WA1280 Architecting and Designing JEE Applications

Student Lab Solutions

Web Age Solutions Inc.

Contents
SOLUTION 1. FUNDAMENTAL ARCHITECTURAL CONCEPTS ............................................................................. 3 SOLUTION 2. SYSTEM ARCHITECTURE DEVELOPMENT GUIDELINES ............................................................... 5 SOLUTION 3. QUALITY OF SERVICE REQUIREMENTS ....................................................................................... 8 SOLUTION 4. JEE TECHNOLOGY SERVERS .....................................................................................................10 SOLUTION 5. JEE TECHNOLOGIES ..................................................................................................................12 SOLUTION 6. JEE TECHNOLOGY CHOICES ......................................................................................................14 SOLUTION 7. PROTOTYPES .............................................................................................................................17 SOLUTION 8. SOFTWARE ARCHITECTURE .......................................................................................................18 SOLUTION 9. DATA TRANSFER, TRANSACTIONS AND SECURITY IN DISTRIBUTED COMPUTING ......................20

Solution 1. Fundamental Architectural Concepts

Part 1. Answers to General Questions
1. An architecture that is used to describe a particular application domain is called a reference architecture. 2. The key differences between architecture and design are: Architecture is a form of higher level design and deals with subsystems, layers, interfaces and components. Design deals with classes and methods. Architecture deals with QoS (non-functional) requirements. Design tends to focus more on functional requirements and is not as concerned with QoS requirements. Architecture addresses common mechanisms such as logging, transaction handling, security, and data persistence. Design utilizes these common mechanisms. Architecture addresses a few key, high-risk use cases that provide good coverage of the mechanisms and techniques that will be used in the system. Design addresses all use cases. 3. There are several reasons why architecture is needed: Architecture provides guidance to the development team designers It provides a design plan to help manage the complexity of the system It is a place to capture early design decisions, constraints on design and implementation, and organizational structure for the development team It makes the system more consistent and easier to design, develop and maintain Training Maintenance Testing Ensuring qualities of service (QoS) Verification of requirements Project management System operation 4. The architect plays many roles: Requirements Technology risk assessment Analysis of the problem domain Overall design

 Review and approval Mentoring Test support Implementation Team leadership Conduit to project management

Part 2. Answers to SportyStuf Project Questions

1. Every students situation is different. The qualities you would want to demonstrate include: Software design and development experience Technical leadership Team facilitation skills Communication skills Building consensus skills Technical skills Domain knowledge Abstraction skills

Solution 2. System Architecture Development Guidelines

Part 1. Answers to General Questions
1. Malicious software is also known as malware. This includes viruses, worms, trojan horses, malicious code downloaded from a remote site (applets, ActiveX, Javascript, remotely loaded RMI classes, etc). Distributed systems are more exposed to malware since they often involve the internet and other untrusted networks. Nodes in distributed systems are not always physically isolated from untrusted parties and therefore require more security measures to keep them from being infected by malware. 2. There are dozens of examples. One example is an internet bank web site that allows customers to transfer funds, pay bills and view their statement online. Confidentiality is important since customers would not necessarily want anyone to know how much money they have in their bank account, what bills they pay, etc. Data for communications to or from this web site could be made confidential by using HTTPS (HTTP over SSL). SSL provides secure, encrypted communications. 3. Obviously, there are many possibilities but one issue seems most likely. Rich clients typically use RMI/IIOP to communicate with EJBs. Communications via IIOP are not generally allowed through firewalls, either outgoing or incoming. Firewalls usually disallow the port that IIOP runs on unless it is port 80. They may also inspect traffic and disallow messages using the IIOP protocol. Since company Y is hosting the application server, they probably have configured their firewall properly to allow transmissions using this protocol and port. It is more likely that the firewall at company X is disallowing outgoing IIOP traffic since it is an unknown protocol and/or port. 4. This system is not highly available since a failure of any of these servers renders the system unavailable. It could be made highly available by adding redundant web servers, EJB servers and database servers. 5. First, the servlet needs to make three separate remote method calls to the EJB over the network. Network latency is three times as much as making one network call to get all three values at once. Second, the entity bean accessor methods will start and complete a transaction for each method call, assuming a transaction was not first started by the servlet. This introduces additional overhead. 6. If you perform the two write operations inside a distributed transaction that both resources (database and ERP system) are aware of, the failure will cause the whole distributed transaction to rollback so either both operations succeed or both fail. The distributed transaction guarantees that the two operations are executed as one atomic operation. 7. You should consider using standards-based architecture, technologies and tools. This allows you to more easily switch from vendor to vendor. JEE is such a standard.

Part 2. Answers to SportyStuf Project Questions

1. Some of the risks that this system will be exposed to include: Security Difficulties keeping the security mechanisms properly integrated between the order entry system, the shipping & inventory system and the CCX credit card system. Malware could make its way from the internet into the systems of SportyStuf. Maintaining confidentiality of user transactions. Proper authentication of users and the SportyStuf system. Correct authorization of users. Denial of service attacks against the SportyStuf system. The possibility of users failing to sign off of the system and other people making transactions to cause them damage. Performance The system is dependent on the internet which could cause performance issues. Scalability There is the potential for a larger number of users than initially predicted. Compatibility It is possible that some users lack browser support for the versions of HTML and other scripting languages that are used by the web application. Control It is possible that users disable cookie support in their browsers. There is also additional complexity and dependency on CCX to configure their firewalls correctly to allow transactions from SportyStuf through. 2. An applet based internet system is possible but the disadvantages outweigh the advantages: Advantages: A potentially richer user interface than an HTML based interface. The possibility of caching code and data on the client to improve responsiveness. Could increase scalability by offloading some of the processing to the client. Disadvantages:

 It requires users to download and install an appropriate JRE (Java Runtime Environment). This can take considerable time and would certainly frustrate users. In some cases, users may not have the authority to install the JRE on their workstation. The application Dave worked on was an intranet application so the local IT department had much more control over the user workstations and could more easily install the appropriate JRE. Traffic that uses the IIOP protocol may not be allowed out of the users firewall. If the server listens on a port other than 80, it is likely that the users firewall will block outgoing traffic regardless of whether IIOP is allowed or not. Again, the HR application that Dave worked on did not have this issue because the traffic did not pass through an external firewall or if it did, the local IT department had full control over the firewall. 3. Ideally, the creation of an order, the debiting of the customers credit card and the updating of the shipping & inventory system would be performed in a single transaction. 4. The advantages and disadvantages of using XWU-AS technology on this project are: Advantages: Pam understands the technology and she would be able to develop faster in XWU-AS than with JEE. Disadvantages: Dave and possibly other developers need to learn the new technology. XWU-AS is a proprietary technology and one of the goals of the project is to avoid vendor lock-in. JEE technology facilitates this goal.

Solution 3. Quality of Service Requirements

Part 1. Answers to General Questions
1. SSL reduces performance (due to extra time to encrypt communications), scalability (since SSL is connection-based and requires more server resources) and manageability (since there is now more to administer on the web server such as server side certificates). 2. 4 nines availability means the system will be available 99.99% of the time. This equates to 52.56 minutes of downtime per year. High-availability such as this usually warrants a cluster of redundant servers for fail-over purposes. For example, if the system uses a web server, you could have a second web server and a strategy for rapid fail-over in the event of a failure of the primary server. This facilitates high-availability because a failure of the primary web server will result in the secondary web server taking over within minutes or seconds. Often in an situation such as this, both web servers will run in parallel and both are considered primary. A load balancer would be used to spray requests evenly amongst the two servers. A failure of one server would be detected by the load balancer and the balancer would then direct all requests to the remaining server. For this to work, both servers need to have enough capacity to handle the entire load as still meet all of the qualities of service. This strategy also facilitates planned outages. Planned outages are taken to perform upgrades of the hardware or software. Upgrades can be applied to one web server while the entire load is being handled by the second web server. 3. Portability is the quality of service that allows an application to work on multiple platforms. They should consider supporting different browsers, browser versions, versions of JEE, application server JVM versions, and keeping the application as decoupled from the database implementation as possible through the use of layering, the DAO pattern and other techniques.

Part 2. Answers to SportyStuf Project Questions

1. The qualities of service that are important to SportyStuf include: Scalability The system should support bursty loads, especially during sales events. SportyStuf also predicts growth in sales over the next six months. Cultural adaptability - Support both U.S. and Canadian tax rules as well as both English and French Security Ensure proper authentication, confidentiality and integrity (credit card numbers, user ids and passwords are being transmitted over the wire) Extensibility Support the integration of a rich client in the future Portability SportyStuf wishes to avoid vendor lock-in

 Maintainability Application support is important to SportyStuf and proper documentation must be made available Manageability The system should be easy to manage. 2. The following quality of service conflicts occur: Scalability is reduced by security. For example, the use of SSL reduces scalability. Manageability is made more difficult by the additional complexity required for security, scalability, cultural adaptability, and portability. Manageability is probably the best QoS to decrease in order to achieve all of the other QoS requirements.

Solution 4. JEE Technology Servers

Part 1. Answers to General Questions
1. TimesheetBean and TimeSheetItemBean could be packaged in one EJB jar and UserBean, UserPreferencesBean and UserApprovalBean could be packaged in another EJB jar. This strikes a balance between the two extremes of packaging them all in their own jars (reusable but complex) and packaging them all in one jar (less reusable but very simple). This is packaging by related functionality. 2. Deployment descriptors are a good place to put customization properties in the form of environment variables. The EJB can be customized by the assembler or deployer at deployment time by simply changing an environment variable that tells the bean which algorithm to use. This allows customization without changing the beans code. 3. Containers provide components with standardized access to services of the JEE server including transactions, security, resource pooling, and other components. 4. An ERP (enterprise resource planning) system is packaged software with modules that help a business manage important aspects of their business including orders, customer service, inventories, etc. Organizations can choose to implement some or all of the modules. The modules have different versions that have been configured for different industries (health care, energy, financial, etc). Typically the business needs to change their business processes to match the software.

Part 2. Answers to SportyStuf Project Questions

1. The application server characteristics that are important to this system are illustrated in bold: Server 1 Clustering Hot deployment Administration Third party persistence providers Sophisticated load balancing Integrated web and EJB tier Entity bean caching Instance pooling Security Deferred database writes X X X X X X X X X X X Server 2 X Server 3 X X X X

10

Support for distributed transactions Totals: 3

X 6

X 4

Clustering, sophisticated load balancing, entity bean caching, instance pooling, and deferred database writes support the scalability requirement Administration supports the manageability requirement Security supports the security requirement Support for distributed transactions is also required because there are multiple resources to manage (the database and the shipping & inventory system, for example)

If we keep it simple and rank each characteristic with the same weight, server 2 is the best choice for the new SportyStuf system.

11

Solution 5. JEE Technologies

Part 1. Answers to General Questions
1. The browser issues an HTTP request to the web server/container. The web container encapsulates the details of the request in an instance of HttpServletRequest (including request parameters, cookies, etc). The servlets service method is called by the web container to process the request. The servlet processes the request and creates a response using an HttpServletResponse object. Both the HttpServletRequest and HttpServletResponse are provided by the container to the servlet as parameters to the service method. The response is then sent back to the browser by the web container. 2. JSPs could be used for the three views. A servlet could act as the controller for the application. Each JSP would submit to the controller which stores the answers and then forwards to the next JSP. The answers would be stored in the user specific HttpSession. Once the third page submits to the controller, the ten answers stored in HttpSession and the last five answers just submitted would be written to the database directly using JDBC or indirectly using entity beans. 3. In container-managed persistence, the container is responsible for saving state of entity beans to the database. The bean does not need to contain data access code. In bean-managed persistence, the entity bean must contain hand-written data access code. This allows more flexibility in how the data is saved to the database and allows the bean to potentially use more powerful persistence frameworks. 4. There are three types of EJBs: Session beans model business logic Entity beans model business data Message-driven beans enable asynchronous communication and are an asynchronous alternative to session beans 5. In order for a container to efficiently manage a large number of bean instances, it can take an instance out of memory and store it in permanent storage. This is called passivation. When this bean is invoked again, the container creates a new instance and initializes it with the data saved during passivation. This is called activation. Therefore, if the session bean contains a conversational state that must be preserved between method invocations, the session bean indicates STATEFUL management mode. 6. JCA uses an application level contract and several system level contracts. The JCA application level contract defines the API that an application component uses to access an EIS. It exists between the application component and the adapter. JCA system level contracts define the interface between an application server and a resource adapter. The system level contracts include contracts for management of connections, transactions, security, lifecycle, work and message inflow.

12

Part 2. Answers to SportyStuf Project Questions

1. A servlet could be used as the controller for the web application. Forms would submit to the servlet, the servlet would invoke business logic and then dispatch to an appropriate view (JSP). 2. JSPs could be used to render the views of the application (i.e. the web pages). 3. A filter could be used to perform the required logging of requests. This is a crosscutting concern that should apply to all web components so it is better to use a filter than encode the logging logic in every web component. 4. EJB technology is appropriate for this system since it requires distributed transactions, security, scalability, instance and resource pooling, and persistence. It also requires support for a future rich client application that connects directly to the business tier via RMI/IIOP. All three types of EJBs could be used in this system. Entity beans model persistent data such as orders, customers and products. Session beans model business logic. A message-driven bean performs order processing including updating the shipping & inventory system, debiting the credit card system and emailing the customer, all in the background. 5. A JEE Connector Architecture (JCA) connector exists for the shipping & inventory system and can be used to access that system. Specifically, we are very interested in the support for distributed transactions that the connector provides, as well as connection management and integrated security.

13

Solution 6. JEE Technology Choices

Part 1. Answers to General Questions
1. If we were to manage state in the client tier, we would have to pass the session state back and forth between the browser and the web container in the form of HTML form parameters or cookies. This has the serious disadvantage that it will perform poorly over low bandwidth network connections. It would be more appropriate to manage client session state in the web tier using HttpSession. 2. Rapid application development is facilitated by using entity beans and in particular, entity beans with CMP (container-managed persistence). Several tools exist that can create entity beans automatically from a domain object model. Developers do not need to write code to handle data persistence if CMP is used. 3. Mobile devices support both web-based and Java-based client applications. Web-based mobile presentation includes WML (Wireless Markup Language), XHTML Basic, and CHTML (the older Compact HTML standard). Java-based mobile applications are called midlets. Presentation in midlets is handled using the MIDP user interface API. This includes both a high-level API (simple but inflexible) and a low-level API (complex but provides more flexibility). 4. In a model 1 architecture, browser requests are made directly to JSPs which then use JavaBean components to read and/or write data sources. The JSPs then use the data in the bean to render the results. This is suitable for very simple applications. In a model 2 architecture, browser requests are made to a controlling servlet which then uses JavaBean components to read and/or write data sources. The servlet then dispatches (forwards) to a JSP to display the results. The JSP uses the data stored in the JavaBean(s) created by the controller as content to be displayed on the page. This facilitates a cleaner separation of presentation and content and makes it easier to maintain mid to large size applications. 5. A JSP can include content of another resource (JSP, servlet, HTML page, etc) using either the include directive or the include tag. The include directive is resolved at compile-time and thus is faster at run-time. The include tag is resolved at run-time and thus allows for dynamic content. 6. A queue is the destination used in a point-to-point messaging domain and each message is read by only one consumer. If process A sends a message to a queue, only one of processes B and C will get the message. We could change the domain from point-to-point to publish/subscribe and use a topic instead of a queue. We also need to register processes B and C as subscribers to the topic. Now, if process A sends a message to the topic, both processes B and C will get the message.

14

7. Here are some of the more important MOM features that support high availability and reliability: Guaranteed message delivery means that messages are stored in such a way as to survive system crashes and are guaranteed to be delivered to one consumer in a PTP domain and to all consumers in a Pub/Sub domain. Without this guarantee, messages could be lost during failures or unusual circumstances. Store and forward is a feature where the producer detects that the MOM system itself is down and stores messages locally until the MOM system is restored. Message retry is when the MOM system has the ability to retry failed messages. If the message fails a certain number of times, it is sent to a poison message queue. 8. With asynchronous messaging, performance can be increased considerably because a client can send a message to a server and continue to do other work while the server processes the message. The client can then receive a callback message from the server with the results and process this response at its leisure. However, the performance of send and wait calls is better in synchronous systems. This is when a client makes a call to a server and then waits for a result. This type of request is slightly slower in an asynchronous situation due to the extra messaging layer and message parsing overhead.

Part 2. Answers to SportyStuf Project Questions

1. Client session state is probably best handled by stateful session beans. This supports the scalability QoS requirement since the EJB container provides lifecycle management for stateful session beans, increasing scalability. Furthermore, the system may need to support a rich client in the future. Stateful session beans support both web and rich clients, whereas managing session state in HttpSession only supports web clients. This solution also requires the use of HttpSession for web clients since the web application needs to remember which stateful session beans belong to which users. That is, each user session in the web tier has an HttpSession that has a single reference to the stateful session bean. 2. The MVC (model-view-controller) architectural pattern is appropriate for this system. In particular, the model 2 web architecture is the best choice. It could be implemented using a servlet as the controller, JSPs as the views and EJBs as the model. This pattern makes it easier for team members to focus on their specialties. For example, web designers can focus on developing JSPs without having to worry about control or model logic. This pattern makes the system easier to maintain by using several, smaller, specialized components rather than fewer, larger, more general components that mix elements of model, view and control. 3. JMS (i.e. MOM) could be used to implement the order processing logic. It takes considerable time to update the shipping & inventory system as well as to debit the credit card system. Furthermore, the user does not need to wait around for the system to perform this processing since they will be sent an email with the results. Hence, when

15

the user creates an order, we could place a message on a queue to be processed later by an order processor message-driven bean. When the order processor gets the message, it debits the credit card, updates the shipping & inventory system and sends an email to the customer with the results.

16

Solution 7. Prototypes
Part 1. Answers to General Questions
1. You could develop a conceptual prototype to elicit the requirements from the users. The fact that they tend to communicate their needs after an application has been built suggests a more sophisticated prototype is required. For example, use an HTML mockup rather than a few screen shots thrown up on a whiteboard. 2. A conceptual prototype is a good idea but you probably wouldnt need to spend a lot of time making it work. A few screen shot mockups on a whiteboard would probably suffice since the application already has a common look and feel that the users are used to. They should be able to get a good understanding just from the whiteboard mockups. 3. An evolutionary prototype is one that will be built upon over several iterations and will eventually become the working, production-quality system. Hence, the developer should follow any established coding standards. If it were a throw-away prototype, the coding standards would not be as important and in fact, could get in the way of the goals of the throw-away prototype (i.e. building it quickly).

Part 2. Answers to SportyStuf Project Questions

1. A conceptual prototype is a very good idea since the users are not sure what the screens should look like, other than they should be professional looking and consistent. An architectural prototype is also a good idea. This will help verify scalability, give the development team some experience with JEE (Pam lacks Java experience), and improve understanding of user tasks.

17

Solution 8. Software Architecture

Part 1. Answers to General Questions
1. The 4+1 architectural view model contains views that describe the architecture in different ways. Each view has a different target set of stakeholders. Any one view does not try to document the entire architecture since that would be too complex. The five views are: Use-Case View Contains the main use cases and scenarios that illustrate the main flows, significant behavior and risks Logical View Contains the architecturally significant aspects of the design model including key subsystems, layers, and classes Process View Optional view that shows how operating system threads and processes communicate with one another Implementation View Describes how the software is implemented including the components and files that are used to assemble and release the physical system Deployment View Encompasses the nodes that form the systems hardware topology and the allocation of processes and components to the nodes 2. A subsystem is a design-time collection of classes, interfaces and components that make up a development package. A component is a modular and easily replaceable runtime implementation construct. Subsystems are design/build-time concepts whereas components are run-time concepts. 3. Layers build on subsystems and provide additional organization. This leads to additional advantages such as improved portability, the ability to build higher level layers without the need to build lower levels that potentially change less frequently, and allows architects and designers to rollup subsystems of the architecture into very simple, highlevel views that make it easier to communicate system wide concepts. Higher level layers can depend on lower level layers but not vice versa. This keeps the architecture straightforward and helps to ensure that the rebuild of an upper layer does not require the rebuild of a lower layer. 4. This design violates the acyclic dependencies principle. That is, no two elements can be dependent on each other, either directly or indirectly. This violation makes it more difficult to manage dependencies between the components.

18

Part 2. Answers to SportyStuf Project Questions

1. See LabSolutionDiagrams.ppt for the package diagram. The design uses formal layering. That is, each layer is dependent only on the layer immediately below it (or on itself). The packages are organized as follows: Presentation Layer View Contains all JSPs Controller Contains ShoppingController, ShoppingLogger, SessionCloser Business Process Layer Shopping Contains ShoppingServiceEJB, ShoppingServiceRemote, ShoppingServiceHome, ShoppingCartItem Order Contains OrderProcessorEJB Utilities Contains EmailUtil Business Domain Layer Order Contains OrderEJB, OrderLocal, OrderLocalHome, OrderItemEJB, OrderItemLocal, OrderItemLocalHome Customer Contains CustomerEJB, CustomerLocal, CustomerLocalHome Product Contains ProductEJB, ProductLocal, ProductLocalHome 2. See LabSolutionDiagrams.ppt for the component diagram. To keep the diagram simple, we chose not to show interfaces. We do show the ports that the ShoppingService and OrderProcessor communicate with (asynchronous messaging). Note that the ProductSearch, MaintainCart and OrderConfirmation JSPs are dependent on the ShoppingController since they require data for display. The ShoppingController gets the data from the EJB tier, stores it in request attributes and forwards to the JSPs. The JSPs then use the data in the request attributes for display. 3. See LabSolutionDiagrams.ppt for the deployment diagram.

19

Solution 9. Data Transfer, Transactions and Security in Distributed Computing

Part 1. Answers to General Questions
1. The update to the relational database and the update to the ERP system need to be performed in two separate local transactions. If a failure occurs in-between the two update operations, a compensating transaction needs to be issued to the resource that was updated first. The operations could be ordered such that the resource that is easiest to undo using a compensating transaction is issued first. 2. Support for client-side transactions is not required by the JEE specification. The company should try to keep their product as portable as possible so it will run in as many of the different JEE servers used by their customers as possible. Hence, they should avoid using client-side transactions in their product. 3. HTTP Basic authentication does not provide confidential data transfer natively. The communication channel can be enhanced to use SSL (Secure Sockets Layer) or TLS (Transport Layer Security) so data is encrypted before it is transmitted over the wire. This is HTTPS (HTTP over SSL). 4. Programmatic authorization allows the developer to add logic to the application to handle authorization. Programmatic authorization allows maximum flexibility for those cases that cannot be handled using declarative authorization rules in the deployment descriptor.

Part 2. Answers to SportyStuf Project Questions

1. The update of the order entry relational database and the update of the shipping & inventory system should be performed in a single distributed transaction. A transaction is required to guarantee the atomicity of the update. That is, to treat the update to the database and the update to the shipping & inventory system as one atomic unit that either completes entirely or does not have any affect at all. 2. The update to the CCX credit card system cannot be performed as part of a distributed transaction. The creation/update of orders and the update of the shipping & inventory system can be performed in a distributed transaction since there is a JCA connector for the shipping & inventory system. Therefore, we will need to use a local transaction to update the credit card system. If a failure of the overall group of operations fails, a compensating transaction may be required to undo the debiting of the credit card system. 3. With a web application we have at least four options to choose from: basic, formbased, digest and mutual (client certificate). Mutual authentication would be too difficult to manage and it would be infeasible to ask all potential customers of SportyStuf to buy a client-side digital certificate just to transact with them online. Basic and digest authentication do not necessarily present a consistent, professional login screen since it is

20

up to the browser to present this screen. One of the requirements is to present a professional user interface. Form-based login allows the developers to implement their own login page and does not require a client-side certificate so it is the most appropriate choice. 4. Server authentication could be handled using SSL. With SSL, a server side certificate is installed on the web server(s). The certificate must be signed by a CA (Certificate Authority) that is well known and has public certificates in all popular browsers. 5. SSL provides message integrity since messages between the users browser and the server (and vice versa) use digital fingerprint verification techniques. 6. SSL provides message confidentiality since messages between the users browser and the server (and vice versa) are encrypted. Confidentiality is important because first time users provide their credit card number during user registration. It is also important to keep the users user id and password confidential so attackers do not capture this information and login and buy products on behalf of the user or even worse, change their address so it comes to an address that the attacker can pick the product up at.

21