Timo, could you please introduce yourself. What is your Java background?
I'm a Java Developer at Commerzbank AG, Luxembourg. I've been working with java since J2SE 1.2 in 1999 and since 2001 with J2EE 1.3 (mainly in the web-technology area). The Commerzbank IT division in Luxembourg is a service provider for the bank's internal information and communication technology in central Europe.
Your team approached me to help you with implementing a new system with Java EE. What is the purpose of the application(s)?
As a service provider for the foreign unit branches we have to maintain and develop a large number of very small business applications, which have been implemented over the years with various technologies. We were looking for a solution to migrate these application to one platform, without sacrificing the maintainability and flexibility of a tiny application.
How big is your team?
We started with three developers in December 2014 and have expanded our team mid-2015 by two additional java developers.
What is your impression of Java EE 7?
Compared to my first experience with J2EE 1.3 it is incredible how easy and with as little effort it is to fulfill technical and business requirements. Especially the Java API for JSON Processing (JSON-P) makes our work much easier.
You are relying on the Boundary Control Entity (BCE/ECB) "architecture". Are you happy with the choice?
Very happy! Our team like the clear structure and we do not waste hours or even days discussing our package structure. Most of our applications will consist only of these three packages, boundary, control and entity.
How big are the WARs? Are there any runtime dependencies / libraries?
Most of our back-end WARs have about 50KB, the front-end WARs about 2MB. The back-end WARs (containing our business logic, exposed via a REST API) have only one runtime dependencies javax -> javaee-api -> 7.0
For testing purposes, we have of course further dependencies…
The front-end WARs with the AngularJS and Bootstrap dependencies are about 2MB.
Which tools, IDEs, servers, etc. are you using?
We hack with NetBeans, build and test continuously with Jenkins, manage our code quality with SonarQube and run our applications on WildFly (still waiting for a JavaEE 7 certified JBoss EAP)
Any interesting challenges during development?
Yes, Security! While implementing a JavaEE web application, you do not think about the security implementation. You simply use the security features provided by the JavaEE platform. However, you use a HTML5 client that looks quite different. You have to manage the authentication and authorization information in the single page application (SAP)
How did you solve this challenge?
With a JSON Web Token and a jax-rs ContainerRequestFilter. A HttpServlet, secured with basic JavaEE security generates and sign the JWT containing the username and roles. This information is stored in the SPA and provided in each http request. The ContainerRequestFilter takes the JWT from the http header, validates the signature and set a new SecurityContext. This solution obtains also a complete stateless security mechanism that can be used across multiple application servers.
How long would it take for a fresh developer with basic Java developer to become productive in your project?
The two colleagues who came on board this year were ready for action after less than 3 days.
Would you choose Java EE 7 again?
Timo, thank you for the interview!