Adam Bien's Weblog

Productive Java EE 7 on Java 8 At Commerzbank

Timo, could you please introduce yourself. What is your Java background?

I'm a Java Developer at Commerzbank AG, Luxembourg. I've been working with java since J2SE 1.2 in 1999 and since 2001 with J2EE 1.3 (mainly in the web-technology area). The Commerzbank IT division in Luxembourg is a service provider for the bank's internal information and communication technology in central Europe.

Your team approached me to help you with implementing a new system with Java EE. What is the purpose of the application(s)?

As a service provider for the foreign unit branches we have to maintain and develop a large number of very small business applications, which have been implemented over the years with various technologies. We were looking for a solution to migrate these application to one platform, without sacrificing the maintainability and flexibility of a tiny application.

How big is your team?

We started with three developers in December 2014 and have expanded our team mid-2015 by two additional java developers.

What is your impression of Java EE 7?

Compared to my first experience with J2EE 1.3 it is incredible how easy and with as little effort it is to fulfill technical and business requirements. Especially the Java API for JSON Processing (JSON-P) makes our work much easier.

You are relying on the Boundary Control Entity (BCE/ECB) "architecture". Are you happy with the choice?

Very happy! Our team like the clear structure and we do not waste hours or even days discussing our package structure. Most of our applications will consist only of these three packages, boundary, control and entity.

How big are the WARs? Are there any runtime dependencies / libraries?

Most of our back-end WARs have about 50KB, the front-end WARs about 2MB. The back-end WARs (containing our business logic, exposed via a REST API) have only one runtime dependencies javax -> javaee-api -> 7.0

For testing purposes, we have of course further dependencies…

The front-end WARs with the AngularJS and Bootstrap dependencies are about 2MB.

Which tools, IDEs, servers, etc. are you using?

We hack with NetBeans, build and test continuously with Jenkins, manage our code quality with SonarQube and run our applications on WildFly (still waiting for a JavaEE 7 certified JBoss EAP)

Any interesting challenges during development?

Yes, Security! While implementing a JavaEE web application, you do not think about the security implementation. You simply use the security features provided by the JavaEE platform. However, you use a HTML5 client that looks quite different. You have to manage the authentication and authorization information in the single page application (SAP)

How did you solve this challenge?

With a JSON Web Token and a jax-rs ContainerRequestFilter. A HttpServlet, secured with basic JavaEE security generates and sign the JWT containing the username and roles. This information is stored in the SPA and provided in each http request. The ContainerRequestFilter takes the JWT from the http header, validates the signature and set a new SecurityContext. This solution obtains also a complete stateless security mechanism that can be used across multiple application servers.

How long would it take for a fresh developer with basic Java developer to become productive in your project?

The two colleagues who came on board this year were ready for action after less than 3 days.

Would you choose Java EE 7 again?

Definitely yes!

Timo, thank you for the interview!


NEW workshop: HTML 5 and JavaScript Essentials, Three days in April 2017: from Java EE 7 Architectures over Microservices to Performance, Troubleshooting and Monitoring
On demand workshops: Java EE 7: Bootstrap, Effective, Testing and Microservices available for streaming.

Newsletter: airhacks.news

A book about rethinking Java EE Patterns

Comments:

I would be interested to see some sample code of the authentication mechanism they came up with. Last time I tried building something similar with JEE6, I gave up and went with Spring security. But maybe I just googled for the wrong keywords back then?

Posted by Sebastain on November 11, 2015 at 07:28 AM CET #

We have started a small discussion about how Java EE reduces the amount of dependencies compared with the Spring Framework: http://psamolysov.blogspot.co.uk/2015/10/why-ejb.html One comment is very interesting: if you have an App Server and Maven you have two points of dependencies control - your app server and Maven also. But your sentence "The back-end WARs (containing our business logic, exposed via a REST API) have only one runtime dependencies javax -> javaee-api -> 7.0" is a killer argument for me. Java EE and EJB (do the guys use EJB?) rocks!

Posted by Pavel Samolysov on November 11, 2015 at 10:21 AM CET #

Hi Sebastian, can't share my code, but I can recommend some URLs:

http://stackoverflow.com/questions/29766673/custom-jax-rs-authorization-using-jwt-in-each-request
https://scotch.io/tutorials/the-anatomy-of-a-json-web-token and of course
http://www.adam-bien.com/roller/abien/entry/java_ee_authentication_and_authorization ;-)

Posted by Timo on November 12, 2015 at 12:13 PM CET #

It sounded really interesting, I also hoped for some sample codes. But thanks for the URL @Timo.

Posted by Cheryl on November 17, 2015 at 11:17 PM CET #

Could you please explain why did you use angularjs in the front end instead of jsf?

Posted by Samy on November 18, 2015 at 08:40 PM CET #

one of the reasons why we've chosen angularjs and not jsf https://t.co/WlOngAgdZf

Posted by Timo on December 14, 2015 at 06:38 PM CET #

I found a sample Java EE/JWT app. Look here
https://github.com/sixturtle/examples/tree/master/jaxrs-jwt-filter

Posted by kechap on March 18, 2016 at 10:35 AM CET #

"Could you please explain why did you use angularjs in the front end instead of jsf?"

It is quite easy, because Google told them. Forget almost everything you learnt. All you need now is Angular JS 1,2,3,... and microservices till Google tell something else!

Seriously, we use JSF 2.2. and Primefaces 6.0. and are really happy with this descission. All your Webapps are SPA, fast, nice and are based on an established technology and not on buzzwords.

Posted by KP on January 05, 2017 at 02:39 PM CET #

Post a Comment:
  • HTML Syntax: NOT allowed
realworldpatterns.com
Online Workshops
...the last 150 posts
...the last 10 comments
License