Servlet 3.1
8 likes9,018 views
This document discusses proposed features for Servlet 3.1 including support for cloud platforms, non-blocking I/O, protocol upgrades, and security enhancements. Key points include leveraging Java EE 7 services to enable multi-tenancy in cloud environments, exposing a non-blocking I/O API using listeners and asynchronous streams and sinks, and allowing HTTP connections to upgrade to other protocols like WebSocket. The proposed features aim to improve Servlet for cloud/PaaS usage and support newer web technologies.
![Expose NIO API
Sample Usage
public class NIOSampleServlet extends HttpServlet
protected void doGet(HttpServletRequest request, HttpServletResponse response)
{
request.addListener(new ReadListener() {
public void onDataAvailable(ServletRequest request) {
ServletInputStream nis = request.getServletInputStream();
try {
nis.read(new byte[nis.dataAvailable()]);
…
}
24 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.](https://image.slidesharecdn.com/servlet3-1-111209181420-phpapp01/85/Servlet-3-1-24-320.jpg)
![Expose NIO API
Sample Usage (cont’d)
public void onAllDataRead(ServletRequest request) {
try {
request.getServletInputStream().close();
….
}
public void onError(Throwable t) { … }
});
final byte[] b = new byte[100];
….
25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.](https://image.slidesharecdn.com/servlet3-1-111209181420-phpapp01/85/Servlet-3-1-25-320.jpg)
Servlet 3.1
- 1. 1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 2. Servlet 3.1 John Clingan, Principal Product Manager 2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 3 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 4. Agenda • Servlet 3.0 recap • Servlet 3.1 Overview • NIO API • Protocol Upgrade • Security • Resources 4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 5. Servlet 3.0 recap • Part of Java EE 6 • Focused on – Ease-of-Development – Pluggability – Asynchronous support – Dynamic registration of servlets, filters and listeners – Security enhancements • Adoption – GlassFish 3.x, Tomcat 7, JBOSS, Caucho, IBM, Weblogic 5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 6. Servlet 3.0 recap Ease of Development • Annotations to declare – Servlets – Filters – Listeners – Security • Defaults for attributes of annotations 6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 7. Example @WebServlet( urlPatterns = {“/foo”} ) public class SimpleSample extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) { } } 7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 8. Servlet 3.0 recap Pluggability • Drag-and-drop model • Web frameworks as fully configured libraries • Contain “fragments” of web.xml • META-INF/web-fragment.xml • Extensions can register servlets, filters, listeners dynamically • Extensions can also discover and process annotated classes 8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 9. Servlet 3.0 recap Using pluggability • Bundle static resources and jsps in a jar that can be re- used • Look for ready-to-use frameworks, libraries • Re-factor your libraries into re-usable, auto-configured frameworks 9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 10. Agenda • Servlet 3.0 recap • Servlet 3.1 Overview • NIO API • Protocol Upgrade • Security • Resources 10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 11. The content described in the following slides are subject to change based on expert group discussions 11 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 12. JAVA EE 7 THEME: CLOUD / PAAS Java EE 7 platform to be ready for the cloud 12 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 13. Java EE 7 PaaS support • Provide customers and users ability to leverage cloud environments • Enable multi-tenancy – One application instance per tenant – Mapping to tenant done by container – Isolation between applications • Define metadata for services 13 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 14. Servlet 3.1 Feature set • Align with Java EE 7 for cloud support – For web container there will a virtual server mapping per tenant – Ability to load custom web resources per tenant – Use the services exposed in Java EE 7 • Scale – Expose NIO2 API • Support newer technologies that leverage http protocol for the initial handshake – Support general upgrade mechanism for protocols like WebSocket • Security enhancements 14 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 15. Agenda • Servlet 3.0 recap • Servlet 3.1 Overview • NIO API • Protocol Upgrade • Security • Resources 15 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 16. Expose NIO API Overview: NonBlocking IO • Add two listeners: ReadListener, WriteListener • Add two interfaces: – AsyncIOInputSource with abstract classes ServletInputStream, ServletReader – AsyncIOOutputSink with abstract classes ServletOutputStream, ServletWriter • Add APIs to ServletRequest, ServletResponse 16 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 17. Expose NIO API javax.servlet.ReadListener public interface ReadListener extends EventListener { public void onDataAvailable(ServletRequest request); public void onAllDataRead(ServletRequest request); public void onError(Throwable t); } 17 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 18. Expose NIO API javax.servlet.WriteListener public interface WriteListener extends EventListener { public void onWritePossible(ServletResponse response); public void onError(Throwable t); } 18 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 19. Expose NIO API javax.servlet.AsyncIOInputSource public interface AsyncIOInputSource { public int dataAvailable(); public boolean isFinished(); public isReady(); } 19 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 20. Expose NIO API ServletInputStream, ServletReader InputStream Reader ServletInputStream AsyncIOInputSource ServletReader 20 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 21. Expose NIO API javax.servlet.AsyncIOOutputSink public interface AsyncIOOutputSink { public boolean canWrite(int size); public void complete(); } 21 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 22. Expose NIO API NIOOutputStream, NIOWriter OutputStream Writer ServletOutputStream AsyncIOOutputSink ServletWriter 22 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 23. Expose NIO API ServletRequest, ServletResponse • ServletRequest – Public ServletInputStream getServletInputStream() – Public ServletReader getServletReader() – public void addListener(ReadListener listener) • ServletResponse – Public ServletOutputStream getServletOutputStream() – Public ServletWriter getServletWriter() – public addListener(WriteListener listener) 23 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 24. Expose NIO API Sample Usage public class NIOSampleServlet extends HttpServlet protected void doGet(HttpServletRequest request, HttpServletResponse response) { request.addListener(new ReadListener() { public void onDataAvailable(ServletRequest request) { ServletInputStream nis = request.getServletInputStream(); try { nis.read(new byte[nis.dataAvailable()]); … } 24 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 25. Expose NIO API Sample Usage (cont’d) public void onAllDataRead(ServletRequest request) { try { request.getServletInputStream().close(); …. } public void onError(Throwable t) { … } }); final byte[] b = new byte[100]; …. 25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 26. Expose NIO API Sample Usage (cont’d 2) • response.addListener(new WriteListener() { public void onWritePossible(ServletResponse response) { AsyncIOOutputStream nos = response.getAsyncIOOutputStream(); try { nos.write(b); nos.complete(); … } public void onError(Throwable t) { … } }); } } 26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 27. Expose NIO API • Discussion with expert group on alternate approach • Use NIO 2 approach 27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 28. Program Agenda • Servlet 3.0 recap • Servlet 3.1 Overview • NIO API • Protocol Upgrade • Security • Resources 28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 29. Upgrade • HTTP 1.1 • Connection • Transition to some other, incompatible protocol • For example, Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9 29 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 30. Upgrade Example: WebSocket • Protocol: IETF • API: W3C (JavaScript) • Bi-directional, full-duplex / TCP 30 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 31. Upgrade WebSocket Example • GET /chat HTTP/1.1 • HTTP/1.1 101 Switching Protocols Host: server.example.com Upgrade: websocket Upgrade: websocket Connection: Upgrade Connection: Upgrade Sec-WebSocket-Accept: Sec-WebSocket-Key: s3pPLMBiTxaQ9kYGzzhZRbK dGhlIHNhbXBsZSBub25jZQ== +xOo= Origin: http://example.com Sec-WebSocket-Protocol: chat Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 31 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 32. Upgrade HTTP Request Servlet …. upgrade(…); ProtocolHandler 32 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 33. Agenda • Servlet 3.0 recap • Servlet 3.1 Overview • NIO API • Protocol Upgrade • Security • Resources 33 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 34. Security Enhancement • Made good progress in Servlet 3.0 • Continue from where we left off • Include support for preventing against CSRF • Provide an easy way to support denying all unlisted http methods • Encoding / escaping support to prevent XSS 34 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 35. Align with other Java EE JSRs • Integrate with Concurrency Utilities for Java EE – Utilize it Async programming model • Align with CDI • Align with Bean Validation • Align with Jcache (JSR 107) 35 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 36. Transparency • High level of transparency for all Java EE JSRs • Use java.net project to run our JSRs in the open – One java.net project per specification • Publicly viewable Expert Group mailing list archive • Users observer list gets copies of all emails to the EG • Download area • JIRA for issue tracking • Wiki and source repository at EG’s discretion • JCP.org private mailing list for administrative / confidential info 36 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 37. Agenda • Servlet 3.0 recap • Servlet 3.1 Overview • NIO API • Protocol Upgrade • Security • Resources 37 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 38. Webtier related projects • https://servlet-spec.java.net • http://jcp.org/en/jsr/summary?id=340 • webtier@glassfish.java.net – For users of GlassFish webtier 38 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 39. Tokyo 2012 April 4–6, 2012 39 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 40. Q&A 40 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 41. 41 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 42. 42 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.