There are many Java web application frameworks available but what are my alternatives when developing JSR 168 portlets? I found a couple:
Struts
Spring
That's it Sven, I haven't tried JSF portlet bridge, but I have been working with Struts portlet bridge and spring-webmvc-portlet almost 2 years.
this is my own opinion :
I would try to avoid using Struts portlet bridge. It's a dead thing that still exists because some Portals had utilized it and it is still built in them. It's quite old, it serves its purpose, but with something like spring-webmvc-portlet - using it wouldn't be wise. Unless you are Struts enthusiast and you haven't tried Spring-mvc or JSF.
I like the principle how spring portlet environment is integrated into servlet env. There is also everyhing that developer needs already implemented, except few things like
Add multipart request support to portlet resource requests (SPR-7662)
Spring Portlet MVC - Unable to return JSON data from #ResourceMapping (SPR-7344)
With Struts bridge you end up doing tons of low level stuff to hide the fact, that after request hits the Main Portal Servlet, it becomes "portlet request". With Spring you don't care :-) Talking about portals like Liferay, JBoss or uPortal
JSF with a portlet bridge: http://jboss.org/portletbridge
Related
I've started learning Spring Boot coming from a NodeJS/Express background and I'm wondering what's the difference between the server that we create ourselves in an express app that listens on a certain port, and the Tomcat server in a spring application also called a container ? Why can't we do the same in a spring boot application where we create the server ourselves ?
const app = express();
app.listen(3000, () => console.log("Server listening on port 3000"));
Welcome to the Spring Ecosystem. We hope you enjoy your stay!
My first bit of advice, forget everything you know about Express because Spring is very different. I have not used Express in a while, but I remember it had a very programmatic approach. While that is possible in Spring, the most popular approach is declarative with annotations. Or, if you are old and like old technology, you can configure everything with XML.
What's Tomcat? Tomcat is a implementation of various Jakarta EE (formally Java EE) specifications. Depending on the Spring Boot version, you may see packages that start with jakarta or javax. Tomcat implements, Jakarta Servlet, Server Pages, Expression Language, WebSocket, Annotations, and Authentications. You can read more about each specification here. Note: Spring Boot by itself does not necessary use all of these modules and mostly Spring has many abstraction layers on top of them anyway, so you rarely will work with Tomcat directly. Specifically, spring-boot-starter-tomcat is the Spring module that uses Tomcat, and is most often included as a transitive dependency through spring-boot-starter-web.
Now, to answer your question...
Spring Boot Web configures Tomcat for you. You can definitely override this behavior! One basic way is through configuration properties. Anything under server.tomcat. A good IDE should autocomplete and show you the options. You can also change the address and port of the Tomcat server with server.address and server.port. Another popular property developers change is server.error.whitelabel.enabled. They set it to false and provide their own error page. Here is a great example. By the way, Baeldung offers a lot of free Spring tutorials and guides. It is a great place to get started. They also offer paid courses with certifications.
FYI, you do not have to use Tomcat. Read more here.
I am learning Spring using this tutorial. I am unable to get my head around the following excerpt from it:
Spring enables developers to develop enterprise-class applications using POJOs. The benefit of using only POJOs is that you do not need an EJB container product such as an application server but you have the option of using only a robust servlet container such as Tomcat or some commercial product.
In the good old days when application servers only supported EJB 2 it was a nightmare to develop services using EJBs. Each service (e.g. a stateless session bean) required a bunch of interfaces and strange additional methods to work properly (home interface, remote interface, deployment descriptors etc).
In order to run EJBs you need an application server such as Jboss or Glassfish. In order to run servlets you simply need a servlet container such as Tomcat or Jetty which is way more lightweight than an application server.
Spring offers a way of creating simple services as plain POJOs (that can be exposed via servlets). Therefore, to be able to develop services as a POJO was simply a dream come true. Services did not need all the constraining dependencies to the EJB-interfaces and they could be deployed in a lightweight servlet container.
Then came EJB3 which greatly improved life for the Java EE developer. EJBs no longer needed the dependencies for home- and remote-interfaces (at least not via inheritence). A modern EJB 3 service is very similar to a POJO-based service. The main difference is that EJBs still require an application server to be deployed.
Spring Guru Rod Johnson released the book J2EE Development without EJBs which greatly explains how to replace your old J2EE components (such as EJBs) with more lightweight Spring Pojos - good reading!
Read below link which may help you understand meaning of benefit of using POJO :
http://www.javaexperience.com/difference-between-pojo-javabean-ejb/
I want to use spring's dependency injection for now(other core functionalites later maybe) in tomcat application.
I want to set up spring 2.5.5 in tomcat7, But don't have clarity on how to do this.
Specifically I am confused because I don't know whether to use Spring MVC or use just spring in tomcat.
I found this question helpful: Tomcat with Spring, But still didn't get the whole scenario on how to setup tomcat with spring.
You can do either, using just core spring with tomcat is fine. MVC provides additional functionality.
Take a look at the spring source examples on github, and read their docs.
(BTW I thouroughy spring-MVC component - it really saves time developing webapps)
I'm developing a Java EE application (JSF2 + richfaces+ Facelets + Tomcat).
What's the best way to perform authentication when using JSF?
Or should I make my own ?
People usually pick between ( in no specific order) :
JAAS ( wich is Java/Java EE default security framework )
Spring Security
Custom Made Security
I never used Spring Security but the documentation is huge, i gave up trying that once because of time constraint. JAAS have the advantages of being simple and work out of the box with Tomcat.
I've seen custom security built on top of JAAS too.
What you really have to do is figure out what you will especifically need in your application and check wich frameworks suits your needs better.
Without knowing your business needs, if you only need Authentication (User login) i would say JAAS is the most simple way to go as is it not application intrusive and you wont need to add Spring dependencies if you are not already using it.
Go for Spring Security
Here is how to integrate it with JSF
Edit:
http://ocpsoft.com/java/acegi-spring-security-jsf-login-page/
I think that Leonardo answered it correctly, but you could also consider Central Authentication Service(CAS) for enterprise wide security. It is a little more complex to configure, but the benefits are tremendous. It also supports an enormous number of out of the box authentication mechanisms from LDAP to NTLM. CAS also provides extension for custom authentication.
If you choose to use Java EE containers, and wish to use form based authentication, I have published a couple of examples for use with JSF 1.2 and 2.0 and j_security_check
JSF 1.2 Facelets Form Based Authentication (j_security_check)
JSF 2.x Facelets Form Based Authentication (j_security_check)
In addition, the Servlet 3.0 API provides login and authentication based on the container via the HttpServletRequest API.
JBoss Seam integrates EJB 3, Facelets, JSF, and hibernate really nicely. Also provides validation of data and some security stuff too. If you use it for all its features, it is really sweet. If you try to pick and choose only certain things out of it, then it is still cool, but you have a few work arounds. But I've been impressed with what I've seen of Seam so far.
Apart from the mentioned frameworks there's also Seam Security which integrates nicely with CDI through an Extension.
You can try Apache Shiro, which gives authentication, authorization and many other.
For simple authentication , a very simple approach is to check for valid user object in the template using JSTL, and show the login form if not.
for exmaple , assume your template is webapp/WEB-INF/templates/default.xhtml , inside the template:
<html...>
.
.
<h:body>
<c:if test="#{mbSecurity.validUser}">
.
. authenticated template sections goes here
.
</c:if>
<c:if test="#{not mbSecurity.validUser}">
<ui:include src="/WEB-INF/inc/login-form.xhtml" />
</c:if>
</h:body>
</html>
Advantages: Zero dependencies & zero-configurations, also if the session is expired, after the login, the user will back to the original page which he was in .
On the Tomcat FAQ it says: "Tomcat is not an EJB server. Tomcat is not a full J2EE server."
But if I:
use Spring to supply an application context
annotate my entities with JPA
annotations (and use Hibernate as a
JPA provider)
configure C3P0 as a connection pooling data
source
annotate my service methods
with #Transactional (and use Atomikos
as JTA provider)
Use JAXB for marshalling and unmarshalling
and possibly add my own JNDI capability
then don't I effectively have a Java EE application server? And then aren't my beans EJBs? Or is there some other defining characteristic?
What is it that a Java EE compliant app server gives you that you can't easily/readily get from Tomcat with some 3rd party subsystems?
EJBs are JavaEE components that conform to the javax.ejb API.
JavaEE is a collection of APIs, you don't need to use all of them.
Tomcat is a "partial" JavaEE server, in that it only implements some of the JavaEE APIs, such as Servlets and JNDI. It doesn't implement e.g. EJB and JMS, so it's not a full JavaEE implementation.
If you added some additional bits and pieces (e.g. OpenEJB, HornetQ), you'd add the missing parts, and you'd end up with a full JavaEE server. But out of the box, Tomcat isn't that, and doesn't try to be.
But if I add (...) then don't I effectively have a Java EE application server? And then aren't my beans EJBs? Or is there some other defining characteristic?
No, you don't have a Java EE application server, a full-fledged Java EE application server is more than Tomcat + Spring + a standalone Transaction Manager. And even if you add a JMS provider and an EJB container, you still won't have a Java EE server. The glue between all parts is IMO important and is part of the added value of a Java EE container.
Regarding EJBs, the EJB specification is much more than JPA and specifices also Session Beans and Message Driven Beans (actually, I don't really consider JPA Entities as EJBs even if JPA is part of the EJB 3.0 specification in Java EE 5 for historical reasons - which is not true anymore in Java EE 6, JPA 2.0 and EJB 3.1 are separate specifications).
I should also mention that a Spring bean annotated with #Transactional is not equivalent to a Session Bean. A Java EE container can do more things with Session Beans (see below). You may not need them though but still, they are not strictly equivalent.
Last thing, Java EE containers implement a standard, the Spring container does not, it is proprietary.
What is it that a Java EE compliant app server gives you that you can't easily/readily get from Tomcat with some 3rd party subsystems?
As I said, I think that the "glue" is a part of the added value and highly contributes to the robustness of the whole. Then, ewernli's answer underlined very well what is difficult to achieve. I'd just add:
Clustering and Fail-over (to achieve fault-tolerance)
Administration facilities
Yes, a good Java EE server will do pretty neat things to improve fault tolerance (clustering of connection pools, JNDI tree, JMS destinations, automatic retry with idempotent beans, smart EJB clients, transaction recovery, migration of services, etc). For "mission critical" applications - the vast majority are not - this is important. And in such cases, libraries on top of the Servlet API are IMO not a replacement.
1) You're confusing JPA entities with EJBs. While JPA belongs to the EJB3 specification, it was always meant to be a standalone technology.
2) EJBs are: stateless beans, stateful beans and message driven beans. While each of these functionalities can easily be achieved using spring, spring just does not use this terminology. In Spring, you don't have POJO + "magic" as in EJBs, in Spring it's POJO + your own configuration (which sometimes feels like magic, too). The main difference is that spring does more and the application server does less, which is why a spring app is happy with a tomcat while an ejb3 app needs a 'real' application server.
In my opinion, 90% of applications can be deployed using spring + tomcat, ejb3 is rarely needed.
Indeed, if you put enough effort you can almost turn Tomcat/Spring into a full-fledged heavyweight application server :) You could even embed a portable EJB3 container...
What is it that a Java EE compliant app
server gives you that you can't
easily/readily get from Tomcat with
some 3rd party subsystems?
There are still a few features that are hard to get with 3rd party modules:
stateful session beans (SFSB)
extended persistence context
application client container / java web start
clustering depending on the app. server
CORBA interoperability
JCA integration ~
remoting ~
container-managed transactions ~
decent management of distributed transactions (e.g. recover heuristic tx)
Entries with ~ are also supported by Spring, but not so trivially, at least to my best knowledge.
A few more details in this answer: EJB vs Spring
Outside of the strict definition of what is and isn't an EJB, you're adding a lot of stuff to Tomcat. Even if what you have is an EJB server, it's not really plain Tomcat anymore.
The FAQ is correct: Tomcat is not an EJB server. However, it can be that or many other things if you pile on enough extra libraries and code.
An EJB implementation would be a bean written and packaged to run on any compliant EJB server. If you do what you describe, it may work, but it won't be portable to another vendor's application server.
So EJB is a standard that adheres to a specific specification and is therefore portable.
In practice many EJB's are not fully compliant or application server neutral. However, in the main they are, so the small incompatibilities would be much easier to fix if you changed application server vendors than attempting to move the architecture you described to a GlassFish, JBoss or Weblogic server.
EDIT: In response to your comment you would not have an EJB appropriately annotated and/or configured via XML in such a way that code that accessed it in EJB compliant ways would be able to use it without changes.
There are two angles to your comment. One is what functionality would you lose deploying on a JBoss or any of the others instead of Tomcat? Likely nothing, if you brought along all of the frameworks you relied on. However, if you wanted to move your code to Weblogic, for example, to use some of its features, then your code would need some likely significant changes to keep up.
I am not saying that you cannot replicate all EJB functionality (certainly the subset you care about) via other means, just that it is not the spec, and therefore not implementation independent.
then don't I effectively have a Java EE
application server? And then aren't my
beans EJB's? Or is there some other
defining characteristic?
Quick answer EJBs actually have to follow a Java EE specification. Tomcat is a Java EE container not an app server.
What is it that a Java EE compliant app
server gives you that you can't
easily/readily get from Tomcat with
some 3rd party subsystems?
Quick answer to your second question. In your case most likely nothing.
EJBs tend to be really heavy objects and people ended up using them to solve problems when they were essentially overkill. Frameworks like Spring were created to solve those problems without using EJBs. I think the first book where Spring was introduced was even called "J2EE development without EJB."