1 / 131

J2EE Architecture, System Qualities and Design Patterns Enterprise Java Architect Sun Java Center

J2EE Architecture, System Qualities and Design Patterns Enterprise Java Architect Sun Java Center Yanchou.Han@sun.com. Agenda. J2EE Architecture Fundamentals J2EE system Qualities J2EE Design Pattern. What is J2EE TM ?. Built on Java TM 2 SDK

Download Presentation

J2EE Architecture, System Qualities and Design Patterns Enterprise Java Architect Sun Java Center

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. J2EE Architecture, System Qualities and Design Patterns Enterprise Java Architect Sun Java Center Yanchou.Han@sun.com

  2. Agenda • J2EE Architecture Fundamentals • J2EE system Qualities • J2EE Design Pattern

  3. What is J2EETM? • Built on JavaTM 2 SDK • J2EE is component based application Framework • J2EE specifies a set of API for Enterprise Development • J2EE platform provides a set of Services • Development, Deployment, and Management • J2EE specifies Distributed, Server-Centric Applications Architecture Blueprint

  4. J2EE Platform Architecture

  5. Component Based Framework • ComponentA component is an application level software unit.The J2EE platform supports the following types of components: Applets, Application clients, EJB and Web components (in addition to J2SE) • ContainerAll J2EE components depend on the runtime support of a system-level entity called a container. Containers provide components with services such as life cycle management, security, deployment, and Transaction

  6. J2EE API • Database: JDBC • Directory:JNDI • Transaction JTA,JTS • Mail: Java Mail • Messaging: JMS • Communication: RMI • Server-Side Component: EJB • Presentation-Side: Servlet, JSP • Legacy Connector: Connector

  7. Deployment Services • J2EE deployment services allow components and applications to be customized at the time they are packaged and deployed. • A J2EE application consists of one or more J2EE modules and one J2EE application deployment descriptor (EAR file) • A J2EE module consists of one or more J2EE components and one deployment descriptor of that component type.

  8. Transaction Services • The J2EE platform handles many transaction details, such as propagating and coordinating among multiple transaction managers. • Web components are not designed to be transactional (can demarcate). • Transactions are propagated from a Web component to an enterprise bean only when the Web component starts the transaction.

  9. Security Services • Authentication--An entity must establish its identity through authentication. It typically does so by providing authentication data • Authorization--When an authenticated principal tries to access a resource, the system determines whether the principal is authorized to do so based on the security policies in force in the application's security policy domain.

  10. J2EE App Architecture BluePrint

  11. Agenda • J2EE Architecture Fundamentals • J2EE System Qualities • J2EE Design Pattern

  12. Qualities of J2EE Architecture • Scalability – Scalability relates to the ability for an e-commerce site to add capacity and thus add users over time. Scalability will usually require the addition of resources, but scalability should not require changes in the architecture, code to scale. • Reliability —System reliability describes the likelihood of any component failures. • Availability —The percentage of time that the system is available for use.

  13. Qualities of J2EE System • Maintainability –How easy it is to monitor, upgrade and configure a system. • Securibility – Includes the levels of authentication, authorization, audibility supported. • Performance - relates both to the specific performance metrics (e.g., responsiveness, latency) and the users expectations about performance.

  14. Scalability • Bigger Boxes – Provides More capability. • Pipeline – Applies more processing power during a unit of time. • Load Banancing Router- Handles all requests and distributes them among the replicated servers

  15. Availability and Reliability • Better Boxes – Ensure that an appropriate level of reliability and availability is provided from the hardware • Cluster - Involves the provision of ensembles of hardware resources, externally visible as a single resource, no noticeable loss of service is experienced.

  16. Maintainability • Thin Client or Fat client with web start – Enables access devices to be treated as disposable assets entirely in the control of the end user. • Wrappering – Provides external systems and software with nonstandard interfaces with given standardized interfaces that conform to the rest of the system being built • Centralized control, configuration and management

  17. Performance - General Procedure • Understand Application Architecture • Replicate Runtime Production Environment • Establish Meaningful Metrics • Execute Steps to Isolate Bottlenecks • Review Data Gathered in Metrics and Take Corrective Action • Create a Report Describing Findings and Lessons Learned

  18. Application Performance tuning • Keep your servlet session object small • Reuse session EJB handler • Reuse all datasource Object • Use DB Connection Pool • Turn off all “System.out.print()” • Always use PrepareStatement for JDBC • Avoid Memory Leak in Collection Object

  19. Application Performance tuning • Avoid Type Casting • Avoid Use of Reflection • Use the right type JDBC Connector • Use coarse granularity Object if networking involves • Always minimize the web response size • Always set the response size if possible

  20. Platform parameter tuning • Http – Keep Alive • TCP/IP – wait_Time_Interval • Different Encoding schema between Application and platform • Native IO driver instead pure Java Drive • Thread Model – Native Thread, alternative thread lib(solaris) • Data Source Pool size

  21. VM Performance Tuning • How garbage collection works • Hotspot VM tuning

  22. How Garbage collection works? • Young Generation Eden, SurvivorX2 space • Old Generation perm

  23. Object migration thru ‘Spaces’ • When an Object is first created, it is allocated in the Eden Space • When Eden space fills up, a garbage collection occurs (GC). • Objects that are reachable are copied to one of survivor space • If survivor space fills up, a Full GC occurs. A Full GC will tenure Objects from survivor to the perm space, collect all unreachable objects in the perm space, Eden space and survivor space. Then do what GC will do.

  24. How to observe Garbage Collector? • Use the VM command line switch -verbose:gc • IMPORTANT: All threads in the JVM block while garbage collection is running. Example output: • [GC 1868K->1445K(1984K), 0.0049082 secs] • [GC 1957K->1506K(1984K), 0.0041218 secs] • [Full GC 2018K->1218K(2608K), 0.1059716 secs]

  25. HotSpot VM Tuning • Unless you have problems with pauses, try granting as much memory as possible to the JVM.  The default size 64MB is too small for server side application • Set the maximum heap size to 25% larger than the largest amount memory used by the application under a load test. • set minimum and maximum heap sizes to the same • Set young generation 25% of the max heap. • Always use –server as first arguments for Server side application

  26. Security • Client tier Security • Communication Security • J2EE Security Services

  27. Thin Client tier Security • HTML hidden variables – Don’t use hidden variables to keep sensitive information • Parameter Tampering – Parameters sent to the server can be tampered legal clients • Client side user validation – Only for performance and user friendly. Server side app should never trust the client side user validation • GET vs. Post – Always use Post • Cookies – Cookie can be used to track the client activities, the content of Cookie can be exposed to the third party

  28. Communication Security • Authentication – Establishes the identity between the client and the server side • Authorization – Determine what the authenticated identity can do • Confidentiality-Message is only read by intended recipient • Integrity - Message sent is the message received • Nonrepudiation – Provides a way to prove that certain principal sent or received a particular message

  29. J2EE Security - GOAL • Supports security application deployments without relying on private networks environments. • Minimizes the application developer’s responsibility and delegate the responsibility to the more qualified security administrator • Be policy driven and requires no application code

  30. How to get J2EE Security Services? • Defines Security Identity using deployment tools • Defines Authentication policy in web.xml • Defines Authorization Policy for Web Tier in web.xml • Defines Authorization Policy for EJB Tier in ejb-jar.xml

  31. J2EE security Identity • User – Legal identity that is allowed to access system. • Group – Global Categories of users for enterprise • Role - An application specific type of group defined by application assembler.

  32. J2EE security identity (cont.)

  33. J2EE Authentication • HTTP Basic Authentication – Web server authenticate user by ID and Password • Form-based Authentication – Servlet Engine authenticate user by ID and password and store security context in Cookie and server container. Key tech to single sign-on and declarative security • Customize Basic Authentication – Application programmatically authenticate user ID and Password • Client-certificate Authentication – Authenticate client side by client certificate

  34. WEB Tier Authorization Policy Sample <security-constraint id=“supervisor"> <web-resource-collection id=“Super_Res_1"> <web-resource-name> Super_Res</web-resource-name> <url-pattern>/Supervisor</url-pattern> <url-pattern>/Manager</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint id="AuthConstraint_1"> <description>ManagerSecuirty</description> <role-name>supervisor</role-name> </auth-constraint> </security-constraint>

  35. EJB Tier Authorization Example

  36. Declarative Security • Containers intercept requests/method invocations, enforce security policy • Access security policy is declared at deployment • Not embedded in code • Flexible, just change and redeploy

  37. Programmatic Security • Programmatic Security • For custom security functionality not provided by declarative security • Determine the principle associated with a request • HttpServletRequest.getUserPrinciple() • EJBContext.getCallerPrinciple() • Determine if the caller/user is in the specified role • HttpServletRequest.isUserInRole() • EJBContext.isCallerInRole()

  38. Case Study • Web Page: Search by Transaction Number Transaction: • Server Object create SQL as: Select * from tranTable where tranID=123456 ; 123456

  39. Case Study (Cont.) • Web Page: Search by Transaction Number Transaction: • Server Object create SQL as: Select * from tranTbl where transactionID=123456 ; Drop Table TranTbl; 123456;drop table tranTbl;

  40. Agenda • J2EE Architecture Fundamentals • J2EE System Qualities • J2EE Design Pattern

  41. What are Patterns? • Patterns are about communicating problems and solutions • Recurring problems within a context • Expert solutions

  42. J2EETM Design Patterns • Based on experience in SJC • Collection of best practices

  43. J2EE Patterns Partitioning • Presentation Tier • a.k.a. Web Tier • Building application's presentation • Business Tier • a.k.a. Enterprise JavaBeansTM (EJB TM) Tier • Contains business logic • Business processing and data access • Integration Tier • a.k.a. EIS Tier • Integration of J2EE code with legacy systems / applications

  44. Presentation-Tier Patterns • Intercepting Filter <---- • Front Controller • View Helper • Composite View • Dispatcher View • Service To Worker

  45. Intercepting Filter • Problem: • Preprocessing and post-processing of a client web request and response are required • Forces: • Centralization of common logic • Processing components should be easily added and removed

  46. Intercepting Filter : Solution When a request enters a Web application, it often must pass several entrance tests prior to the main processing stage. For example: • Has the client been authenticated? • Does the client have a valid session? • Does the request path violate any constraints? • What encoding does the client use to send the data? • Do we support the browser type of the client?

  47. Intercepting Filter : Class Diagram

  48. Presentation-Tier Patterns • InterceptingFilter • Front Controller <---- • View Helper • Composite View • Dispatcher View • Service To Worker

  49. Front Controller Pattern • Problem: • There is no centralized access point for presentation request handling • Forces • There is common processing that is performed across requests. • Common logic is duplicated in numerous views • Need to perform • Request handling • Data access • View management • Navigation and Dispatch

More Related