers

Understanding Apache TomEE

Eclipse GlassFish

Red Hat WildFly

Building Lightweight Solutions Using Microservices

Building microservices from a monolith

Building decoupled services

Building an automated pipeline for microservices

Determining the state of a microservice by using the MicroProfile Health Check API

Generating and/or monitoring metrics with the MicroProfile Metrics API

Exposing API documentation using the MicroProfile OpenAPI

Using Multithreading on Enterprise Context

Building asynchronous tasks with returning results

Using transactions with asynchronous tasks

Checking the status of asynchronous tasks

Building managed threads with returning results

Scheduling asynchronous tasks with returning results

Using injected proxies for asynchronous tasks

Using Event-Driven Programming to Build Reactive Applications

Building reactive applications using asynchronous servlets

Building reactive applications using events and observers

Building reactive applications using WebSocket

Building reactive applications using message-driven beans

Building reactive applications using Jakarta RESTful Web Services

Building reactive applications using asynchronous session beans

Using lambdas and CompletableFuture to improve reactive applications

Rising to the Cloud - Jakarta EE, Containers, and Cloud Computing

Building Jakarta EE containers using Docker

Using Oracle Cloud Infrastructure for container orchestration in the cloud

Using Jelastic for container orchestration in the cloud

Using OpenShift for container orchestration in the cloud

Using AWS for container orchestration in the cloud

Other Books You May Enjoy

Leave a review - let other readers know what you think

Appendix - The Power of Sharing Knowledge

Introduction

Why contributing to the Adopt a JSR program can make you a better professional

The secret to unsticking your career, your project, and even your life!

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Running your first Jakarta Security code

Security is one of the top concerns when you build an enterprise application. Luckily, the Jakarta EE platform now has this API that handles many of the enterprise requirements in a standardized way.

In this recipe, you will learn how to define roles and give them the right authorization based on rules defined in the methods that manage sensitive data.

Getting ready

We start by adding our dependencies to the project:

<dependencies>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>4.12</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.apache.tomee</groupId>
        <artifactId>openejb-core</artifactId>
        <version>7.0.4</version>
    </dependency>
    <dependency>
        <groupId>jakarta.platform</groupId>
        <artifactId>jakarta.jakartaee-api</artifactId>
        <version>8.0.0</version>
        <scope>provided</scope>
    </dependency>
</dependencies>

How to do it...

You need to perform the following steps to try this recipe:

We first create a User entity:

@Entity 
public class User implements Serializable{

    @Id
    private Long id;
    private String name;
    private String email;

    public User(){        
    }

    public User(Long id, String name, String email) {
        this.id = id;
        this.name = name;
        this.email = email;
    }
    
    //DON'T FORGET THE GETTERS AND SETTERS
    //THIS RECIPE WON'T WORK WITHOUT THEM
}

Here, we create a class to store our security roles:

public class Roles {
    public static final String ADMIN = "ADMIN";
    public static final String OPERATOR = "OPERATOR";
}

Then, we create a stateful bean to manage our user operations:

@Stateful
public class UserBean {

    @PersistenceContext(unitName = "ch01-security-pu", 
    type = PersistenceContextType.EXTENDED)
    private EntityManager em;

    @RolesAllowed({Roles.ADMIN, Roles.OPERATOR})
    public void add(User user){
        em.persist(user);
    }

    @RolesAllowed({Roles.ADMIN})
    public void remove(User user){
        em.remove(user);
    }

    @RolesAllowed({Roles.ADMIN})
    public void update(User user){
        em.merge(user);
    }

    @PermitAll
    public List<User> get(){
        Query q = em.createQuery("SELECT u FROM User as u ");
        return q.getResultList();
    }

Now, we need to create an executor for each role:

public class RoleExecutor {

    public interface Executable {
        void execute() throws Exception;
    }

    @Stateless
    @RunAs(Roles.ADMIN)
    public static class AdminExecutor {
        public void run(Executable executable) throws Exception {
            executable.execute();
        }
    }

    @Stateless
    @RunAs(Roles.OPERATOR)
    public static class OperatorExecutor {
        public void run(Executable executable) throws Exception {
            executable.execute();
        }
    }
}

And finally, we create a test class to try our security rules.
Our code uses three test methods: asAdmin(), asOperator(), and asAnonymous().
First, it tests asAdmin():

    //Lot of setup code before this point

    @Test
    public void asAdmin() throws Exception {
        adminExecutor.run(() -> {
            userBean.add(new User(1L, "user1", "[email protected]"));
            userBean.add(new User(2L, "user2", "[email protected]"));
            userBean.add(new User(3L, "user3", "[email protected]"));
            userBean.add(new User(4L, "user4", "[email protected]"));

            List<User> list = userBean.get();

            list.forEach((user) -> {
                userBean.remove(user);
            });

            Assert.assertEquals("userBean.get()", 0, 
            userBean.get().size());
        });
    }

Then, it tests asOperator():

    @Test
    public void asOperator() throws Exception {

        operatorExecutor.run(() -> {
            userBean.add(new User(1L, "user1", "[email protected]"));
            userBean.add(new User(2L, "user2", "[email protected]"));
            userBean.add(new User(3L, "user3", "[email protected]"));
            userBean.add(new User(4L, "user4", "[email protected]"));

            List<User> list = userBean.get();

            list.forEach((user) -> {
                try {
                    userBean.remove(user);
                    Assert.fail("Operator was able to remove user " + 
                    user.getName());
                } catch (EJBAccessException e) {
                }
            });
            Assert.assertEquals("userBean.get()", 4, 
            userBean.get().size());
        });
    }

And, finally, it tests asAnonymous():

    @Test
    public void asAnonymous() {

        try {
            userBean.add(new User(1L, "elder", 
            "[email protected]"));
            Assert.fail("Anonymous user should not add users");
        } catch (EJBAccessException e) {
        }

        try {
            userBean.remove(new User(1L, "elder", 
            "[email protected]"));
            Assert.fail("Anonymous user should not remove users");
        } catch (EJBAccessException e) {
        }

        try {
            userBean.get();
        } catch (EJBAccessException e) {
            Assert.fail("Everyone can list users");
        }
    }

This class is huge! For the full source code, check the link at the end of this recipe.

How it works...

The whole point in this recipe is to do with the @RolesAllowed, @RunsAs, and @PermitAll annotations. They define what operations each role can do and what happens when a user tries an operation using the wrong role.

There's more...

What we did here is called programmatic security, that is, we defined the security rules and roles through our code (the program). There's another approach called declarative security, where you declare the rules and roles through application and server configurations.

One good step up for this recipe is to evolve the roles management to a source outside the application, such as a database or a service.

Jakarta EE Cookbook - Second Edition

By : Elder Moraes

Jakarta EE Cookbook - Second Edition

By: Elder Moraes

Overview of this book

Related Content you might be interested in

Current Title:

Jakarta EE Cookbook - Second Edition

Jakarta EE Application Development

Developing Middleware in Java EE 8

Mastering Java EE Development with WildFly