A WSDL file contains a reference to an XSD document which defines the data structures which can be sent to the service over SOAP. In an XSD, you can define a Type for an element, or things like the elements cardinality, whether its optional or required, etc. When the web server hosting a web service is called, it receives a SOAP envelope which tells it which web service is being called. It could (and you might expect it does) validate the body of the SOAP message against the XSD in the WSDL... but it doesn't. Is this bad? Well, most clients will be generated from the WSDL, so you can assume that the type safety is respected. Saying that, it's not something the server can guarantee, so it needs to check that say a field that is supposed to contain a date, really does contain a date, and not some garbled text that is meant to be a date. But more importantly, something which a client does not guarantee, is whether all required fields in the data structure are actually present. To check this, you can validate incoming SOAP bodies against the XSD. The way to do this, is by using "Handlers". The JAX-WS specification defines two kinds, namely, SOAP Handlers and Logical Handlers. The SOAP kind is useful for accessing the raw SOAP envelope, for example to log the actual SOAP message. The logical kind is useful for accessing the payload as an XML document. To configure a handler,…
Tag: java
Persistent State Machine with Apache SCXML
The source code for this blog article can be downloaded here. I'm bored of reinventing the wheel. Everytime I need a state machine to ensure my states traverse only valid transitions, I find myself either not bothering, because I trust my coding (and write all the necessary unit tests of course), or writing very similar code over again. So I started wondering if there was a configurable state machine out there somewhere, and in no time at all Google gave me a link to SCXML from Apache. Apache SCXML is an implementation of a configurable state machine based on the SCXML working draft from W3C. I started by taking a look at what it does and how it works, always keeping in mind my requirements based on previous projects. The main question was how I could use a state machine in a persistent entity so that when an attempt is made to change the state, the state machine validated the attempt, ensuring only valid transitions are carried out. That meant two things: The state machine had to be able to have its current state set to any state. If I load an object with state out of the database, I need to be able to set that state in the state machine so that it checks any attempts to change state, based on this starting state. The state machine had to fit into a JPA entity class so that I could persist and load the state. Apache SCXML doesn't come…
GlassFish 3 In 30 Minutes
The aim: Set up a simple Java EE 6 project on GlassFish v3 in no time at all. The project must include: email, JMS, JPA, web and EJB (session bean, message driven bean and a timer bean). It must also include security and transactions. Sounds like a lot, but thanks to Java Enterprise Edition version 6, setting up a project like this and configuring all the resources in the Application Server are really easy! I chose GlassFish because its open source, has a useful little Admin Console and I've never developed with it before. Before I started I downloaded Java SE 6 (update 20), Mysql Server, the Mysql JDBC Driver and the GlassFish Tools Bundle for Eclipse, which is a WTP Version of Eclipse 3.5.1 with some specific bundles for developing and deploying on GlassFish. The process I wanted to implement was simple: a user goes to a website, clicks a link to a secure page and logs in, after which a message is persisted to the database and an asynchronous email gets sent. The user is shown a confirmation. In the background theres also a task which reads new messages from the database and updates them so they are not processed a second time. The design was to use a servlet for calling a stateless session EJB, which persists a message using JPA and sends a JMS message to a message driven bean for asynchronous processing. The MDB sends an email. A timer EJB processes and updates any messages…
Transfer-Encoding: chunked
The J2ME HTTPConnection which comes with MIDP lets you make HTTP requests to your server. It doesn't do much at a high level, for example the API doesn't have methods like addCookie() - you need to manually add them with a request header. But the implementation is clever enough to turn any request body which is greater than around 2Kb into a chunked request. With HTTP 1.0, the request had to contain a header called Content-Length which told the server how many bytes to read off the input stream when reading the body. HTTP 1.1 introduced the Transfer-Encoding header, which lets the client omit the Content-Length header, and instead create chunks of request body, which optimises the upload meaning that a) the server can start processing before it has everything, and b) more importantly for J2ME where memory might be a valuable resource, it lets the client send a bit of the request, free up that allocated memory and then send some more of the request. For a POST request, with no chunking, the headers and body might look like this: POST /log.jsp HTTP/1.1 User-Agent: Mozilla/4.0 (maxant J2ME Client) Accept: text/html,application/xhtml+xml,application/xml Content-Type: application/x-www-form-urlencoded Content-Length: 51 Host: wwwchaseamatecom:8089 problem=Failed%20to%20get%20installation%20response Chunked, that becomes: POST /ota/addInstallation.jsp HTTP/1.1 User-Agent: Mozilla/4.0 (maxant J2ME Client) Accept: text/html,application/xhtml+xml,application/xml Content-Type: application/x-www-form-urlencoded Host: wwwchaseamatecom:8089 Transfer-Encoding: chunked problem=Failed%20to%20get%20installation%20response You'll notice that the body of the second example, "problem=..." doesn't contain chunk headers (search Wikipedia for chunking to see an example). The reason is that I copied that text out of…
A J2ME Library and a simple HTTP Service Framework
J2ME's support for calling a server is rather simple and low level. Not only do you have to deal with the HTTP Connection at a low level, there is no high level support for cookies, authentication or remote procedure calling. So if you want to pass an object to the server and get a response, you need to figure out how to do that. XML over HTTP is one solution, but presents its own problems like the serialisation and deserialisation of objects, not to mention higher network traffic because of the meta-data held within the XML. JAX Binding is certainly not supported in J2ME-land which results in you having to use a SAX parser. In previous projects I have toyed with a simple way of providing services over JSPs, which take and receive delimited text. The idea is to implement your own simple serialization and deserialisation of simple objects allowing you to make simple calls to the server and receive simple responses. I purposefully used the word "simple" four times in that last sentence to impress upon you the idea that server calls should be kept simple. Take for example a J2ME application which tracks a GPS location. To send the location of the user it can simply send a line of text like this: 006.574438|045.453345|11022344843373 What's it mean? longitude | latitude | timestamp The serialising and deserialising of the data is VERY simple using a StringTokenizer (erm, which doesn't exist in J2ME, so see later!). And the server could…
Base X Encoding
Ever needed to shorten a number so that its easier to remember? Or provide someone with a temporary PIN which is short enough to remember, but long enough to pretty much ensure it wont be randomly guessed by someone else? Converting a binary number into a hexadecimal is exactly the process used in such cases. But hexadecimal only has 16 characters in its "dictionary". Base64 is the next step up, with a bigger dictionary containing all alphanumerics (upper and lower case) as well as "/" and "+". I need a solution which didn't contain certain characters. For example, its easy to mix up an O with a 0. Or an I,l and a 1. I wanted a solution whereby I could encode a number, but using my own definition of the dictionary. So I built just such a solution. You can see the source code below. It contains a main method which runs a simple test, the output of which is: Original: 123456789012345678901234567890 encoded: 2aYls9bkamJJSwhr0 decoded: 123456789012345678901234567890 Passed! decoded value is the same as the original. As you can see, the encoded version is only half as long as the input. Using an 89 character dictionary, it gets even shorter: encoded: "9Kgbz])M.w8KgK The implementation uses the BigInteger class from Java, so you can encode REALLY big numbers. My phone number is now only 5 characters long and really easy to remember: rDm3T /* * Copyright (c) 2010 Ant Kutschera, maxant * * The code…
Enterprise GWT: Combining Google Web Toolkit, Spring and Other Features to Build Enterprise Applications
The following is just the introduction taken from a new white paper available at www.maxant.ch/white-papers: Google Web Toolkit (GWT) provides developers with a powerful means of developing AJAX front ends without the worry of having to maintain complex Java script libraries to support multiple browsers and browser versions. GWT also provides support for Remote Procedure Calls (RPC) to the server. Since April 2009 the Google App Engine has existed, which allows developers to deploy their GWT applications and also provides support for Java Data Objects (JDO) and the Java Persistence API (JPA). However what is missing for GWT to be deployed to a modern Enterprise environment is a service framework providing dependency injection and inversion of control (IoC), transaction demarcation and security, such as that provided by Spring or Enterprise Java Beans (EJB) 3.0. Furthermore GWT does not define any patterns for User Interface designs, or composite widgets. This paper describes how to successfully integrate Spring into a GWT Application with the aim of creating a fully scalable development framework for deployment in the Enterprise and beyond (including simple and small applications), with very little start up time being required, because you can download the demo application. It includes UI Patterns and composite widgets to improve the development of the front end. This GWT Demo Application is live at http://gwtdemo.maxant.co.uk and is available for download at https://www.maxant.ch/white-papers (c) 2010 Ant Kutschera
Professional enterprise JAX-WS in no time at all?
My current client is talking about migrating to Java 1.6 and a Java EE 5 app server (we are currently still on 1.5 because our data center only supports an older app server). One reason for doing so is that this stack supports JAX-WS. Not knowing much about JAX-WS, I decided it was time to take a look. The Java API for XML Web Services (JAX-WS) is basically a specification of how to deploy and use web services in the latest Java runtime. My first question was "whats so good about it compared to Apache Axis 1.4", which I've used successfully plenty of times in the past. Not only does JAX-WS offer improved performance as its based on StAX (a more efficient streaming pull parser for XML), but its also a standard. Axis isn't a standard, even though it is extensively used. JAX-WS is partially part of Java SE 1.6 and the bits which are not part of it, namely the server side implementation, can be theoretically exchanged without breaking anything, because all implementations implement the given specs. So, no vendor lockin; and you get choice over implementations. What more could one ask for... So I went with what I knew, and downloaded Axis2 which is an implementation of JAX-WS among other things and started to migrate a simple web service which had run under Axis 1.4. But it wasn't as simple as I had hoped. The requirement was to create a web service based on an existing Java "service"…
Building a Webmail Solution on top of Apache James Mail Server
Part of maxant's offering to small businesses is email hosting. As well as standard POP3/SMTP access, maxant offers webmail access. A quick search on the web shows that there are several open source webmail solutions available. The problem with all of them is that they communicate with the email server through the SMTP protocol. For example, if you wish to preview a list of emails, the web application needs to access the email server and ask for details of each email (while leaving them on the email server, so they can be downloaded at a later time via POP3). Reading all the emails is inefficient and the larger the number of emails in your inbox, the longer it takes to just see a list of emails. The solution built by maxant is based on the Java Mail API from Sun. This API lets you access individual emails in your inbox using an ID. But Apache James Mail Server (James for short) doesn't maintain the index, if a new mail is put in the inbox, so if you have a list of all emails and decide to access one, and in the mean time you have received email, the chances are that you won't be able to read that email! The next problem is how to deal with keeping a copy of sent emails for your "sent items" folder. If you just use the Java Mail API, the only solution for getting a mail into your email server so that it…
Java EE Security and Spring
Spring Security (originally ACEGI) does not seem to work out of the box with Java EE security (see here). I guess the reason is clear, namely that the people from Spring don't want you to be tied into Java EE and that makes sense because Spring something that you can use without Java EE. But instead of having to learn something new and instead of having to configure my security in a non-standard way, I wanted a way to ensure my services are only called by someone with the right authorization, exactly when they are deployed in a Java EE environment. Since a standard web application running in a Java EE container can be configured to have security, I expected to be able to configure Spring to use the web request to check the Principal for its security roles before calling a service, but that isn't possible. So, I set to work to quickly create a little library to help me out. The first step was to implement a Filter in the web application so that it could intercept every call and insert the web request (containing the Principal) into a ThreadLocal variable. The idea was that the ThreadLocal variable could then be used further up the call stack to query the security roles of the authenticated user. The filter implementation looks like this: public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { //set the request in the security…
