Java EE and general Java platforms.
You'll read about Conferences, Java User Groups, Java EE, Integration, AS7, WildFly, EAP and other technologies.

Monday, November 30, 2015

A Refresher - Java EE 7 At A Glance

10:34 Monday, November 30, 2015 Posted by Markus Eisele
As the Red Hat JBoss Enterprise Application Platform 7 (EAP 7) is looming on the horizon and even the WebLogic server just recently got Java EE 7 certified, I thought it might be about time to give you a little refresher about the Java Enterprise Edition 7 features and point you towards further resources.

Java EE 7 - Developer Productivity, HTML 5 and Enterprise Demands
The Java Enterprise Edition 7 offers new features for enhanced HTML5 support,
helps developers being more productive and further helps meeting enterprise demands. As a developer you will write a lot less boilerplate code and have better support for the latest Web applications and frameworks.

Main Topics Of Java EE 7

There are a couple of new features in Java EE 7 and Arun compiled a list of the top ten most prominent ones a while ago already and you can see the complete slide-deck as part of the Java EE 7 samples project on GitHub. This is a quick recap of them:

Java API for WebSocket 1.0 (JSR 356)
There is first class support for creating and deploying WebSocket endpoints. There is a standard W3C JavaScript API that can be used from browsers but this API also introduces a client endpoint.
The reference implementation is Tyrus.

Batch Applications for the Java Platform (JSR 352)
In-built support for Batch applications allows to remove dependency on third-party frameworks. Also see the Batch Applications tutorial on WildFly for further information.

JSON Processing (JSR 353)
Native support for JSON processing allows to make the application light-weight and getting rid of third party libraries.

Concurrency Utilities for Java EE (JSR 236)
Concurrency Utilities extends JSR standard Java SE Concurrency Utilities and add asynchronous capabilities to Java EE application components.

Simplified JMS API (JSR 368)
JMS API has been extremely simplified by leveraging CDI, Autocloseable, and other features of the language.

@Transactional and @TransactionScoped (JSR 907)
Deliver transactional applications with choice and flexibility, use @Transactional to enable transactions on any POJO.

JAX-RS Client API (JSR 339)
JAX-RS added a new Client API to invoke a REST endpoint using a fluent builder API.

Default Resources (JSR 342)
Default resources like JDBC DataSource, JMS ConnectionFactory, etc are added to simplify OOTB experience.

More annotated POJOs
More annotations have been added to simplify devops experience such as @JMSDestinationDefinition that automatically creates a JMS destination.

Faces Flow (JSR 344)
JSF added Faces Flow that allows to create reusable modules to capture a flow of pages together.

Pruned Technologies
While many new features have been added in Java EE 7, others have been made optional. Those are: Java EE Management (JSR-77); Application Deployment (JSR-88); JAXR, for interfacing with UDDI registries (JSR-93); JAX-RPC, for XML-based RPC (JSR-101); and EJB 2.x Container Managed Persistence, which is effectively replaced by the Java Persistence API (JSR-338). These specifications, while removed from the current release, remain optional for vendors in the event that demand for them persists among customers. They will, however, be removed in Java EE 8.

Further Reading
Java EE 7 API Documentation
Oracle Java EE SDK
Java EE 7 Tutorial
Java EE 7 Samples On Github
Application Server Migration: Java EE 5 to JBoss Wildfly Java EE7
Getting Started With EAP 7 Alpha and Java EE 7
Java EE 7 Essentials by Arun Gupta
Beginning Java EE 7 by Antonio Goncalves
Java EE Bootstrap Course by JBoss Champion Adam Bien

Thursday, November 19, 2015

HTTP/2 With JBoss EAP 7 - Tech Preview

12:42 Thursday, November 19, 2015 Posted by Markus Eisele
, ,
Just a couple of days ago, the new JBoss EAP 7 ALPHA version was released.  And I already blogged about how to get started with it. One very interesting part is the HTTP/2 support which has been added as a technical preview. It is provided by the new webserver Untertow.  HTTP/2 reduces latency by compressing headers and multiplexing many streams over the same TCP connection. It also supports the ability for a server to push resources to the client before it has requested them, leading to faster page loads.

Tech Preview Components
A short remark about what technology preview actually means. Some features in JBoss EAP are provided as technology preview. This means that while these components have been included in JBoss EAP but they're not considered functionally complete and are not suitable for production use. So they're supported in development  but not recommended or supported for production use. But they help us to get wider exposure and feedback. So, if you encourage something that does not work as expected or have ideas about the future direction of this feature, feel free to reach out to us.
Red Hat intends to fully support technology preview features in a future release.

Prepare Your EAP Installation
The Application Layer Protocol Negotiation (ALPN) is an extension for the SSL protocol that helps to make HTTPS connections faster. It was defined together with HTTP/2 and this uses ALPN to create HTTPS connections. As most browsers implement HTTP/2 only over HTTPS, The OpenJDK implements SSL in the package. The current implementations in Java 7 and Java 8 do not support ALPN. With Java 9,there will (hopefully) be native support for ALPN (JEP 244). EAP requires you to use Java 8. You can't run the HTTP/2 example on Java 7 at all, because of missing cyphers.
Since HTTP/2 is also a goal for Java EE8, it is also expected to be made available in a future Java SE 8 update, likely after Java 9 is released.

To get around this limitation today on Java 8 we need to add a library that provides ALPN support to the JVM’s boot class path. The version of the jar file that you need is tied to the JVM version in use, so you must make sure you are using the correct version for you JVM. Jetty provides a ALPN implementation for java. Go to the jetty website and find the correct version for your JDK. In this example, I'm using JDK 1.8.0u60 which needs ALPN version: "8.1.5.v20150921".
Switch working folder to your JBOSS_HOME and download the alpn library to the /bin folder.
curl >bin/alpn-boot-8.1.5.v20150921.jar
The library now needs to be added to the server's bootclasspath. Add the following lines to the standalone configuration files
//standalone.conf on Linux
JAVA_OPTS="$JAVA_OPTS  -Xbootclasspath/p:$JBOSS_HOME/bin/alpn-boot-8.1.5.v20150921.jar"

//standalone.conf.bat on Windows
set "JAVA_OPTS=%JAVA_OPTS% -Xbootclasspath/p:%JBOSS_HOME%/bin/alpn-boot-8.1.5.v20150921.jar"

The next step is to install certificates for the https connector. For testing purposes you can download the ones from the Undertow test suite. Learn how to generate and run your own SSL certificates in an older blog-post of mine.
curl >standalone/configuration/server.keystore
curl >standalone/configuration/server.truststore

When you're done with that, start the server and add a https connector via the command-line tool (connect to your running server and issue the commands highlighted in the following):

You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.

[disconnected /] connect

[standalone@localhost:9990 /] /core-service=management/security-realm=https:add()

{"outcome" => "success"}

[standalone@localhost:9990 /]  /core-service=management/security-realm=https/authentication=truststore:add(keystore-path=server.truststore, keystore-password=password, keystore-relative-to=jboss.server.config.dir)

    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"

[standalone@localhost:9990 /] /core-service=management/security-realm=https/server-identity=ssl:add(keystore-path=server.keystore, keystore-password=password, keystore-relative-to=jboss.server.config.dir)

    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"

[standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=https, enable-http2=true)

    "outcome" => "success",
    "response-headers" => {"process-state" => "reload-required"}
[standalone@localhost:9990 /]
Shutdown and re-start your EAP instance.

Testing The Connection
When the server is up again, point your browser to https://localhost:8443. After clicking through the security warning about the self signed certificate you see the normal EAP 7 welcome page.
But how do you find out, that the connection is actually using HTTP/2? You can do this in various ways. If you're using Chrome, you can enter "chrome://net-internals" in the browser bar and select "HTTP/2" in the dropdown. If you re-load the EAP homepage and come back to the network page in chrome, you can see the HTTP/2 session with all headers and information.

Network Connection Properties in Chrome

Another option is to use a little JavaScript and deploy it in your application:

<p style="font-size: 125%;">You are currently connected using the protocol: <b style='color: darkred;' id="transport">checking...</b>.</p>
<p id="summary" />
    var url = "/";
    var xhr = new XMLHttpRequest();

    xhr.onreadystatechange = function(e) {
        if (this.readyState === 4) {
            var transport = this.status == 200 ? xhr.getResponseHeader("X-Undertow-Transport") : null;
            transport = transport == null ? "unknown" : transport;
            document.getElementById("transport").innerHTML = transport;
            var summary = "No HTTP/2 Support!";
            if (transport.indexOf("h2") == 0) {
                summary = "Congratulations! Your client is using HTTP/2.";
            document.getElementById("summary").innerHTML = summary;

    }'HEAD', url, true);
Congratulations! You just upgraded your EAP installation to HTTP/2! Don't forget to give feedback and learn more about JBoss EAP 7: And please keep in mind:  just like with any Alpha release, please anticipate issues. If you find any please report them in the corresponding JIRA.

Tuesday, November 17, 2015

Getting Started With EAP 7 Alpha and Java EE 7

16:34 Tuesday, November 17, 2015 Posted by Markus Eisele
, ,
Red Hat JBoss Enterprise Application Platform 7 (JBoss EAP 7) is a middleware platform built on open standards and compliant with the Java Enterprise Edition 7 specification. Built on top of innovative and proven open source technologies like WildFly, it will make Java EE 7 development a lot easier. Here is a quick guide on how to get started with the latest ALPHA release.

Prerequisites and Preface
JBoss EAP 7 provides two operating modes for JBoss EAP 7 instances: standalone server or managed domain. The standalone server operating mode represents running JBoss EAP as a single server instance. The managed domain operating mode allows for the management of multiple JBoss EAP instances from a single control point. The available version as of today is EAP 7 ALPHA. Just like with any Alpha release, please anticipate issues. If you find issues, feel free to file them in the corresponding JIRA. You need to have a supported JDK installed. EAP 7 requires Java SE 8.
You can test-drive EAP 7 under the Red Hat JBoss Developer Program. All you need to do is to register with right after you click download on the EAP product page.

Download And Install JBoss EAP 7
Open a web browser and navigate to Click the green "download" button on the upper right of the page. If you have not yet done so, you will be prompted to review and accept the terms of the Red Hat JBoss Developer Program. Alternatively, just log-in and wait for the download to begin. Attention: This will download the 6.4.0-installer. We just want to download a ZIP file of the ALPHA release! You need to follow the link to all downloads and select the 7.0.0.Alpha ZIP Download (172mb). When finished, unzip into a folder of your choice. We call this folder "EAP_HOME" from now on. The installation is finished.

Startup And Basic Administration
Start the server in standalone mode via the following command:
$ EAP_HOME/bin/standalone.bat|.sh
If successful, you will see the following last lines of the output:
09:46:50,789 INFO  [] (Controller Boot Thread) WFLYSRV0025: EAP 7.0.0.Alpha1 (WildFly Core 2.0.0.CR8) started in 15482ms - Started 259 of 489 services (314 services are lazy, passive or on-demand)
You must create a management user in order to access the web-based management console and remote instances of the management CLI. Execute the script:
$ EAP_HOME/bin/add-user.bat|.sh
and fill in the required information. Make sure to select the option "a) Management User" when offered. I am using the highly unsecure combination of admin/admin as username/password. If you added the user, you can check in your browser if the server is up and running. Redirect your browser to http://localhost:9990/ and login with the admin-user. You will be presented with the revamped admin-console.

New EAP 7 Admin Console

Now it is time to setup your development environment and get you started with a first Java EE 7 application.

Setup The Development Environment
The natural choice for EAP 7 based applications is the JBoss Developer Studio (JBDS). Download the latest version 9.0 from the product pages and install as described there. Start it after installation and go to the "servers tab" to add a new EAP 7 server.

Expand Red Hat JBoss Middleware and choose JBoss Enterprise Application Platform 7.0 (Experimental). Enter a server name, for example, "JBoss EAP 7.0", then click Next to create the JBoss runtime and define the server. The next time you define a new server, this dialog displays a Server runtime environment selection with the new runtime definition. Create a Server Adapter to manage starting and stopping the server. Keep the defaults and click Next. Enter a name, for example "JBoss EAP 7.0 Runtime". Under Home Directory, click Browse and navigate to your JBoss EAP install location. Then click Next.

Create Your First Java EE 7 Application
Now all the bits and pieces are in place and you can start to create your first Java EE 7 application. Right click into the project explorer in JBDS and select "new", select "other", scroll down to Maven and select "New Maven Project". Accept the standards in the next dialogue and type "javaee7" into the filter Select the "com.airhacks.javaee7-essentials-archetype" and click next.

Enter a group- and artifact-id and click "finish". Maven is downloading the archetype and instantiating a project from that template. Expand the project and navigate to the source package com.airhacks and right click. Select "new", "other", "WebServices" and select "JAX-RS Resource". Enter source folder and package and name the resource "HelloResource". Click "Finish". Open the newly created class and change it to this:

package net.eisele;

import javax.enterprise.context.RequestScoped;

public class HelloService {

 public String sayHello(){
  return "{\"name\" : \"Hello\"}";

Last step is to actually deploy and run the application on EAP 7. Right click the project and select "Run As..." and "Run On Server" and select the existing EAP 7 server. You can see, that our demo project is configured in the next dialogue. Click "Finish" and switch to the "Console" view to see the server starting. And as you can see, the demo.war file is also deployed. When you now visit http://localhost:8080/demo/resources with your browser, you see the json output:

{"name" : "Hello"}

Congratulations! That has been your first Java EE 7 example on JBoss EAP 7 ALPHA. Now you might want to check out the quickstarts or the documentation:

Sunday, November 15, 2015

Red Hat JBoss Enterprise Application Platform 7.0 ALPHA released!

16:30 Sunday, November 15, 2015 Posted by Markus Eisele
, , ,
Red Hat JBoss Enterprise Application Platform 7 (JBoss EAP 7) is a middleware platform built on open standards and compliant with the Java Enterprise Edition 7 specification. It integrates WildFly Application Server 10 with high-availability clustering, messaging, distributed caching, and other technologies. The latest JBoss EAP 7.0 Alpha release is now available to download!

JBoss EAP 7.0 Alpha is the product of years of hard work by WildFly 8, 9, 10 community and EAP Engineering teams. Congratulations!

Summary of new features in this release
With JBoss EAP 7, everyone gets what they need to become more productive and efficient.  Whether you are a newbie developer, a veteran Java EE expert, or a staff member on an operations, testing, or administration team, JBoss EAP 7 gives you that extra edge needed to build, deploy, and maintain robust, web-scale, high-impact applications at DevOps speeds.

Java EE 7 Support
JBoss EAP 7.0 implements the Java EE 7 Full Platform and Web Profile standards.
Batch 1.0, JSON-P 1.0, Concurrency 1.0, WebSockets 1.1, JMS 2.0, JPA 2.1, JCA 1.7, JAX-RS 2.0, JAX-WS 2.2, Servlet 3.1, JSF 2.2, JSP 2.3, EL 3.0, CDI 1.1, CDI Extensions, JTA 1.2, Interceptors 1.2, Common Annotations 1.1, Managed Beans 1.0, EJB 3.2, Bean Validation 1.1

Java SE 8
JBoss EAP 7.0 requires Java SE 8 and EAP 7.0 Alpha has been tested with Open JDK 8, Oracle JDK 8 so far.

Highly Scalable Web Server (Undertow)
We have switched the web server and servlet implementation from JBoss Web to Undertow. Undertow is a modern NIO web server that is designed for maximum throughput and scalability. It supports non-blocking and blocking handlers, traditional and asynchronous servlets, and JSR-356 web socket handlers.

Port Reduction
By utilizing HTTP upgrade, EAP 7 has moved nearly all of its protocols to be multiplexed over two ports: a management port (HTTP/JSON Management, HTTP Upgraded Remoting - Native Management & JMX, Web Administration Console), and an application port (HTTP Servlet, JAX-RS, JAX-WS, Web Sockets, HTTP Upgraded Remoting-EJB Invocation-Remote JNDI)

Messaging Consolidation and Backwards Compatibility with EAP 6
EAP 6’s HornetQ codebase was donated to the Apache ActiveMQ project, and the HornetQ community joined to build a next-generation messaging broker. This was materialized in the first major release of the ActiveMQ Artemis project. ActiveMQ Artemis includes many new features, and also retains protocol compatibility with the HornetQ broker. EAP 7 includes this new exciting project as its JMS broker, and due to the protocol compatibility, it fully replaces the HornetQ project.

Offline CLI
In both standalone and domain modes you can now manage the server using CLI commands, without having a running server. This works similar to the admin-only mode, but does not require launching the server, and using a TCP port. Instead the CLI embeds the server and launches it directly in admin-only mode.

IIOP Implementation
We have switched our IIOP implementation from JacORB to a downstream branch of the OpenJDK ORB. This change should lead to better interoperability with the JVM ORB and the Java EE RI

Server Suspend Mode / Graceful Shutdown
The new server suspend mode in EAP 7, once activated rejects new requests but allows old ones to complete. Once the suspension process has completed the server can either be stopped without aborting in-flight transactions, left in suspended state while maintenance is performed, or returned back to running state where new requests are once again allowed. (Excluding JMS and Transactions, Including Web, EJB, EE Concurrency, mod_cluster, Naming)

Built-in Front End Load Balancer (Tech. Preview)
EAP 7 (using Undertow) can now be configured to function as a multi-platform intelligent load balancer, proxying requests to backend EAP 7 nodes using HTTP and AJP/mod_cluster protocols.

New optimized session replication and Single Sign On implementation using Undertow. New/optimized @Stateful EJB caching implementation. HA Singleton Deployments (for failover usecase same as EAP 5 e.g. EJB deployments enabled in one node in cluster) and Singleton MDBs (Technical Preview).

JCA & DataSources
EAP 7 supports a DistributedWorkManager implementation based on the JGroups project, and the JCA connection manager has been enhanced with the lazy connection manager extensions. The data sources and resource adapters subsystems allow setting capacity policies and additional flush strategies as well.

Migration CLI Operations for the discontinued subsystems of EAP 6 Series
To help users migrating from old subsystems in EAP 6 such as jbossweb, jacorb, and hornetq, we have introduced a set of management operations that can convert old configuration over to the new respective subsystem equivalent. Since these operations migrate the underlying management resource model, old CLI scripts or custom provisioning systems can also take advantage of these.

HTTP/2 Server Push (Technical Preview)
Undertow, the web server in WildFly, has added support for the new HTTP/2 standard. HTTP/2 reduces latency by compressing headers and multiplexing many streams over the same TCP connection. It also supports the ability for a server to push resources to the client before it has requested them, leading to faster page loads. Tech. Preview support is provided via a tested 3rd party alpn.jar for http(S) until JDK 9 is released/supported.

Modern Enterprise Web Applications with Server Side JavaScript on JVM (Technical Preview)
EAP 7 now allows you to write server side JavaScripts (using JDK 8 Nashorn capabilities) to quickly develop REST endpoints which can pull in CDI beans, perform JNDI lookups and and invoke JPA Entity Beans.  This capability is provided by Undertow project

The following technologies that are no longer required in Java EE 7 were removed:
  • CMP - JPA offers much more performant and flexible API. 
  • JAX-RPC - JAX-WS offers a much more accurate and complete solution.
  • JSR-88 - Very little adoption. 

Learn More About EAP 7 With The Following Resources
And please keep in mind:  just like with any Alpha release, please anticipate issues. If you find issues, feel free to file them in the corresponding JIRA.

Monday, November 9, 2015

More Java EE from Red Hat Engineers at Devoxx

10:12 Monday, November 9, 2015 Posted by Markus Eisele
, ,
Red Hat At Devoxx - Game Changing DevOps
It is Devoxx Belgium time! Finally. Everything kicks off today with the University Sessions and the conference itself starts tomorrow morning. We're all pretty excited, as this is the major event in Europe. And Red Hat is proud to be a sponsor again this year. We will be onsite with 14 sessions, a booth - with beer, books and more. Visit the Red Hat booth to see OpenShift by Red Hat in action, join the new Red Hat Developers program, get your complimentary copy of my new book - Modern JavaEE Design Patterns (while supplies last), and learn how you can get involved with Red Hat. Did I mention we will have free beer on Tuesday, Wednesday and Thursday at 17:00?
Meet our engineers and talk to us about our products or community projects.

Java EE With Red Hat At Devoxx
One thing I want to highlight in particular are the Java EE sessions and activities by our engineers. We will have five sessions about Java EE and OpenShift (including Docker and Kubernetes) and I highly encourage you to also look at all the other Java EE related activities which have been posted on the Aquarium Blog.

Monday at 17:25 - 17:55 - Room 4
Roland Huß (@ro14nd) will be talking about "Fabric8 - Java developer tools for Kubernetes and OpenShift". This talk gives you an overview about the various components and introduces you to the contained tools which will make your life as a Java developer a lot easier.

Monday at 18:05 - 18:35 - Room 5
Xavier Coulon (@xcoulon) talks about "Docker Tooling for Java EE Developers". In this talk you will get a quick introduction on how to use Docker effectively, especially for Java EE development.

Wednesday at 21:00 - 22:00 - Room BOF1
Dimitris Andreadis (@dandreadis ) will lead the "WildFly Community BOF and V10 update" which is the place to be, where the developer community meets to discuss (over beer!) the present and future of the WildFly Application Server Project (formerly known as the JBoss Application Server) with members of the WildFly Core Development Team.

Thursday at 14:00 – 15:00 - Room 8
Antoine Sabot-Duran (@antoine_sd) talks about "CDI 2.0" The work on JSR 365 (Context and Dependency Injection for Java) started one year ago. Expert group already added interesting features like asynchronous events or Java SE bootstrap. Thanks to early draft and alpha version of CDI 2.0 implementation we can already experiment the future CDI 2.0. In this talk we will show the top new features in CDI 2.0 thru code examples (when possible) and presents expert group serious leads for the end of this first totally open source Java EE specification.

Thursday at 13:25 - 13:30 - Room BOF 1
Jorge Morales Pou is one of the OpenShift evangelists and gives an ignite talk titled "Please Fail".

Wednesday at 12:00 - 13:00 - Room 4
And last but not least, there is another interesting talk about Open Source and how to contribute. Charles Nutter (@headius) will give you a great overview about how to get started and learn about the inner workings of real OSS projects, and learn how to be a better OSS user and producer.

Theft-Proof Java EE - Securing Your Java EE Enterprise Applications

07:27 Monday, November 9, 2015 Posted by Markus Eisele
An overview about the holistic approach to application security
Øredev is just a couple of days away, and I was invited to give two presentations. One of them is about my favorite topic: Security and Java EE. It is designed to fulfill two goals. On the one side to introduce the typical Java EE developer to the overall application security process and main objectives. But also to look at the details about what Java EE has to offer when it comes to typical requirements. Those are two different things and the first has been addressed before in my presentation about "Developer Security Awareness". This talk is meant to do a match between today's security requirements and the features available in the platform as of the Java EE 7 release.

Securing Applications Isn't Just About Secure Code
All the common attacks we've known about for a very long time are still out there, and people still regularly make mistakes regarding them. If you want to write secure Java EE code and use the technology securely, you're on the right track. But there is a lot more to learn and know about securing your applications. There are also people and processes and how they best work together to build a suitable secure system. Derived from practice for use with everyday development such a system can make the Java EE space a little more secure.

Application Security Needs A Holistic Approach
To build a secure Java EE application, a holistic approach to application security is required and security must be applied at all layers and services. Even if everything else beside our own applications typically does not bother developers at all it becomes more important. Last but not least with the advent of DevOps. So, it doesn't hurt to be at least aware of everything that is going on around us. Let's start with the layer the farthest away. Secure applications rely on secure networks first of all. This includes everything from routeres, switches, firewalls or even application level firewalls. They need to be patched and correctly configured. Watch out for standard ports and passwords for admin consoles. Next is the operating system layer. Every part of your applications runs on a separate host eventually (Applicationserver, Database, Message Brokers), so you will have to watch out for latest patches and updates for all of them. But shared filesystems and possibly risky daemon processes are also something to watch out for. When you're done with that it is time to look at the platform services. This is where the JDK base-install fits in but also the application-server. Check policy files and default passwords for remote connections and web-based admin consoles.

From Here On, Application Security Starts 
When the infrastructure is taken care of, we can look into application security. And it is typically divided up into six components: Authentication, Authorization, Auditing, Confidentiality, Integrity, Availability. All those components prevent your system from being exploited. A threat is a potential event that may affect your system. An attack exploits a vulnerability in your system. And ultimately this is what we want to prevent. Always adhere to the best practices for designing secure applications:
  • Compartmentalize
  • Use least privilege
  • Apply defense in depth
  • Do not trust user input
  • heck at the gate
  • Fail securely
  • Secure the weakest link
  • Create secure defaults
  • Reduce your attack surface
Get Started With Java EE Security
Watch the full talk on Vimeo to learn what Java EE has to offer around application security. And make sure to provide feedback in the comments and let me know, if there is anything else, you'd like me to talk about in the future.

Further Reading

Wednesday, November 4, 2015

Promoting Docker Images Across Environments

16:00 Wednesday, November 4, 2015 Posted by Markus Eisele
, , ,
I got off the stage at WJAX in Munch just a couple of minutes ago. And while my co-worker Jan was talking about this amazing customer success story AMADEUS, I had the pleasure to base his thoughts and ideas a bit and talk about how DevOps can be done with OpenShift and Docker Images from a developers perspective.

Microservices and DevOps
If you have hundreds or even more container running in production everything isn't any longer just an operations problem. Not only because everybody is part of the DevOps movement today, but mainly, because we have to build our applications differently if we want to be able to profit from the synergies provided by immutable and stateless containers. The example I was using in the keynote was pretty much the same, that has been used on my blog before. A single WidlFly Swarm JAX-RS service, which does little more than printing out some JSON which contains an environment variable and a timestamp. The thing, that the series was missing is the staging across environments. And while there are some great blogs by Veer Muchandi over at OpenShift, they all assume that you use the OpenShift way of building images and applications.

Let's Stick To Plain Docker
I wanted to show, how easy it is while using plain Docker Images. So, assuming that you have a very straight forward environment setup:
Environment Setup (Dev, QA, Production)
We have a dev environment which the developers use to just push their updated images. And another QA environment where the testers go crazy and probably many others. The example I showed just used the two mentioned. It will be pretty much the same for every other env you add. Let's see how this works with Maven, Docker and OpenShift

I used the fabric8 vagrant image in this case behind the scenes. Only because they always pull in the latest OpenShift builds and I wanted to show the new visualizations that are already in HEAD. So, install vagrant and the OpenShift binaries and fire up the openshift vagrant machine. I tweaked the memory and cpu settings a bit to 8 GB and 4 cores. Make sure to expose the internal Docker Registry as shown in the earlier blogpost. If you set your DOCKER_HOST variable accordingly you can start the walk-through. The recording of the demo gives you the complete show in about 10 minutes. And yes, there's no audio in this one.

The Individual Steps
Sometimes it is easier to just follow the individual steps yourself. Here they are:
Login to OpenShift as admin with password admin
oc login https://vagrant.f8:8443 --insecure-skip-tls-verify=true

Build your Maven based project (maybe just git clone my example and use that)
mvn clean install

Run the Local WildFly Swarm fat-jar
java -jar target/swarm-sample-0.0.1-SNAPSHOT-swarm.jar

Point your browser to http://localhost:8080/api/v1/service and verify everything is working as expected

Before you build the Docker Image from your application, make sure to pull the jboss/base-jdk:8 image. I don't know exactly why, but the plugin seems to have an issue with resolving it.
docker pull jboss/base-jdk:8 

Now build your Docker image
mvn clean install docker:build 

Look at the resulting Dockerfile
cat target/docker/development/swarm-sample/latest/build/Dockerfile

Create a new development project in OpenShift. At this point it doesn't matter, if it is a project in the same instance or another environment. As I was going to demo this locally on my laptop, the decision was easy. Compare Veers post from above, if you want to learn how to stage across physical environments.
oc new-project development --display-name="WildFly Swarm Development Project"

Add rights to view and edit for both users dev1 and test1
oc policy add-role-to-user edit dev1
oc policy add-role-to-user view test1

Create a QA project in OpenShift
oc new-project test --display-name="WildFly Swarm QA Project"

Give the test1 user the edit rights:
oc policy add-role-to-user edit test1

Add roles to system accounts to be able to pull images from QA out of the development environment
 oc policy add-role-to-group system:image-puller system:serviceaccounts:test -n development

Login as dev1 with password dev1 and get your access token
oc login https://vagrant.f8:8443 -u dev1
oc whoami -t

Change the token in the authConfig section of your pom.xml. Now, you're ready to push your WildFly Swarm Docker Image to the OpenShift Docker registry
mvn docker:push

Create an app from the image
oc new-app --docker-image=development/swarm-sample:latest

Expose a route for the newly created route. And make sure to have your hosts file updated with the correct mappings before accessing it via your browser.
oc expose service swarm-sample --hostname=wildfly-swarm.vagrant.f8

Check http://wildfly-swarm.vagrant.f8/api/v1/service and see, if everything works.

Get the OpenShift image streams from the image
oc get is
oc describe is 

Tag a new image from latest to promote
oc tag development/swarm-sample:promote

Login as user test1 with password test1 and switch to the test project
oc login -u test1
oc project test

Create an application from the promoted image
oc new-app development/swarm-sample:promote

Expose the service as a route
oc expose service swarm-sample --hostname=wildfly-swarm-test.vagrant.f8

Check, if you can access: http://wildfly-swarm-test.vagrant.f8/api/v1/service

If you now login as dev1 again, go full development cycle and change the app, build a new image and push it again, you can see, that only the development environment gets updated, while the QA environment still stays on the promoted tag. When developers feel like updating QA again, you can just promote the "new" latest version of the image and the test environment will get updated, too.

Tuesday, November 3, 2015

Red Hat JBoss Engineers about Java EE, Container, Microservices and Testing

10:07 Tuesday, November 3, 2015 Posted by Markus Eisele
, ,
JavaOne has been a blast for all of us. The biggest community gathering for all Java ecosystem enthusiasts. And there's been a lot of networking plus great content. Red Hat had a packed schedule for the mini theater sessions on the booth and I wanted to point you to the available recordings on the Red Hat Developers event page. There's been a great coverage around all recent topics. Especially around Java EE 7, Microservices, Testing, Containers and WildFly Swarm.

This is a perfect match for a little break in-between the next conferences. So, sit back, relax and get a cup of coffee and learn about the latest news in just a couple of short sessions.

Jason Porter (@lightguardjp)
Standardized Extension-Building in Java EE with CDI and JCA

Aslak Knutsen (@aslakknutsen), Alex Soto (@alexsotob) & Bartosz Majsak (@majson)
Taming Microservices Testing with Arquillian

Rafael Benevides (@rafabene) & Markus Eisele (@myfear)
Docker for Java EE Developers

Ken Finnigan (@kenfinnigan)
Java EE 7 Applications as a Microservice with WildFly Swarm

Monday, November 2, 2015

How Would ESBs Look Like, If They Were Done Today?

16:24 Monday, November 2, 2015 Posted by Markus Eisele
, , ,
If They Were Done Today? My JavaOne Presentation
JavaOne 2015 just came to an end and it was a great community event again. I gave two sessions and a HOL with Rafael. One of the sessions actually is my favorite: The talk about how ESBs would look like, if they were done today.

What? ESBs? I thought that is the past?
That is what I usually tend to also say. But, system integration has come a long way, from point-to-point connections between individual systems towards the first integration solutions that helped in standardizing those connections. And in the advent of a much more business-centered design—and the broader shift into more service-oriented organizations—the Enterprise Service Bus (ESB) evolved from a pattern to a variety of products. They all promised to deliver re-usability and ex-changeability by standing up as a centralized and managed infrastructure component. With the next technology evolution—Microservices—the need to manage even more potentially-polyglot and distributed services became overwhelming.

Everybody Microservice-wash Their Solutions?
Vendors have already started to “microservice-wash” their tools and platforms to get your attention. And the segment architecture approach is still too new to give recommendations. For a while, it will still be your responsibility to understand the capabilities you need by doing your own research. Some promising candidates are evolving out of the open-source think tank at this very moment. First and foremost, projects like OpenShift Origin, WildFly Swarm, Fabric8, and APIMan will help you put together most of the puzzle pieces in your microservices-based architecture.

And There Are Some More Thoughts Here
My presentation abstract was: Looking past former hype topics such as enterprise application integration, ESBs, and SOA, the fact is that the need for reliable integration solutions that are manageable and scalable is growing. More devices and datasources, combined with new and upcoming use cases and exciting wearables in a cloudified and heterogeneous infrastructure, require more bits and pieces than just a central ESB with some rules and point-to-point connections. What would that look like? And how can we keep the resultant solutions manageable? Looking forward to your feedback!

Modern Java EE Design Patterns 
And if you're still stuck in Java EE and want to know how to build scalable architectures for sustainable enterprise development, you have to download my latest book. It gives you a complete overview about all the new trends and topics and helps you to check back, if you're still on track.
With the ascent of DevOps, microservices, containers, and cloud-based development platforms, the gap between state-of-the-art solutions and the technology that enterprises typically support has greatly increased. But as Markus Eisele explains in this O’Reilly report, some enterprises are now looking to bridge that gap by building microservice-based architectures on top of Java EE.

Sunday, November 1, 2015

Review: "Arquillian in Action" by Alex Soto and Jason Porter

14:52 Sunday, November 1, 2015 Posted by Markus Eisele
, ,
I got an email from Manning recently and have to admit, that I didn't even know about the book they were asking me to review. And this is a shame in various dimensions. The book is about Arquillian, which is my favorite integration testing framework and it is written by two fellow friends Alex and Jason. Time to take a more detailed look and point my fellow readers to this newest member in the Arquillian Book Club,

Arquillian in Action teaches you how to to build in-container tests using Arquillian. This practical hands-on guide begins with showing you how to find and squash your first bug. You’ll move on to building persistence tests, and then discover how to write tests for front-end and RESTful services. Using carefully-designed examples, the book shows you how to write integration tests for Java EE, Spring, and Docker. Along the way, you’ll also learn how to build functional, infrastructure, performance, and security tests.

Book: Arquillian In Action
Language: English
Paperback: 325 pages
Release Date: MEAP 6/2015, Publication in Spring 2016
ISBN-13: 9781617292897

About The Authors
Alex Soto Bueno (@alexsotob) is a software engineer and is passionate about Java development and the open source software model. He leads the NoSQLUnit project and is a team member and evangelist of Arquillian. He has spread the word of testing at several conferences including Devoxx or GeeCon. Just lately I did an interview with him about the Arquillian Cube Project.
Jason Porter (@lightguardjp) works at Red Hat and has been involved with Arquillian since the early days. He created the first glassfish adapter and laid groundwork for the website. He also has used it extensively while testing Seam 3 and Apache DeltaSpike. I have the pleasure to work with Jason sometimes, because he is a core member behind the new Red Hat Developers Program (

Remind Me About MEAP
A book can take a year or more to write, so how do you learn that hot new technology today? The answer is MEAP, the Manning Early Access Program. In MEAP, you read a book chapter-by-chapter while it's being written and get the final eBook as soon as it's finished. If you pre-order the book, you'll get it long before it's available in stores. The book will be in MEAP for a little longer but a reasonable number of chapters are already there. So, it's a great chance to get your hands on everything as early as possible!

The Content
The first three chapters introduce you to the techniques and technologies used throughout the book. In general the book assumes, that you're comfortable with Java and familiar with the basics behind testing with JUnit and are able to build a project with Apache Maven.
In chapter one you will have your first taste of an Arquillian test. This includes an introduction to Ike the Arquillian Prince, and become acquainted with the three guiding principals of Arquillian.
Chapter two dives into crafting your first test with Arquillian. You'll learn about containers, executing your test both inside the container of your choice and also within the IDE.
Chapter three discusses the core concept of microdeployments, the creating of a small subsection of your application needed to support and run your tests.
The second part of the book details how you test different parts of your application. Part three calls in the heavy artillery to further aid in frontend testing, applications written in Spring, and lastly receiving reports about your coverage and performance. In the final section you'll learn how to test other languages as well as use other testing tools in other languages.

Writing And Style
The personal style of the book makes it very easy and entertaining to read. I felt, as if I've been directly interacting with the authors and the material, they want to teach me. The examples are clear and the illustrations help a lot with the complex and wide topic of integration testing.

Conclusion And Recommendation
A perfect combination of an entry level book about Arquillian and it's core topic integration testing. It scratches the most important parts which you, as a developer, will have to take care of. And the supporting materials, like code and illustrations give you a clear understanding about the main content of the individual chapters. Alex and Jason are great teachers who know a lot about the technologies used by Arquillian and the various extensions. If you want to start with a book about it: This is it!