Sunday 30 October 2016

OCEJBCD - Package and Deploy EJB applications

OCEJBCD (SCBCD) - 1Z0-895 - Enterprise JavaBeans Developer Certification

Package and Deploy EJB applications

EJB3 bean classes are packaged in regular JAR files.
The javabeans configuration can be defined with annotations or using a deployment descriptor ejb-jar that will be located under META-INF folder:
  • META-INF
    • ejb-jar.xml
    The configuration specified in the descriptor will override the configuration specified by annotations.
    The JAR generated will be placed under lib folder in the WAR generated for the application.
    • WAR
      • WEB-INF
        • lib
          • ejbModule.jar



      Example of deploying an EJB project in a Glassfish server using Eclipse in this post .


      OCEJBCD (SCBCD) - 1Z0-895 - Enterprise JavaBeans Developer Certification

      Posted by at No comments:
      Labels: , , , ,

      Sunday 23 October 2016

      OCEJBCD - Perform EJB Exception Handling

      OCEJBCD (SCBCD) - 1Z0-895 - Enterprise JavaBeans Developer Certification

      EJB container considers two exception types:

      • System Exceptions
      • Application Exceptions


      System Exceptions .- internal errors

      • EJBException is a subclass of java.lang.RuntimeException
      • They always cause a rollback in transactions.
      • Runtime exceptions are unchecked exceptions, so they are thrown from the method (not need to throws or try/catch clauses)
      • Way the container hands system exceptions:
        • Roll back transaction
        • Log exception
        • Discard EJB instance
      • The EJB wraps the exception into RemoteException and throws it to the client.
      • If the client started the application and it was propagated to the EJB, the system exception will be rethrown as EJBTransactionRolledbackException

       Application Exceptions.- errors in the business logic

      • The do not cause a rollback by default. To rollback the transaction automatically it can be used the annotation @ApplicationException(rollback=true), or doing it explicity with a call the method setRollbackOnly()
      • They are sent to the client directly. The container does not wrap the exception.

       OCEJBCD (SCBCD) - 1Z0-895 - Enterprise JavaBeans Developer Certification
      Posted by at 1 comment:
      Labels: , , , ,

      Sunday 9 October 2016

      OCEJBCD -11. Implementing Security

      OCEJBCD (SCBCD) - 1Z0-895 - Enterprise JavaBeans Developer Certification

       11.1. Understand the JavaEE security architecture

       -Declarative security (using deployment description and annotations)
      -Programmatic security

       More details in securing java beans section from javaEE tutorial. 
      11.2. Authenticate the caller 

      Authenticate on a remote EJB can be done by JNDI:

       properties.put(Context.SECURITY_PRINCIPAL, "usename");
      properties.put(Context.SECURITY_CREDENTIALS, "password");

       Context jndiContext =  new InitialContext(properties);
      Object ref = jndiContext.lookup("SecureBean/remoteObject");

      11.3. Examine JavaEE authorization strategies

       Details about web application security can be review here.

      • Basic Authentication

      Data is encoded in base64 (not encrypted).
      • Form-based authentication

      Creating a custom login form.
      data are sent in http request with no encryption.

       In the Form authentication type the loginPage should be defined (using these three fields: j_security_check, j_username, j_password

      <form method="POST" action="j_security_check">
        <input type="text" name="j_username">
        <input type="password" name="j_password">
        <input type="submit" value="Enter">
      </form>
      • Digest authentication

      Data is encrypted (not SSL) but not all JEE containers support it.
      • Client authentication

      Using Publick Key Certificates
      Clients need to have a certificate to use it.
      • Mutual authentication
      The server and client authenticate each other. It can be certificate based or user/password based.

      11.4. Use declarative authorization

      Annotations:

       @DeclareRoles (class level)
      @RolesAllowed (class or method level)
      @PermitAll(class or method level)
      @DenyAll (class or method level)

      These annotations can be used at class or method level. At class level means that those roles will be applied to all the method in the class. The annotation at method level will override the class annotation.



       Java Security identity between the client and EJBcontainer is the identity of the caller.

       Propagating security between EJB containers by default will be the identity of the caller, but also can be specified configuring the bean with annotation(@RunAs("nameOfTheRole"))

      Message-driven beans have only @Run As as identity, they are not allowed to use method permissions or execute under caller identity.

      11.5. Use programmatic authorization 

       Methods from javax.ejb.EJBContext

       -getCallerPrincipal()

      -isCallerInRole("role")

      11.6. Examine the responsibilities of the deployer

      To override security annotations at deployment time it can be used security elements in the deployment descriptor.

       The deployer customises an EJB for a specific operational environment and deploy it into the server.
      Interprets the deployment descriptor from the application assembler and the bean provider and knows the security roles and users for this system.


      OCEJBCD (SCBCD) - 1Z0-895 - Enterprise JavaBeans Developer Certification
      Posted by at No comments:
      Labels: , , , ,

      Sunday 2 October 2016

      OCEJBCD -10. Implementing transactions

      OCEJBCD (SCBCD) - 1Z0-895 - Enterprise JavaBeans Developer Certification

      10.1. Describe transaction demarcation management

       JTA (Java Transaction API).

       Transaction demarcation involves indicating when a transaction begin and ends.

       There are three kind of demarcation management:

      • Bean managed
      • Container managed (by default)
      • Client managed

      10.2. Implement CMT

       CMT (Container Managed transaction)

       Transaction attributes

       Transactions attributes can be used at class or method level.

      • Required
      @TransactionAttribute(REQUIRED)
      Start transaction or continue with client transaction.
      • RequiresNew
      @TransactionAttribute(REQUIRES_NEW)
      Start new transaction (stop client and resume later).

      • Mandatory
      @TransactionAttribute(MANDATORY)
      Always with client transaction, if not throws an exception

      • Not supported
      @TransactionAttribute(NOT_SUPPORTED)
      No transaction (if client running within trans stop and resume later)

      • Supports
      @TransactionAttribute(SUPPORTS)
      Bean runs within client transaction if related only.

      • Never
      @TransactionAttribute(NEVER)


      10.3. Interact programmatically with an ongoing CMT transaction

       A transaction will rollback automatically in CMT when a system exception ocurrs. It can be invoked by setRollbackOnly() method.

       Methods not allowed in CMT are ( commit, rollback, getUserTransaction...)

       10.4. Implement BMT Apply transactions to messaging

       @TransactionManagement(BEAN)

       Use of commit, rollback, getUserTransaction(setTransactionTimeout..etc)
      Not allowed get/setRollbackOnly()

      OCEJBCD (SCBCD) - 1Z0-895 - Enterprise JavaBeans Developer Certification
      Posted by at No comments:
      Labels: , , , ,
      Subscribe to: Posts (Atom)