J2EE Applications and BEA WebLogic Servers

The authors start by introducing BEA WebLogic and walking through deploying it. Next, you'll learn practical techniques for designing robust, high-performance J2EE applications with WebLogic; building presentation logic with WebLogic servlets and JavaServer Pages; accessing databases with JDBC; implementing transactions; and more. The accompanying CD-ROM includes all code from the book, including a complete WebAuction application, as well as a complete evaluation version of the latest version of the BEA WebLogic server.

For all Java developers interested in building J2EE applications with BEA WebLogic application servers. No experience with WebLogic or J2EE is required.

Contents

Foreword

Preface

1: Introduction

What Is BEA WebLogic Server?

WebLogic Server Overview

The Container-Component Model

WebLogic Server Strengths: Component Support and Scalability

How to Use this Book

Road Map

Summaries

System Requirements

Supported Platforms

Software on the CD-ROM

Versions Supported

Conventions

2: Overview of J2EE Technologies

WebLogic Server and J2EE

J2EE Technologies Covered in this Book

Presentation Logic

Java Servlets

JavaServer Pages (JSPs)

WebLogic Server JavaBeans and Tag Libraries

Database and Transaction Support

Java Database Connectivity (JDBC)

Java Transaction API (JTA) Support

Object Registry and Remote Method Invocation (RMI)

Java Naming and Directory Interface (JNDI)

Remote Method Invocation (RMI)

Enterprise JavaBeans (EJBs)

WebLogic Server Entity EJBs

WebLogic Server Session EJBs

WebLogic Server Message-Driven Beans

Java Message Service (JMS)

JavaMail

Security

WebLogic Server's Distributed Deployment Support

About WebAuction

WebAuction Application Technology Requirements

3: Building Presentation Logic with WebLogic Server Servlets

Introducing WebLogic Server Servlets

WebLogic Server Servlets Handle HTTP Requests

Generic Servlets

How Servlets Are Used

WebLogic Server JavaServer Pages (JSPs)

Servlets or JSPs?

Developing Servlets

Anatomy of a Servlet

A Basic Servlet

About the Packaging and Deployment Process

About Web Applications (.war Files)

The Lifecycle of a Servlet

Handling Basic Servlet Requests

Generating the Servlet Response

Using Default Methods to Handle Web Forms

Servlets and Web Sessions

Conventional Methods for Session Tracking Are Difficult

The Servlet Specification to the Rescue

The Scope of a Session

Sessions and Servlets Example

Baking Your Own Cookies

Dealing with Users

Creating a Cookie

URL Rewriting

Custom Cookies for Personalization

Long-Term CookieServlet Example

The Web Application Package

About Web Applications

Web Application Overview

Web Archive Organization

Using Servlets with WebLogic Server Clustering

Persisting Session Information

Session Protection Performance Implications

Choosing the Right Level of Protection

Special Considerations for In-Memory Replication

Best Practices for Servlets

Be Smart About Session State

Don't Close/Terminate the Response Stream

Always Activate URL Rewriting

Session Objects Are Not Appropriate for Long-Term Data

Keep Scalability in Mind

4: Using WebLogic Server JavaServer Pages

About WebLogic Server JSPs

Why JSP?

Integrating Java Code with JSP

JSP Basics

Anatomy of a JSP

A Basic JSP Example

Running the Basic JSP Example in WebLogic Server

The Lifecycle of a JSP

Initialization

Loading and Instantiation

End of Service

JSP Page Elements

JSP Directives

Page Directives

Implicit Objects and Scripting Elements

Actions

Using Java Beans with JSPs

JSP Tags for Using Beans

Building a JavaBean into a JSP

Using JavaBean Properties

Custom Tag Libraries

Using Custom Tag Libraries in JSP

Error Pages, Comments, and Deployment Descriptors

JSP Error Page

JSP Comments

JSP Deployment Descriptor Options

Using Servlets and JSPs Together: Model View Controller

MVC Components

MVC in Web Applications

MVC Applicability

Best Practices for Debugging and Developing JSPs

Create Scripts to Take Advantage of Automatic Deployment

Base Your Development on Templates

Be Careful About Capitalization and Spacing

Turn on the Debugging Messages Using the Console

Best Practices for JSPs

Keep in Mind that JSPs Are Just Specialized Servlets

Encapsulate Complex Data and Logic in JavaBeans and Custom Tag Libraries

Always Activate and Use URL Rewriting

Use JSP Error Pages

JSPs in the WebAuction Application

browseitems.jsp

ItemBean JavaBean

Browsing the WebAuction Code

5: Using Databases and Transactions with JDBC and JTA

WebLogic Server JDBC

Why JDBC?

JDBC Drivers

Using JDBC to Read Data

Using JDBC to Update the Database

Transactions

Using the JTA Driver

WebLogic Server Multi-Database Transaction Services: JTA, XA, and 2PC

Complete WebLogic Server JTA Example

WebLogic Server and Distributed Transactions

Distributed Transactions and Standards

Using XA-Compliant Resources and JTA

Transaction Isolation Levels

Prepared Statements

Error Handling and SQL Warnings

Handling SQLException Errors

Handling SQL Warnings

Metadata

Using Metadata

Advanced Features

BLOBs and CLOBs

Best Practices for JDBC

Make Your Queries as Smart as Possible

Tune the Database

Put Initialization Code in init()

Get Your JDBC Connection from a TxDataSource or the JTS Driver

Use Batch Updates

Do In-Place Updates Where Possible

Use the Appropriate Method to Get a JDBC Connection Object

Release the JDBC Resources Appropriately

Use Autocommit Appropriately

Don't Hang onto JDBC Connections

Work in the Database If You Can

Commit or Roll Back Your Transactions as Soon as Possible

Set Your Pool Size Appropriately

Do Not Have Your Transactions Span User Input

JDBC and Transactions in the WebAuction Application

6: Remote Method Invocation and Distributed Naming

Remote Method Invocation

Using the Remote Interface

The RMI Programming Model

Serialization

The Serializable Interface

The Remote Interface

Hand-Coding Serialization

Using RMI in Distributed Applications

Handling the Unreliable Network

Performance Implications of Cross-Network Method Calls

WebLogic RMI Optimizations

JNDI: Java's Naming Service

Using JNDI

JNDI, Security, and Identity

JNDI and Clustering

Replicated Naming Service

Understanding Conflicts in the JNDI tree

Clustered JNDI with Replicated Bindings

Clustered JNDI with Nonreplicated Bindings

JNDI Best Practices

Local Caching

Using JNDI Effectively to Increase Performance

Minimizing Frequency of Updates

Conclusion

7: Enterprise Messaging with the Java Message Service (JMS)

Benefits of JMS

Interprocess Communication

JMS Fundamentals

Connection Factories

Sample JMS Queue Producer/Consumer

Configuring JMS

Sample JMS Queue Producer/Consumer

Running the Queue Example

Sample JMS Topic Producer/Consumer

Message Producer

Synchronous Message Consumer

Asynchronous Message Consumer

Running the Topic Example

JMS Messages

JMS Header

Message Properties

Message Types

JMS Message Types

Reusing Message Objects

JMS Delivery Modes

Synchronous vs Asynchronous Receivers

Message Selectors

Durable JMS Subscriptions

Using Temporary Destinations

Message Acknowledgment

Which Acknowledgment Mode Is Right for Your Application?

JMS and Transactions

Using Transacted Sessions

Using JTA Transactions with JMS

Clustering JMS

Exception Listeners

Using Multicast JMS

Configuration Changes for Multicast JMS

Using Multicast JMS Sessions

JMS Best Practices

Avoid Unneeded Features

Selection Performance Costs

Using Asynchronous Message Consumers Where Possible

Prefer JTA Transactions to Transacted Sessions

JMS Transactions and Error Handling

Conclusion

8: Using Session Enterprise JavaBeans

Enterprise JavaBeans Overview

Basics of EJBs

Session Beans

Entity Beans

Message-Driven Beans

Stateless Session EJB Example: HelloWorld

Building the EJB Jar File

Writing a Simple EJB Client

The EJB Container

Stateless Session EJBs

Stateless Programming Model

Stateless Session Bean Clustering

Using Member Variables with Stateless Session Beans

Stateful Session EJBs

The Stateful Programming Model

Stateful Session EJB Lifecycle

Stateful Session EJBs and Clustering

Stateful Session Beans and Concurrency

Using Transactions with Session Beans

Container-Managed Transactions

Bean-Managed Transactions

EJB Security

Assigning Security Roles in the EJB Deployment Descriptors

Using Programmatic Security with EJBs

EJB Environment

Declaring Environment Variables

EJB References

Declaring EJB References

Resource Manager References

Declaring Resource Manager References

Resource Reference Advantages

Handles

HomeHandles

Cars Example

Running the Example

Best Practices

Coding Business Interfaces

Tips for Transactions

When Not to Use Stateful Session Beans

Best Practices for EJB Security

Conclusion

9: Entity EJBs

Rationale for Entity EJBs

Entity Bean Basics

Entity Bean Components

Activation and Passivation

Home Methods and Business Methods

CMP Entity Bean Example

Container-Managed Fields

Student CMP Example

CMP

ejbCreate

ejbRemove

ejbLoad

ejbStore

Finders

ejbPostCreate

Container-Managed Entity Bean Lifecycle

Anonymous Instances

Identified Instances

Reading and Writing the Database

Introduction to CMRs

Unidirectional and Bidirectional Relationships

CMR Example

Creating the Database Tables

Mapping CMP Entity Beans to the Database

Running the Example

Writing EJB-QL for CMP Finders

CMR Programming Restrictions

BMP Entity Beans

Writing the Student BMP Entity EJB

Writing the BMP Bean Class

Best Practices for BMP Entity EJBs

Advanced Topics for Writing Entity EJBs

How to Write a Primary Key Class

Implementing hashCode

Implementing equals

Entity Bean Inheritance and Polymorphism

Inheritance Restrictions

Design Patterns for Inheritance and Polymorphism

Entity Beans and Locking

Database Concurrency

EJB Container Concurrency

Choosing a Database Concurrency Strategy

Optimizing Data Access Calls

Optimizing CMP Entity Beans

Using Read-Only Entity Beans

Designing Read-Mostly Entity Beans

Session Beans as a Wrapper for Entity Beans

Using Java Beans as Value Objects

BMP vs CMP

CMP Design Advantages

CMP Performance Advantages

Combining CMP and BMP

Stateless Session Beans vs Entity EJBs

Conclusion

10: Using Message-Driven EJBs

Message-Driven EJB Basics

Message-Driven EJB Lifecycle

Message-Driven EJB Example

MessagePrinterBean Class

Writing Deployment Descriptors for Message-Driven EJBs

Message-Driven Beans and Concurrency

Parallel Message Dispatch

Setting max-beans-in-freepool for Message-Driven EJBs

Message Ordering

Specifying a JMS Connection Factory

Using Transactions with Message-Driven Beans

Required Transaction Attribute

NotSupported Transaction Attribute

Bean-Managed Transactions

Error Handling with the Required Transaction Attribute

Message Acknowledgment

New Customer Example

Building and Running the Example

Message-Driven EJB Advantages

Using JTA Transactions with an Asynchronous Consumer

Parallel Message Processing

Simple and Standards-Based

Conclusion

11: Interfacing with Internet Mail Using WebLogic Server JavaMail

About Email

About Simple Mail Transport Protocol (SMTP)

Mail Retrieval Protocols (POP3, IMAP)

About JavaMail

The Session Class

The Message Class

The Transport Class

Mapping to Internet Addresses

Using JavaMail to Send Simple Email

Deploying MailSender.jsp

Adding Email Capability to the WebAuction Application

Where to Find More Information on JavaMail and Internet Mail

JavaMail Best Practices

Using JavaMail to Confirm Email Addresses

12: Developing Security with WebLogic Server JNDI and JAAS

Security Technology Overview

Users and Groups

Roles and Principals

J2EE Security Programming Models

Authentication

Secure Sockets Layer (SSL)

Authorization

WebLogic Server Security Realms

Creating Secure Web Applications

Declarative Security in Web Applications

Developing Form-Based Authentication

Programming to the Caching Realm in Web Applications

The Realm API

Getting an Instance of the Realm

Adding and Retrieving Users in the Realm

Adding a User to a Group

Adding and Removing Groups

NewUser.jsp Example 495 Deploying a Realm API Authentication Example Using the RDBMS Realm

Developing Browser-Based Authentication

Specifying Deployment Descriptor Web Authorization Methods

Programmatic Security in Web Applications

Programmatic Security API

Programmatic Security Example

Developing Secure Application Clients

Why Two Security Services?

WebLogic Server JAAS Authentication

Using JAAS for Application Client Security

Writing JAAS Authentication Code

Using WebLogic Server JAAS Authentication

JAAS-Secured Application Client: Implementation Notes

Using WebLogic Server JNDI for Application Client Security

WebLogic Server JNDI-Based Authentication

Example: Secure Application Client Using EJB

weblogic-ejb-jar.xml

SecureBean.java 522 Deploying the Secured EJB Client

About WebLogic SSL

Symmetric Key Encryption

Digital Certificates

Certificate Authorities

Notes on SSL Encryption

WebLogic Server SSL Usage Scenarios

Web Clients: Using SSL Security

SSL Security Example

Application Clients: Using SSL Security

WebLogic Server Security Best Practices

Putting It All Together

Securing the WebAuction Application

13: Designing the Production Deployment

Designing for Deployment

WebLogic Deployment Scenarios: Case Studies

Types of Client Software

Web Deployments: A Standard Configuration

Web Deployment Scenario #1: Commercial Web Server

Scenario #2: Using WebLogic Server as the Web Server

Using a DMZ and Firewalls in a Web Deployment

Firewalls

Integrating Web Deployments with Data Stores

Using WebLogic Server Clustering in a Web Deployment

Configuring Hardware for a Clustered Web Deployment

Clustering on a Multi-CPU Server

Hardware Specifics for Clustering

Web Application Deployment Details

Co-located Front- and Back-End Services

Web Services in the DMZ; EJB Outside

Using WebLogic Server as the Web Server

Application Deployments

Typical Application Deployment Architecture

Security Considerations in an Application Deployment

Recommended Application Deployment Architecture

Mixed Deployments

Simple Mixed Deployment Architectures

Using WebLogic Server Clustering in a Mixed Deployment

Security Considerations in a Mixed Deployment

Recommended Mixed Deployment Architecture

Application Deployment Process

Infrastructure Components in Application Deployment

Stages in Application Deployment

Best Practices for Deploying WebLogic Server

Design for Security

Test and Stage Your Application

Don't Get Too Creative

Minimize the Number of Moving Parts

14: The WebAuction Application

Application Architecture and Design: WebAuction

WebAuction Design Goals

WebAuction Subsystems

WebAuction Interfaces

Separating the Web and Business Logic Tiers

Accessing Server-Side Business Logic from JSP Pages

JavaBeans in the Presentation Layer

The Tag Library-to-Business Logic Interface

Utility Methods

WebAuction Security

Authenticating Users

Creating New User Accounts

Business Logic Design

WebAuction Stateless Session Bean

Transaction Flow

Entity Bean Relationships

Changes Required for a Production Application

Limiting Query Results

Unique ID Generation

Internationalizing WebAuction

Database Tuning

Assembling the Application Components: WebAuction

About Enterprise Archives

Enterprise Archive Organization

Writing application.xml

Packaging the Enterprise Archive (.ear)

Quick Deployment of the WebAuction Application

Deploying the WebAuction Application: In Detail

Deploying the WebAuction on Another Database

Testing the WebAuction Application

Functional Testing

Stress and Performance Testing

Understanding ExecuteThreads

15: Capacity Planning for the WebLogic Server

Analysis of Capacity Planning

Factors Affecting Capacity

Methodology and Metrics for Capacity Planning

Setting Capacity Goals

Server Hardware Capacity Planning

A Baseline Capacity Profile

LAN Infrastructure Capacity Planning

External Connectivity Capacity Planning

Capacity Planning Best Practices

Index