J2EE Applications and BEA WebLogic Server

Description

• Authoritative guidance and high-performance code—straight from BEA WebLogic's product team!
• Step-by-step, example-rich coverage of every major J2EE API
• Case study: Build a complete e-Commerce application from scratch
• CD-ROM: Complete BEA WebLogic Server 6evaluation version, plus extensive code library

The insider's guide to J2EE development with the world's #1 Java application server—BEA WebLogic Server 6!

BEA's WebLogic Server is the de facto industry standard for developing and deploying industrial strength Java E-commerce applications. This book delivers authoritative guidance for J2EE application development with the most powerful version of WebLogic ever: WebLogic Server 6. Authored by members of BEA's WebLogic project team, the book covers every aspect of real-world WebLogic J2EE development, from start to finish, through an industrial-strength case study application. You'll find coverage of all this, and more:

• BEA WebLogic Server: Fundamental concepts and configuration techniques
• Designing robust, high-performance J2EE applications—including detailed coverage of capacity planning and performance testing
• Effective use of RMI and distributed naming
• Building presentation logic with WebLogic Server servlets and JavaServer Pages
• Using session, entity, and message-driven Enterprise JavaBeans
• Interfacing with Internet Mail using WebLogic Server JavaMail
• Establishing database connectivity with JDBC and implementing transactions with JTA
• Developing security with WebLogic Server JNDI and the Java Authentication and Authorization Service (JAAS)
• Packaging, deploying, and testing WebLogic Server applications

Ready to move from "Java programmer" to "expert enterprise developer"? You won't find a more useful tool than BEA WebLogic Server—or a more useful book than J2EE Applications and BEA WebLogic Server.

• All code from the book, including a complete enterprise application
• Complete evaluation version of BEA WebLogic Server Release 6
• Bonus WebLogic Server tools and utilities

Sample Content

Online Sample Chapter

Enterprise Messaging with the Java Message Service (JMS)

Table of Contents

Foreword.


Preface.


1. Introduction.

What Is BEA WebLogic Server? WebLogic Server Overview. The Container-Component Model. WebLogic Server Strengths: Component Support and Scalability. How to Use this Book. Road Map. Summaries. System Requirements. Supported Platforms. Software on the CD-ROM. Versions Supported. Conventions.

WebLogic Server and J2EE. J2EE Technologies Covered in this Book. Presentation Logic. Java Servlets. JavaServer Pages (JSPs). WebLogic Server JavaBeans and Tag Libraries. Database and Transaction Support. Java Database Connectivity (JDBC). Java Transaction API (JTA) Support. Object Registry and Remote Method Invocation (RMI). Java Naming and Directory Interface (JNDI). Remote Method Invocation (RMI). Enterprise JavaBeans (EJBs). WebLogic Server Entity EJBs. WebLogic Server Session EJBs. WebLogic Server Message-Driven Beans. Java Message Service (JMS). JavaMail. Security. WebLogic Server's Distributed Deployment Support. About WebAuction. WebAuction Application Technology Requirements.

Introducing WebLogic Server Servlets. WebLogic Server Servlets Handle HTTP Requests. Generic Servlets. How Servlets Are Used. WebLogic Server JavaServer Pages (JSPs). Servlets or JSPs? Developing Servlets. Anatomy of a Servlet. A Basic Servlet. About the Packaging and Deployment Process. About Web Applications (.war Files). The Lifecycle of a Servlet. Handling Basic Servlet Requests. Generating the Servlet Response. Using Default Methods to Handle Web Forms. Servlets and Web Sessions. Conventional Methods for Session Tracking Are Difficult. The Servlet Specification to the Rescue. The Scope of a Session. Sessions and Servlets Example. Baking Your Own Cookies. Dealing with Users. Creating a Cookie. URL Rewriting. Custom Cookies for Personalization. Long-Term CookieServlet Example. The Web Application Package. About Web Applications. Web Application Overview. Web Archive Organization. Using Servlets with WebLogic Server Clustering. Persisting Session Information. Session Protection Performance Implications. Choosing the Right Level of Protection. Special Considerations for In-Memory Replication. Best Practices for Servlets. Be Smart About Session State. Don't Close/Terminate the Response Stream. Always Activate URL Rewriting. Session Objects Are Not Appropriate for Long-Term Data. Keep Scalability in Mind.

About WebLogic Server JSPs. Why JSP? Integrating Java Code with JSP. JSP Basics. Anatomy of a JSP. A Basic JSP Example. Running the Basic JSP Example in WebLogic Server. The Lifecycle of a JSP. Initialization. Loading and Instantiation. End of Service. JSP Page Elements. JSP Directives. Page Directives. Implicit Objects and Scripting Elements. Actions. Using Java Beans with JSPs. JSP Tags for Using Beans. Building a JavaBean into a JSP. Using JavaBean Properties. Custom Tag Libraries. Using Custom Tag Libraries in JSP. Error Pages, Comments, and Deployment Descriptors. JSP Error Page. JSP Comments. JSP Deployment Descriptor Options. Using Servlets and JSPs Together: Model View Controller. MVC Components. MVC in Web Applications. MVC Applicability. Best Practices for Debugging and Developing JSPs. Create Scripts to Take Advantage of Automatic Deployment. Base Your Development on Templates. Be Careful About Capitalization and Spacing. Turn on the Debugging Messages Using the Console. Best Practices for JSPs. Keep in Mind that JSPs Are Just Specialized Servlets. Encapsulate Complex Data and Logic in JavaBeans and Custom Tag Libraries. Always Activate and Use URL Rewriting. Use JSP Error Pages. JSPs in the WebAuction Application. browseitems.jsp. ItemBean JavaBean. Browsing the WebAuction Code.

WebLogic Server JDBC. Why JDBC? JDBC Drivers. Using JDBC to Read Data. Using JDBC to Update the Database. Transactions. Using the JTA Driver. WebLogic Server Multi-Database Transaction Services: JTA, XA, and 2PC. Complete WebLogic Server JTA Example. WebLogic Server and Distributed Transactions. Distributed Transactions and Standards. Using XA-Compliant Resources and JTA. Transaction Isolation Levels. Prepared Statements. Error Handling and SQL Warnings. Handling SQLException Errors. Handling SQL Warnings. Metadata. Using Metadata. Advanced Features. BLOBs and CLOBs. Best Practices for JDBC. Make Your Queries as Smart as Possible. Tune the Database. Put Initialization Code in init(). Get Your JDBC Connection from a TxDataSource or the JTS Driver. Use Batch Updates. Do In-Place Updates Where Possible. Use the Appropriate Method to Get a JDBC Connection Object. Release the JDBC Resources Appropriately. Use Autocommit Appropriately. Don't Hang onto JDBC Connections. Work in the Database If You Can. Commit or Roll Back Your Transactions as Soon as Possible. Set Your Pool Size Appropriately. Do Not Have Your Transactions Span User Input. JDBC and Transactions in the WebAuction Application.

Remote Method Invocation. Using the Remote Interface. The RMI Programming Model. Serialization. The Serializable Interface. The Remote Interface. Hand-Coding Serialization. Using RMI in Distributed Applications. Handling the Unreliable Network. Performance Implications of Cross-Network Method Calls. WebLogic RMI Optimizations. JNDI: Java's Naming Service. Using JNDI. JNDI, Security, and Identity. JNDI and Clustering. Replicated Naming Service. Understanding Conflicts in the JNDI tree. Clustered JNDI with Replicated Bindings. Clustered JNDI with Nonreplicated Bindings. JNDI Best Practices. Local Caching. Using JNDI Effectively to Increase Performance. Minimizing Frequency of Updates. Conclusion.

Benefits of JMS. Interprocess Communication. JMS Fundamentals. Connection Factories. Sample JMS Queue Producer/Consumer. Configuring JMS. Sample JMS Queue Producer/Consumer. Running the Queue Example. Sample JMS Topic Producer/Consumer. Message Producer. Synchronous Message Consumer. Asynchronous Message Consumer. Running the Topic Example. JMS Messages. JMS Header. Message Properties. Message Types. JMS Message Types. Reusing Message Objects. JMS Delivery Modes. Synchronous vs Asynchronous Receivers. Message Selectors. Durable JMS Subscriptions. Using Temporary Destinations. Message Acknowledgment. Which Acknowledgment Mode Is Right for Your Application? JMS and Transactions. Using Transacted Sessions. Using JTA Transactions with JMS. Clustering JMS. Exception Listeners. Using Multicast JMS. Configuration Changes for Multicast JMS. Using Multicast JMS Sessions. JMS Best Practices. Avoid Unneeded Features. Selection Performance Costs. Using Asynchronous Message Consumers Where Possible. Prefer JTA Transactions to Transacted Sessions. JMS Transactions and Error Handling. Conclusion.

Enterprise JavaBeans Overview. Basics of EJBs. Session Beans. Entity Beans. Message-Driven Beans. Stateless Session EJB Example: HelloWorld. Building the EJB Jar File. Writing a Simple EJB Client. The EJB Container. Stateless Session EJBs. Stateless Programming Model. Stateless Session Bean Clustering. Using Member Variables with Stateless Session Beans. Stateful Session EJBs. The Stateful Programming Model. Stateful Session EJB Lifecycle. Stateful Session EJBs and Clustering. Stateful Session Beans and Concurrency. Using Transactions with Session Beans. Container-Managed Transactions. Bean-Managed Transactions. EJB Security. Assigning Security Roles in the EJB Deployment Descriptors. Using Programmatic Security with EJBs. EJB Environment. Declaring Environment Variables. EJB References. Declaring EJB References. Resource Manager References. Declaring Resource Manager References. Resource Reference Advantages. Handles. HomeHandles. Cars Example. Running the Example. Best Practices. Coding Business Interfaces. Tips for Transactions. When Not to Use Stateful Session Beans. Best Practices for EJB Security. Conclusion.

Rationale for Entity EJBs. Entity Bean Basics. Entity Bean Components. Activation and Passivation. Home Methods and Business Methods. CMP Entity Bean Example. Container-Managed Fields. Student CMP Example. CMP. ejbCreate. ejbRemove. ejbLoad. ejbStore. Finders. ejbPostCreate. Container-Managed Entity Bean Lifecycle. Anonymous Instances. Identified Instances. Reading and Writing the Database. Introduction to CMRs. Unidirectional and Bidirectional Relationships. CMR Example. Creating the Database Tables. Mapping CMP Entity Beans to the Database. Running the Example. Writing EJB-QL for CMP Finders. CMR Programming Restrictions. BMP Entity Beans. Writing the Student BMP Entity EJB. Writing the BMP Bean Class. Best Practices for BMP Entity EJBs. Advanced Topics for Writing Entity EJBs. How to Write a Primary Key Class. Implementing hashCode. Implementing equals. Entity Bean Inheritance and Polymorphism. Inheritance Restrictions. Design Patterns for Inheritance and Polymorphism. Entity Beans and Locking. Database Concurrency. EJB Container Concurrency. Choosing a Database Concurrency Strategy. Optimizing Data Access Calls. Optimizing CMP Entity Beans. Using Read-Only Entity Beans. Designing Read-Mostly Entity Beans. Session Beans as a Wrapper for Entity Beans. Using Java Beans as Value Objects. BMP vs CMP. CMP Design Advantages. CMP Performance Advantages. Combining CMP and BMP. Stateless Session Beans vs Entity EJBs. Conclusion.

Message-Driven EJB Basics. Message-Driven EJB Lifecycle. Message-Driven EJB Example. MessagePrinterBean Class. Writing Deployment Descriptors for Message-Driven EJBs. Message-Driven Beans and Concurrency. Parallel Message Dispatch. Setting max-beans-in-freepool for Message-Driven EJBs. Message Ordering. Specifying a JMS Connection Factory. Using Transactions with Message-Driven Beans. Required Transaction Attribute. NotSupported Transaction Attribute. Bean-Managed Transactions. Error Handling with the Required Transaction Attribute. Message Acknowledgment. New Customer Example. Building and Running the Example. Message-Driven EJB Advantages. Using JTA Transactions with an Asynchronous Consumer. Parallel Message Processing. Simple and Standards-Based. Conclusion.

About Email. About Simple Mail Transport Protocol (SMTP). Mail Retrieval Protocols (POP3, IMAP). About JavaMail. The Session Class. The Message Class. The Transport Class. Mapping to Internet Addresses. Using JavaMail to Send Simple Email. Deploying MailSender.jsp. Adding Email Capability to the WebAuction Application. Where to Find More Information on JavaMail and Internet Mail. JavaMail Best Practices. Using JavaMail to Confirm Email Addresses.

Security Technology Overview. Users and Groups. Roles and Principals. J2EE Security Programming Models. Authentication. Secure Sockets Layer (SSL). Authorization. WebLogic Server Security Realms. Creating Secure Web Applications. Declarative Security in Web Applications. Developing Form-Based Authentication. Programming to the Caching Realm in Web Applications. The Realm API. Getting an Instance of the Realm. Adding and Retrieving Users in the Realm. Adding a User to a Group. Adding and Removing Groups. NewUser.jsp Example 495 Deploying a Realm API Authentication Example Using the RDBMS Realm. Developing Browser-Based Authentication. Specifying Deployment Descriptor Web Authorization Methods. Programmatic Security in Web Applications. Programmatic Security API. Programmatic Security Example. Developing Secure Application Clients. Why Two Security Services? WebLogic Server JAAS Authentication. Using JAAS for Application Client Security. Writing JAAS Authentication Code. Using WebLogic Server JAAS Authentication. JAAS-Secured Application Client: Implementation Notes. Using WebLogic Server JNDI for Application Client Security. WebLogic Server JNDI-Based Authentication. Example: Secure Application Client Using EJB. weblogic-ejb-jar.xml. SecureBean.java 522 Deploying the Secured EJB Client. About WebLogic SSL. Symmetric Key Encryption. Digital Certificates. Certificate Authorities. Notes on SSL Encryption. WebLogic Server SSL Usage Scenarios. Web Clients: Using SSL Security. SSL Security Example. Application Clients: Using SSL Security. WebLogic Server Security Best Practices. Putting It All Together. Securing the WebAuction Application.

Designing for Deployment. WebLogic Deployment Scenarios: Case Studies. Types of Client Software. Web Deployments: A Standard Configuration. Web Deployment Scenario #1: Commercial Web Server. Scenario #2: Using WebLogic Server as the Web Server. Using a DMZ and Firewalls in a Web Deployment. Firewalls. Integrating Web Deployments with Data Stores. Using WebLogic Server Clustering in a Web Deployment. Configuring Hardware for a Clustered Web Deployment. Clustering on a Multi-CPU Server. Hardware Specifics for Clustering. Web Application Deployment Details. Co-located Front- and Back-End Services. Web Services in the DMZ; EJB Outside. Using WebLogic Server as the Web Server. Application Deployments. Typical Application Deployment Architecture. Security Considerations in an Application Deployment. Recommended Application Deployment Architecture. Mixed Deployments. Simple Mixed Deployment Architectures. Using WebLogic Server Clustering in a Mixed Deployment. Security Considerations in a Mixed Deployment. Recommended Mixed Deployment Architecture. Application Deployment Process. Infrastructure Components in Application Deployment. Stages in Application Deployment. Best Practices for Deploying WebLogic Server. Design for Security. Test and Stage Your Application. Don't Get Too Creative. Minimize the Number of Moving Parts.

Application Architecture and Design: WebAuction. WebAuction Design Goals. WebAuction Subsystems. WebAuction Interfaces. Separating the Web and Business Logic Tiers. Accessing Server-Side Business Logic from JSP Pages. JavaBeans in the Presentation Layer. The Tag Library-to-Business Logic Interface. Utility Methods. WebAuction Security. Authenticating Users. Creating New User Accounts. Business Logic Design. WebAuction Stateless Session Bean. Transaction Flow. Entity Bean Relationships. Changes Required for a Production Application. Limiting Query Results. Unique ID Generation. Internationalizing WebAuction. Database Tuning. Assembling the Application Components: WebAuction. About Enterprise Archives. Enterprise Archive Organization. Writing application.xml. Packaging the Enterprise Archive (.ear). Quick Deployment of the WebAuction Application. Deploying the WebAuction Application: In Detail. Deploying the WebAuction on Another Database. Testing the WebAuction Application. Functional Testing. Stress and Performance Testing. Understanding ExecuteThreads.

Analysis of Capacity Planning. Factors Affecting Capacity. Methodology and Metrics for Capacity Planning. Setting Capacity Goals. Server Hardware Capacity Planning. A Baseline Capacity Profile. LAN Infrastructure Capacity Planning. External Connectivity Capacity Planning. Capacity Planning Best Practices.

Preface

Preface

Introducing BEA WebLogic Application Servers

J2EE Applications and BEA WebLogic Server addresses the need for a practical, state-of-the art book on developing enterprise applications with the market-leading BEA WebLogic Java application servers. The BEA WebLogic family of application servers includes BEA WebLogic Server, BEA WebLogic Enterprise, BEA WebLogic Commerce Server, and BEA WebLogic Personalization Server. This book focuses on BEA WebLogic Server.

BEA WebLogic Server (WebLogic Server) is a widely used Java application server for constructing multi-tier, secure, large-scale, distributed Web applications for e-commerce and other high-volume applications. Distributed applications require sophisticated, fast, fault-tolerant networked communication among application tiers and components. In a client-server application, client programs send requests and receive responses from a server system. With the advent of middleware and the Web revolution, many enterprise sites have moved from client-server application environments to n-tier—usually, 3- or 4-tier—architectures. In multi-level architectures, efficient network connectivity is paramount.

In a multi-tier application, WebLogic Server provides the framework for developing and deploying server-side business logic, and supports a distributed programming model that hides the complexity of distributed programming from the application writer. The programming model provided by J2EE and the WebLogic Server extensions provides some level of transparency, so that writing a distributed application is similar to writing a local application. Although the programmer must still be concerned about error handling and efficiency, WebLogic Server's implementation of the J2EE services provides an excellent development and execution environment for an enterprise-level distributed application.

An application server such as BEA WebLogic Server handles server-side business logic and the administration of a multi-client, distributed application that uses a variety of clients and servers. Giving the responsibility for business logic and traffic control to an application server has the following benefits:

• oEfficiency: Web browser and application clients can share the same business logic, rather than having to deploy business rules with each instance of a client.
• oPerformance: Locating server-side business logic with or near resource-intensive modules such as data stores can improve performance.
• oManageability: System administration and security issues are easier to address when business logic is centralized in an application server.

History of BEA's WebLogic Server Division

WebLogic, Inc. was founded in 1995--when Java, still a "think tank" project of Sun Microsystems, was code-named "Oak." In 1998, WebLogic merged with BEA Systems, Inc., a major vendor of transaction monitors and other tools for creating and managing enterprise-scale distributed systems. The BEA WebLogic Server product is a part of the BEA E-Business Platform.

From the beginning, the WebLogic Server developers determined to use only Java, and to focus on server-side technologies: server support and middleware management of multi-tier applications. Using off-the-shelf Java development tools (and general-purpose text-editing tools such as emacs), the WebLogic Server developers implemented APIs for each new Java standard feature that Sun specified. As a result, WebLogic Server has not only kept current with Java standards development but has also had the capability to influence emerging Java standards.

BEA WebLogic Server was an early implementer of each emerging Java Enterprise standard, including Enterprise JavaBeans (EJB), Remote Method Invocation (RMI), servlets, the Java Naming and Directory Interface (JNDI), and Java Database Connectivity (JDBC) for Oracle, Informix, Sybase, and Microsoft SQL Server. Each of these technologies is explained and illustrated in the chapters that follow.

In July 2000, the BEA Systems family of application servers successfully completed Sun Microsystems Java 2 Enterprise Edition (J2EE) certification, becoming the first independent company to achieve official J2EE certification.

BEA WebLogic Server has won several industry awards, including:

• oBest Java Application Server (JavaPro, June 2000)
• oProduct Excellence and Productivity Award (Software Development Magazine, March 2000)
• oJava World Reader's Choice Award for best e-commerce application server, 1999
• oInfoworld's Product of the Year, 1999
• oJava Developers Journal Editor's Choice Award in 1998 and 1999

Why We Wrote This Book

BEA WebLogic Server has a growing installed base that has been supported by training classes and extensive documentation, but there has been no comprehensive, practical coverage of full-scale application development on the WebLogic Server platform. This step-by-step book explains where to start, and how to put all the pieces together. Planning for deployment and selecting the technologies that you'll use for each tier of the application is as important as laying down code.

Target Audience

J2EE Applications and BEA WebLogic Server is targeted at intermediate to professional-level Java programmers developing applications for the BEA WebLogic Server platform, the market leader among application servers. This book focuses on best practices for developing enterprise applications using the WebLogic Server APIs. The WebAuction application, a complete sample e-commerce application, is explained and developed as an example in Chapter 14. An accompanying CD-ROM includes all software and code needed to implement the sample application in your own environment.

After reading this book, Java developers will possess the skills and knowledge required to develop scalable and robust applications on the WebLogic platform. This book is targeted at programmers who know basic Java on at least an intermediate level and would like to learn WebLogic Server. We assume that readers know about standard Java programming concepts such as exceptions and threads. However, we do not assume that readers know much about J2EE or application servers.

Brief Overview of the Book

J2EE Applications and BEA WebLogic Server contains both a descriptive narrative and examples for each major J2EE API, and a sample application that concludes the book. Using a step-by-step approach, the book introduces each major J2EE API and uses it to build a component of the WebAuction application, which supports an online auction site.

Building the WebAuction application gives users the opportunity to explore significant areas of building a distributed Enterprise Java application, including:

• oOverview of J2EE technologies (Chapter 2)
• oBuilding presentation logic with servlets or Java Server Pages (JSPs); (Chapters 3 and 4)
• oEstablishing database connectivity and using transactions (Chapter 5)
• oUsing Remote Method Invocation, and the Naming and Directory Interface (Chapter 6)
• oUsing a message-oriented middleware layer to coordinate all the components and operations in your multi-tier, distributed WebAuction application (Chapter 7)
• oCreating Enterprise Java Beans (Chapters 8-10)
• oIntegrating Internet mail (Chapter 11)
• oAdding security (Chapter 12)
• oDesigning a distributed deployment (Chapter 13)
• oBuilding and deploying the completed application (Chapter 14)
• oPerforming a capacity-planning exercise to assess the performance of the deployed application (Chapter 15)

Chapter 1 presents a detailed overview of the book, with a roadmap and chapter summaries. Chapter 1 also lists system requirements and conventions. Chapter 2 surveys the J2EE technologies that are described in depth, with examples, in Chapters 3-12.

About the Authors

Michael Girdley is the Senior Product Manager for the BEA WebLogic Server, a role in which he acts as marketing liaison to over 200 engineers. An experienced application developer in Java, HTML, C, and C++, Michael is a co-author of Web Programming with Java (Sams-net Publishing, 1996) and Java Unleashed, Second Edition (Sams-net Publishing, 1997). Michael holds a bachelor's degree in computer science with honors from Lafayette College.

Rob Woollen is a Senior Software Engineer at BEA Systems. He is currently the lead developer for the WebLogic Server EJB Container. Before joining BEA, Rob worked on UNIX kernel networking for Hewlett-Packard. Rob holds a bachelor's degree in computer science from Princeton University.

Sandra L. Emerson is a technical writer and consultant with 20 years' experience in the software industry. She is a co-author of four computer trade books: The Business Guide to the UNIX System (Addison-Wesley); Database for the IBM PC (Addison-Wesley); Troff Typesetting for UNIX Systems (Prentice Hall PTR); and The Practical SQL Handbook (Addison-Wesley, Fourth Edition, 2001).

Updates

Submit Errata