Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Jakarta EE Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Jakarta EE Cookbook

Jakarta EE Cookbook - Second Edition

By : Moraes
5 (2)
Buy this Book
close
close
Jakarta EE Cookbook

Jakarta EE Cookbook

5 (2)
By: Moraes
Buy this Book

Overview of this book

Jakarta EE is widely used around the world for developing enterprise applications for a variety of domains. With this book, Java professionals will be able to enhance their skills to deliver powerful enterprise solutions using practical recipes. This second edition of the Jakarta EE Cookbook takes you through the improvements introduced in its latest version and helps you get hands-on with its significant APIs and features used for server-side development. You'll use Jakarta EE for creating RESTful web services and web applications with the JAX-RS, JSON-P, and JSON-B APIs and learn how you can improve the security of your enterprise solutions. Not only will you learn how to use the most important servers on the market, but you'll also learn to make the best of what they have to offer for your project. From an architectural point of view, this Jakarta book covers microservices, cloud computing, and containers. It allows you to explore all the tools for building reactive applications using Jakarta EE and core Java features such as lambdas. Finally, you'll discover how professionals can improve their projects by engaging with and contributing to the community. By the end of this book, you'll have become proficient in developing and deploying enterprise applications using Jakarta EE.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Sections
Icon
Get in touch
1
New Features and Improvements
chevron up
Icon
New Features and Improvements
Icon
Running your first Jakarta Bean Validation 2.0 code
Icon
Running your first Jakarta CDI 2.0 code
Icon
Running your first JAX-RS 2.1 code
Icon
Running your first JSF 2.3 code
Icon
Running your first JSON-P 1.1 code
Icon
Running your first JSON-B 1.0 code
Icon
Running your first Jakarta Servlet 4.0 code
Icon
Running your first Jakarta Security code
Icon
Running your first MVC 1.0 code
Lock Free Chapter
2
Server-Side Development
Icon
Server-Side Development
Icon
Using Jakarta CDI to inject context and dependencies
Icon
Using Jakarta Bean Validation for data validation
Icon
Using Jakarta Servlet for request and response management
Icon
Using Server Push to make objects available beforehand
Icon
Using EJB and JTA for transaction management
Icon
Using EJB to deal with concurrency
Icon
Using JPA for smart data persistence
Icon
Using EJB and JPA for data caching
Icon
Using Jakarta Batch processing
3
Building Powerful Services with JSON and RESTful Features
Icon
Building Powerful Services with JSON and RESTful Features
Icon
Building server-side events with JAX-RS
Icon
Improving service's capabilities with JAX-RS and Jakarta CDI
Icon
Easing data and objects representation with Jakarta JSON Binding
Icon
Parsing, generating, transforming, and querying JSON objects using Jakarta JSON Processing
4
Web and Client-Server Communication
Icon
Web and Client-Server Communication
Icon
Using servlets for request and response management
Icon
Building a UI with template features using JSF
Icon
Improving response performance with Server Push
5
Security of the Enterprise Architecture
Icon
Security of the Enterprise Architecture
Icon
Domain protection with authentication
Icon
Granting rights through authorization
Icon
Protecting data confidentiality and integrity with SSL/TLS
Icon
Using declarative security
Icon
Using programmatic security
6
Reducing Coding Effort by Relying on Standards
Icon
Reducing Coding Effort by Relying on Standards
Icon
Preparing your application to use a connection pool
Icon
Using messaging services for asynchronous communication
Icon
Understanding a servlet's life cycle
Icon
Transaction management
7
Deploying and Managing Applications on Major Jakarta EE Servers
Icon
Deploying and Managing Applications on Major Jakarta EE Servers
Icon
Understanding Apache TomEE
Icon
Eclipse GlassFish
Icon
Red Hat WildFly
8
Building Lightweight Solutions Using Microservices
Icon
Building Lightweight Solutions Using Microservices
Icon
Building microservices from a monolith
Icon
Building decoupled services
Icon
Building an automated pipeline for microservices
Icon
Determining the state of a microservice by using the MicroProfile Health Check API
Icon
Generating and/or monitoring metrics with the MicroProfile Metrics API
Icon
Exposing API documentation using the MicroProfile OpenAPI
9
Using Multithreading on Enterprise Context
Icon
Using Multithreading on Enterprise Context
Icon
Building asynchronous tasks with returning results
Icon
Using transactions with asynchronous tasks
Icon
Checking the status of asynchronous tasks
Icon
Building managed threads with returning results
Icon
Scheduling asynchronous tasks with returning results
Icon
Using injected proxies for asynchronous tasks
10
Using Event-Driven Programming to Build Reactive Applications
Icon
Using Event-Driven Programming to Build Reactive Applications
Icon
Building reactive applications using asynchronous servlets
Icon
Building reactive applications using events and observers
Icon
Building reactive applications using WebSocket
Icon
Building reactive applications using message-driven beans
Icon
Building reactive applications using Jakarta RESTful Web Services
Icon
Building reactive applications using asynchronous session beans
Icon
Using lambdas and CompletableFuture to improve reactive applications
11
Rising to the Cloud - Jakarta EE, Containers, and Cloud Computing
Icon
Rising to the Cloud - Jakarta EE, Containers, and Cloud Computing
Icon
Building Jakarta EE containers using Docker
Icon
Using Oracle Cloud Infrastructure for container orchestration in the cloud
Icon
Using Jelastic for container orchestration in the cloud
Icon
Using OpenShift for container orchestration in the cloud
Icon
Using AWS for container orchestration in the cloud
12
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think
1
Appendix - The Power of Sharing Knowledge
Icon
Appendix - The Power of Sharing Knowledge
Icon
Introduction
Icon
Why contributing to the Adopt a JSR program can make you a better professional
Icon
The secret to unsticking your career, your project, and even your life!

Running your first Jakarta Security code

Security is one of the top concerns when you build an enterprise application. Luckily, the Jakarta EE platform now has this API that handles many of the enterprise requirements in a standardized way.

In this recipe, you will learn how to define roles and give them the right authorization based on rules defined in the methods that manage sensitive data.

Getting ready

We start by adding our dependencies to the project:

<dependencies>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>4.12</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.apache.tomee</groupId>
        <artifactId>openejb-core</artifactId>
        <version>7.0.4</version>
    </dependency>
    <dependency>
        <groupId>jakarta.platform</groupId>
        <artifactId>jakarta.jakartaee-api</artifactId>
        <version>8.0.0</version>
        <scope>provided</scope>
    </dependency>
</dependencies>

How to do it...

You need to perform the following steps to try this recipe:

  1. We first create a User entity:
@Entity 
public class User implements Serializable{

    @Id
    private Long id;
    private String name;
    private String email;

    public User(){        
    }

    public User(Long id, String name, String email) {
        this.id = id;
        this.name = name;
        this.email = email;
    }
    
    //DON'T FORGET THE GETTERS AND SETTERS
    //THIS RECIPE WON'T WORK WITHOUT THEM
}
  1. Here, we create a class to store our security roles:
public class Roles {
    public static final String ADMIN = "ADMIN";
    public static final String OPERATOR = "OPERATOR";
}
  1. Then, we create a stateful bean to manage our user operations:
@Stateful
public class UserBean {

    @PersistenceContext(unitName = "ch01-security-pu", 
    type = PersistenceContextType.EXTENDED)
    private EntityManager em;

    @RolesAllowed({Roles.ADMIN, Roles.OPERATOR})
    public void add(User user){
        em.persist(user);
    }

    @RolesAllowed({Roles.ADMIN})
    public void remove(User user){
        em.remove(user);
    }

    @RolesAllowed({Roles.ADMIN})
    public void update(User user){
        em.merge(user);
    }

    @PermitAll
    public List<User> get(){
        Query q = em.createQuery("SELECT u FROM User as u ");
        return q.getResultList();
    }
  1. Now, we need to create an executor for each role:
public class RoleExecutor {

    public interface Executable {
        void execute() throws Exception;
    }

    @Stateless
    @RunAs(Roles.ADMIN)
    public static class AdminExecutor {
        public void run(Executable executable) throws Exception {
            executable.execute();
        }
    }

    @Stateless
    @RunAs(Roles.OPERATOR)
    public static class OperatorExecutor {
        public void run(Executable executable) throws Exception {
            executable.execute();
        }
    }
}
  1. And finally, we create a test class to try our security rules.
  2. Our code uses three test methods: asAdmin(), asOperator(), and asAnonymous().
  3. First, it tests asAdmin():
    //Lot of setup code before this point

    @Test
    public void asAdmin() throws Exception {
        adminExecutor.run(() -> {
            userBean.add(new User(1L, "user1", "[email protected]"));
            userBean.add(new User(2L, "user2", "[email protected]"));
            userBean.add(new User(3L, "user3", "[email protected]"));
            userBean.add(new User(4L, "user4", "[email protected]"));

            List<User> list = userBean.get();

            list.forEach((user) -> {
                userBean.remove(user);
            });

            Assert.assertEquals("userBean.get()", 0, 
            userBean.get().size());
        });
    }
  1. Then, it tests asOperator():
    @Test
    public void asOperator() throws Exception {

        operatorExecutor.run(() -> {
            userBean.add(new User(1L, "user1", "[email protected]"));
            userBean.add(new User(2L, "user2", "[email protected]"));
            userBean.add(new User(3L, "user3", "[email protected]"));
            userBean.add(new User(4L, "user4", "[email protected]"));

            List<User> list = userBean.get();

            list.forEach((user) -> {
                try {
                    userBean.remove(user);
                    Assert.fail("Operator was able to remove user " + 
                    user.getName());
                } catch (EJBAccessException e) {
                }
            });
            Assert.assertEquals("userBean.get()", 4, 
            userBean.get().size());
        });
    }
  1. And, finally, it tests asAnonymous():
    @Test
    public void asAnonymous() {

        try {
            userBean.add(new User(1L, "elder", 
            "[email protected]"));
            Assert.fail("Anonymous user should not add users");
        } catch (EJBAccessException e) {
        }

        try {
            userBean.remove(new User(1L, "elder", 
            "[email protected]"));
            Assert.fail("Anonymous user should not remove users");
        } catch (EJBAccessException e) {
        }

        try {
            userBean.get();
        } catch (EJBAccessException e) {
            Assert.fail("Everyone can list users");
        }
    }

This class is huge! For the full source code, check the link at the end of this recipe.

How it works...

The whole point in this recipe is to do with the @RolesAllowed, @RunsAs, and @PermitAll annotations. They define what operations each role can do and what happens when a user tries an operation using the wrong role.

There's more...

What we did here is called programmatic security, that is, we defined the security rules and roles through our code (the program). There's another approach called declarative security, where you declare the rules and roles through application and server configurations.

One good step up for this recipe is to evolve the roles management to a source outside the application, such as a database or a service.

See also

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Jakarta EE Cookbook
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon