Enterprise Java Beans A COTS Architecture for Modern

Enterprise Java. Beans™ A COTS Architecture for Modern Enterprise Systems Kurt Wallnau • Robert Seacord • John Robert • Santiago Comella Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 1

Outline of Today’s Tutorial Why Enterprise Java. Beans™ (EJB)? An Overview of EJB Security and Transactions Portability and Legacy Systems Summary and the Future of EJB © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 2

Why Enterprise Java. Beans™ ? Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 3

Why Enterprise Java. Beans™? The Nature and Challenges of Enterprise Systems Best of Breed vs. Off-the-Shelf Infrastructures Closed vs. Open Infrastructures Enterprise Java. Beans™ (EJB) Benefits Technical/Market/Business Triangulation © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 4

What are Enterprise Systems? Enterprise systems (ES) automate business processes, i. e. , how work gets done Enterprise systems are 1 • large • heterogeneous • distributed • evolving • dynamic • long lived • mission critical • systems of systems 1. John Salasin, “DAMES: Dynamic Assembly of Military Enterprise Systems, ” briefing materials © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 5

Challenges of Enterprise Systems ES Property © 1999 by Carnegie Mellon University ES Challenge

ES’s Are Big Business Estimates of ES 1 market in federal systems alone is currently $3. 7 billion, up from 1998 estimate of $2. 8 billion • BAAN, SAP, People. Soft and other enterprise resource planning (ERP) systems are meeting this demand • Software component technologies are another market response - Estimates of this market range from $7 billion by 20022 to $12 billion by 20013 1. http: //www. planetit. com/techcenters/docs/enterprise_apps/news/PIT 19990707 S 0003 2. Gartner Group 3. IDC http: //www. selectst. com/downloads/IDC. asp © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 7

Structure of an Enterprise System Clients Business Logic Business Objects (Shared Data) Infrastructure There are various ways of viewing enterprise systems • 2 -tiered, 3 -tiered, N-tiered • by infrastructure technology This N-tiered view will serve our purposes for today Platform (HW/OS) © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 8

Structure of an Enterprise System Our focus is here. . . Clients Business Logic Business Objects (Shared Data) Infrastructure • business rules • application services • relational data • object-to-relation mapping • distribution, events, naming, • transactions, security, etc. Platform (HW/OS) © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 9

ES Infrastructures are Complex The technical infrastructure needed for mission-critical applications is non-trivial Business Logic Business Objects (Shared Data) Infrastructure (e. g. , Middleware) © 1999 by Carnegie Mellon University Networking Connection mgmt Security Transactions Thread Pool Synchronization Persistence Naming System mgmt Load Balancing Failover SEI/CBS Initiative Enterprise Java Beans- page 10

“Best of Breed” Infrastructure is Problematic: The GEE Experience Networking Connection mgmt Security Transactions Thread Pool Synchronization Persistence Naming System mgmt Load Balancing Failover © 1999 by Carnegie Mellon University Netscape Browser & ES Microsoft Explorer & IIS Java Web Server Visibroker/Java Orbix. Web JDK/RMI Netscape DS JSAFE Microsoft IIS Java Key CRYPTIX SSLEAY JCE Visibroker/C++ ITS Microsoft Access Oracle 7. x and 8. x ODBC/JDBC Orbix Names Visi Names SEI/CBS Initiative Netscape DS Microsoft IIS Enterprise Java Beans- page 11

The GEE: Some Lessons We built an enterprise infrastructure from COTS “parts” choice-points for product specific options • product selections limited by “ensemble effect” • latest versions of products often are often unintegratable with previous ensemble • significant ongoing cost for product tracking and evaluation of new releases • complex rules for build and deploy • product/technology insulation is very hard • tremendous vertical and spanning product and technology competency needed • product and technology competency is a wasting asset © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 12

COTS ERP: Proprietary, Vertically. Integrated ES Proprietary Scripting and Modeling Tools Clients 1. 1 1. 2 1. 3 Infrastructure Platform (HW/OS) © 1999 by Carnegie Mellon University SEI/CBS Initiative Pre-specified business processes, process templates and data items Pre-Integrated Infrastructure using vendor selected products and policies Enterprise Java Beans- page 13

EJB: Specification for “Open” but Proprietary ES Frameworks Clients COTS Bean Families Session. Beans for Service Connections Entity. Beans for Persistent Data Infrastructure Platform (HW/OS) © 1999 by Carnegie Mellon University SEI/CBS Initiative Specification of security, persistence, life cycle, naming, transactions via server and container contracts Enterprise Java Beans- page 14

COTS ERP vs. EJB: pros and cons Enterprise Java. Beans™ COTS ERP Package ©

Rationale for EJB? ES Property ES Challenge © 1999 by Carnegie Mellon University EJB

To Bean or Not To Bean? (1) Ultimately this will require consideration of technical, market and business pros and cons Technical • + The J in EJB addresses heterogeneity • + Specification ties together a variety of ES infrastructure services in a “standard” way • - The J in EJB may suffers from performance problems and JVM bugs • - Not all services are sufficiently well defined to enable cross-container bean portability © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 17

To Bean or Not to Bean? (2) Market factors refer to the performance and viability of EJB in the technology marketplace: • + EJB may unify a fragmented “app server” market, and jumpstart a market in servers and containers • + EJB leverages tremendous interest in Java, and many EJB servers are now available • - EJB is not “open”--Sun controls the spec, and its future evolution is unpredictable • - Technology battle with Microsoft and fast Java evolution guarantee continued EJB instability © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 18

To Bean or Not To Bean? (3) Business factors will be particular to each organization. These are representative pros/cons • + Organization is engaged in a general switchover to Java technology, so why wait? • + Market in server/container providers provide competitive alternatives and fallbacks • - Technology instability and immaturity will cause delays, rework, risking added cost and delayed time to market • - EJB vendors will continue to provide proprietary and non-standard features © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 19

The Remainder of the Tutorial John Robert describes EJB in detail Robert Seacord takes a more in-depth look at several aspects of EJB and discusses strengths and weaknesses found Santiago Comella-Dorda discusses issues of Enterprise Java. Bean portability and integration with legacy systems Robert Seacord closes with a brief summary and some thoughts on the future of EJB © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 20

Enterprise Java. Beans™ Overview Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 21

EJB Overview What is EJB? EJB Roles EJB Architecture EJB Services Building an EJB

EJB in the n-Tier System You Are Here Browser Client Applet Database Client Application Legacy Systems EJB Server Clients © 1999 by Carnegie Mellon University Application SEI/CBS Initiative Data Enterprise Java Beans- page 23

What is EJB? Specification for component based distributed computing framework using Java technology. Enterprise Java. Beans Specification describes • roles and responsibilities for component-based software development of server-side applications. • an architecture including EJB Servers, Containers, and Beans. • a set of services including naming, transactions and security. • interoperability with database servers and CORBA applications. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 24

EJB Specification Evolving Technology • Release 1. 0 - March 98, Final • Release 1. 1 - May 99, Public Draft Goals • Component-based software development. • Separate business logic from system code. • Address application life cycle. • Compatible with CORBA (non Java apps). Specification owned by Sun and supported by 40+ companies. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 25

EJB Roles Application Development and Deployment Bean Provider - Producer of enterprise beans. Application - Combines enterprise beans into Assembler larger deployable parts. Deployer - Deploys enterprise beans into a specific operational environment. Platform Provider - Container provider and server provider. System Admin. - Configuration and administration of infrastructure. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 26

EJB Architecture The container is the platform. The component is your application. Picture provided by Sun Microsystems, Inc. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 27

EJB Platform Provide naming service using JNDI Provide OMG/OTS compliant transaction service Container EJB Server Manage EJ Bean life cycle Make EJ Bean Interfaces Available with JNDI Provide basic security services Persistence Management (DBMS and other) Manage transaction context © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 28

EJB Platform Vendors Select EJB complaint platform for purchase (1. 0 or 1. 1). EJB Platform vendors supplement standard EJB with proprietary features. Current Vendors include • BEA Systems - Web. Logic • Bluestone - Sapphire/Web • IBM - Web. Sphere • Inprise - Application Server • Oracle - Oracle 8 i • Persistence - Power. Tier • Sun/Netscape alliance - reference implementation © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 29

EJB Application consists of multiple beans Beans are “portable” across containers Beans can be purchased or constructed Enterprise Java. Beans™ Component © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 30

Types of Enterprise Java. Beans Session Bean • Used for client interface • Not shared between clients • Two kinds of Session Bean: - stateless - common object identity - stateful - unique object identity Entity Bean • Maps to data in database or application • Shared between clients • Persistent state - container managed - access defined at deployment - bean managed - access defined as part of bean • Support optional in 1. 0 and mandatory in 1. 1 © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 31

Mixing Beans EJB applications use a combination of entity beans and session beans to implement business logic. Prefix. Bean Client Echo. Service. Bean Session Bean Entity Bean © 1999 by Carnegie Mellon University Database Suffix. Bean Application Server SEI/CBS Initiative Enterprise Java Beans- page 32

EJB Client Interfaces Factory Interface Finder Interface EJB Home EJB Object Remote Interface Contains bean services seen by clients © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 33

EJB Architecture The purchased EJB server is the platform. The application consists of session and entity beans. Application interfaces are made available to clients at time of deployment. Picture provided by Sun Microsystems, Inc. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 34

Deployment Bean + Deployment descriptor Deploy Platform Specific Implementation of Bean Deployment provides a mechanism for adapting a component for a specific runtime environment. Deployment is an intermediate step between coding a bean and executing a bean. By using a deployment descriptor, some attributes of the bean implementation are specified by the deployer, and implemented by the platform provider. Two kinds of information in a deployment descriptor • Enterprise beans’ structural information - can’t change • Application assembly information - can change © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 35

EJB Services Standard EJB services allow application developers to • focus on business logic rather than infrastructure • defer responsibility for common services to the EJB platform • create “portable” applications that can be reused • support a component marketplace Standard EJB services include • Persistence • Naming • Transactions • Security © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 37

Persistence EJB Definition “The data access protocol for transferring the state of the entity between the enterprise bean instance and the underlying database is referred to as object persistence. ” Two types of persistence • bean-managed - persistence logic implemented directly inside the enterprise bean class. • container-managed - persistence logic delegated to container. The underlying data source may be an existing application rather than a database. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 38

Bean-Managed Persistence Entity. Bean SQL code persistence logic Deploy + Bean • SQL code • persistence logic Deployment Descriptor persistence-type Enterprise bean provider writes database access calls (using JDBC or SQLJ) directly in the entity bean. Entity bean is tied to the data source in which the entity is stored. More portable across EJB platforms than containermanaged entity bean. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 39

Container-Managed Persistence Entity. Bean + Deployment Descriptor persistence-type cmp-fields Bean • generated SQL code • generated persistence logic Data access components (like JSBC and SQLJ calls) are generated at deployment time by container tool. Entity bean is independent from the data source in which the entity is stored. Less development effort for bean provider. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 40

Name Service - Deployment Descriptor Deploy bean home name Benefits • EJB server has built-in name server. • Service name of bean is assigned at deployment time, not compile time. • Some EJB servers support enterprise bean replication. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 41

Name Service - Lookup My. Client Context ct= get. Initial. Context(…) ct. lookup(“Echo. Service”) Runtime Benefits • JNDI allows clients to use one interface for locating CORBA, LDAP, NDS, and file objects. • Allows management of enterprise wide services using naming hierarchy. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 42

Transactions Benefits • EJB applications can defer transaction logic to EJB server and container. • Distributed transactions. Picture provided by Sun Microsystems, Inc. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 43

Security Deployment Descriptor Deploy Generated Bean Code • security logic security roles. . . Benefits • Permissions specified for each bean service at deployment time. • Builds on security of JDK. Detailed discussion by Robert Seacord. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 44

Building an EJB Application How do we build an EJB application? Client Database Application

Step 1: Create Interfaces EJB Server Specifies the life cycle interfaces public interface Account. Home extends EJBHome{ public create(…) public find. By. Primary. Key(. . ) Home I/F Client Database Specifies the interface provided to bean clients public interface Account extends EJBObject{ public get. Name(…) public set. Name(…) © 1999 by Carnegie Mellon University Remote I/F SEI/CBS Initiative EJB specification This is generated You write this Enterprise Java Beans- page 46

Step 2: Create Implementation EJB Server Home I/F Client Entity. Bean implements Account Implements bean interfaces public class Account. Bean implements Entity. Bean { Remote I/F public void ejb. Activate(. . . ) {………} public void ejb. Passivate(…) {………. } public get. Name(…) {……. . } public set. Name(…) {……. . } © 1999 by Carnegie Mellon University SEI/CBS Initiative Database EJB specification This is generated You write this Enterprise Java Beans- page 47

Step 3: Deployment Descriptor EJB Server Home I/F Client Entity. Bean “Tells” the container how to deploy the bean (how to do DBMS access, transactions, security, naming, etc. ) implements Account Database Remote I/F Deployment descriptor EJB specification This is generated You write this © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 48

Step 4: Deploy EJB Server Home obj Client implements Entity. Bean Home I/F implements Account Database delegates Remote obj implements Remote I/F Deployment descriptor EJB specification This is generated You write this © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 49

Entity Bean Inheritance - 1 Java. rmi. Remote EJBMeta. Data Java. io. Serializable EJBObject EJBHome JDK Enterprise. Bean EJB Spec Entity. Bean Provider (Wombat) Container Provider (Acme) Produced by Acme tools Extends or implements interface Extends implementation, code generation or delegation © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 50

Entity Bean Inheritance - 2 Java. rmi. Remote EJBMeta. Data Java. io. Serializable EJBObject EJBHome Account. Home JDK Enterprise. Bean EJB Spec Entity. Bean Account. Bean Provider (Wombat) Container Provider (Acme) Produced by Acme tools Extends or implements interface Extends implementation, code generation or delegation © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 51

Entity Bean Inheritance - 3 Java. rmi. Remote EJBMeta. Data Java. io. Serializable Enterprise. Bean EJBObject EJBHome Account. Home Acme. Meta. Data JDK EJB Spec Entity. Bean Account. Bean Provider (Wombat) Account Acme. Home Acme. Remote Acme. Bean Container Provider (Acme) Acme. Account. Home Acme. Remote. Account Acme. Account. Meta. Data Produced by Acme. Account. Bean tools Extends or implements interface Extends implementation, code generation or delegation © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 52

EJB & CORBA EJB and CORBA are complimentary standards. EJB uses CORBA for • Enabling non-Java clients to access EJB applications. • Interoperability for EJB environments that include systems from multiple vendors. EJB-to-CORBA mapping (separate specification) • Mapping of EJB interfaces to RMI-IIOP. • Propagating transaction context. • Propagating security context. • Interoperable naming service. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 53

Summary The EJB architecture simplifies distributed application development by • providing pre-integrated solution framework • separating the business logic from distributed system services • providing standard services, including naming, transactions, and security • managing life cycle functions © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 54

References [1] Enterprise Java. Beans. TM Specification Version 1. 1 http: //java. sun. com/products/ejb/docs. html [2] Enterprise Java. Beans. TM Specification Version 1. 0 http: //java. sun. com/products/ejb/docs 10. html [3] Enterprise Java. Beans. TM Tools http: //java. sun. com/javaone 98/sessions/T 402/index. htm © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 55

For More Information. . . Telephone Fax Email World Wide Web U. S. mail © 1999 by Carnegie Mellon University 412 / 268 -5800 412 / 268 -5758 rcs@sei. cmu. edu kcw@sei. cmu. edu jer@sei. cmu. edu scd@sei. cmu. edu http: //www. sei. cmu. edu Customer Relations Software Engineering Institute Carnegie Mellon Pittsburgh, PA 15213 -3890 SEI/CBS Initiative Enterprise Java Beans- page 56

EJB Security Management Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 57

Security Management Overview The enterprise bean class provider should not hard-code security policies and mechanisms into the business methods • allows appropriate deployment for the operational environment of the enterprise The application assembler may define • security roles for an application - semantic grouping of permissions • method permissions for each security role - permission to invoke a specified group of methods © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 58

Security Management Overview - 2 System Admins Deployer Application Assembler Bean Provider Method Permissions Users Security Roles E J B Groups © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 59

Bean Provider’s Responsibilities The bean provider should not implement security mechanisms or security policies in the enterprise beans’ business methods • rely instead on the security mechanisms provided by the EJB Container It is possible, however, to programmatically access a Caller’s Security Context. . . © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 60

Programmatically Accessing a Caller’s Security Context Two methods allow the bean provider to access security information about the enterprise bean’s caller • get. Caller. Principal • is. Caller. In. Role In general, security management should be enforced by the container • the security API should is used infrequently © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 61

Declaring Security Roles Security roles are declared in the deployment descriptor. . . <enterprise-beans> <entity> <ejb-name>Wombat. Payroll</ejb-name> <ejb-class>com. wombat. Payroll. Bean</ejb-class> <security-role-ref> <description> This security role should be assigned to the employees allowed to update employees’ salaries. </description> <role-name>payroll</role-name> </security-role-ref> </entity> </enterprise-beans> … © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 62

Application Assembler’s Responsibilities Define security roles in the deployment descriptor <security-role> <role-name> employee <description> allow employees to access their own data Specify the methods of the remote and home interface that each security role is allowed to invoke <method-permission> <role-name> employee <ejb-name> Wombat. Payroll <method-name> get. Employee. Info Link declared security role references to security roles <role-link> payroll-department (add to bean description) © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 63

Deployer’s Responsibilities Ensures that an application is secure after it has been deployed in the operational environment Assigns principals and/or groups of principals used for managing security in the operational environment to defined security roles • not specified in the EJB architecture! • specific to that operational environment Can use the security view defined in the deployment descriptor merely as “hints” © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 64

EJB Container Provider’s Responsibilities The EJB container provides the implementation of the security infrastructure A security domain can be implemented, managed, and administered by the EJB Server • e. g. , the EJB Server may store X 509 certificates The EJB specification does not define the scope of the security domain • the scope may be defined by the boundaries of the application, EJB Server, operating system, network, or enterprise © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 65

System Administrator’s Responsibilities Typically responsible for • creating a new user account • adding a user to a user group • removing a user from a user group • removing or freezing a user account Security domain administration is beyond the scope of the EJB specification. . . © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 66

Proceed with Caution… EJB Server Vendor EIS r cu EJB Specification e Sec e

Summary The EJB architecture does not specify how an enterprise should implement its security architecture • assignment of security roles to the operational environment’s security concepts is specific to the operational environment • identification and authentication left to EJB Server vendor’s Security will be vendor specific for some time • no plans to address problem in EJB 2. 0 © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 68

References [1] Java Authentication and Authorization Service (JAAS) http: //java. sun. com/security/jaas/. [2] Java Cryptography Extension (JCE) http: //java. sun. com/security/JCE 1. 2/spec/apidoc/index. html © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 69

EJB Transactions Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 70

Distributed Transactions EJB allows application developers to write applications that atomically update data in multiple databases • may be distributed across multiple sites • sites may use EJB Servers from different vendors The enterprise Bean Provider and the client application programmer are not exposed to the complexity of distributed transactions. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 71

ACID Properties Atomicity. In a transaction involving two or more discrete pieces of information, either all of the pieces are committed or none are. Consistency. A transaction either creates a new and valid state of data, or, if any failure occurs, returns all data to its state before the transaction was started. Isolation. A transaction in process and not yet committed must remain isolated from any other transaction. Durability. Committed data is saved by the system such that, even in the event of a failure and system restart, the data is available in its correct state. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 72

Programmatic vs. Declarative Transaction Demarcation Bean-managed transaction demarcation • enterprise bean code demarcates transactions using javax. transaction. User. Transaction • accesses between User. Transaction. begin and User. Transaction. commit calls are part of a transaction Container-managed transaction demarcation • container demarcates transactions per instructions provided by the Application Assembler in the deployment descriptor © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 73

Container-Managed Transaction Demarcation Not. Supported - container invokes enterprise Bean method with an unspecified transaction context Required - container invokes enterprise Bean method with a valid transaction context Supports • If the client calls with a transaction context, same as Required • If the client calls without a transaction context, same as Not. Supported © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 74

Container-Managed Transaction Demarcation - 2 Requires. New - container invokes enterprise Bean method with a new transaction context Mandatory - container invokes enterprise Bean method with the client’s transaction context Never - container invokes an enterprise Bean method without a transaction context • client is required to call without a transaction context © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 75

Isolation Levels Describes the degree to which access to a resource manager by a transaction is isolated from other concurrently executing transactions Part of the EJB 1. 0 specification -- has been eliminated in EJB 1. 1! • API for managing an isolation level is resourcemanager specific • bean provider may specify the same or different isolation levels for each resource manager © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 76

Updates to Multiple Databases Server X Client DB A Y DB B DB C

Updates to Multiple Databases in Same Transaction client © 1999 by Carnegie Mellon University

Updates to Multiples Databases on Multiple Servers EJB Server client begin X DB commit

Two-Phase Commit (2 PC) JDBC 1. 2 does not support XA two phase commit • impossible for an EJB server using JDBC 1. 2 to directly support for distributed transactions Distributed transactions requires the existence of database drivers that support XA 2 PC • in most cases, developers are relying on the vendor to provide database drivers © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 80

Relationship to JTA and JTS Java Transaction API (JTA) Java Transaction Service (JTS) ©

Java Transaction API (JTA) © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java

Java Transaction API (JTA) JTA specifies the interfaces between a transaction manager and the other parties involved in a distributed transaction processing system • application programs • resource managers • application server © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 83

Java Transaction Service (JTS) Java binding of the CORBA Object Transaction Service (OTS) 1. 1 specification Provides transaction interoperability using the standard IIOP protocol for transaction propagation between servers Intended for vendors who implement transaction processing infrastructure for enterprise middleware • may be used by an EJB Server vendor as the underlying transaction manager © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 84

EJB Relationship to JTA and JTS Does not require the EJB Container to support the JTS interfaces Requires that the EJB Container support the javax. transaction. User. Transaction interface defined in JTA Does not require support for • JTA resource manager (XAResource) • application server interfaces © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 85

Summary Transaction-based systems can be implemented simply using EJB Transactions are not simple -- transaction behavior is affected by choice of • session bean or entity bean • stateful or stateless session bean • bean-managed vs. container-managed transaction demarcation • transaction attributes • lots more stuff! © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 86

References [ 1 ] Java Transaction API (JTA). http: //java. sun. com/products/jta. [ 2 ] Java Transaction Service (JTS). http: //java. sun. com/products/jts. [ 3 ] OMG Object Transaction Service. http: //www. omg. org/corba/sectrans. htm#trans. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 87

For More Information. . . Telephone Fax Email World Wide Web U. S. mail © 1999 by Carnegie Mellon University 412 / 268 -5800 412 / 268 -5758 rcs@sei. cmu. edu http: //www. sei. cmu. edu Customer Relations Software Engineering Institute Carnegie Mellon Pittsburgh, PA 15213 -3890 SEI/CBS Initiative Enterprise Java Beans- page 88

Integration of Legacy Software in EJB Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 89

Agenda Types of legacy systems Integrating legacy business logic Integrating legacy data © 1999

Types of “Legacy” Infrastructures Data • Mainframes • Non-relational databases • File systems. . . Systems: Data + Logic (Niklaus Wirth) • TP monitors, COBOL systems • ERP systems • CORBA and COM servers © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 91

Integrating Legacy Business Logic Keep and leverage investment Access old system through a new interface (Internet…). Substitute the old code in an incremental way - eliminating big-bang approach © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 92

Traditional Approaches Legacy System IT manager commits suicide. New, pretty and Internet aware System Internet server Function 1 Big- Bang Function 2 Conversion Screen © 1999 by Carnegie Mellon University N ve CGI coamtim. extension Script Screen Scrap ping Terminal em HTML ulation… SEI/CBS Initiative Enterprise Java Beans- page 93

Traditional Approaches : Advantages & Problems Screen scrapping and terminal emulation • fast and “cheap” • plenty of support tools • the new system is as inflexible and hard to maintain as the old one • it is just a “make up” Big bang conversion • definitive solution • plenty of liberated IT resources are needed • the EIS must not be vital, a period of adaptation to the new system must be admissible © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 94

Application Server Approaches Message. Service Legacy System Function 1 Service Native comm. Broker Function 2 Native comm. Screen EJB Server Internet server Function 2 bean Applet Adapter CGI or Servlets Wrapped functionality Function 1 bean HTML © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 95

Adapter Strategy: Details Workflow model. If it involves more than one function then NOT_SUPPORTED Wrapper of Function 1 If The COBOL system enables rolling a function then NEW_REQUIRED Workflow 1 Stateful Session Adapter Stateless Session Func. 2 Stateless Session © 1999 by Carnegie Mellon University Text only COBOL system Function 1 Function 2 EJB server Func. 1 Stateless Session Green screen terminal no state between functions Communication: error control, connection pooling, timing. . . NOT_SUPPORTED SEI/CBS Initiative Enterprise Java Beans- page 96

Application Server Approaches : Advantages & Problems Sometimes it is very difficult to divide the old monolithic system into discrete functions. Legacy interfaces can be very hard to use. Text based communication, for example, is error prone. Step by step approach. Very good “effort / added-value” relation. Straightforward approach with well defined steps. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 97

Integrating Legacy Data: Why? Cannot migrate the data • legacy systems may still use it. Don’t want to replicate data for coherence and maintenance. Data needs to be accessed from EJB applications • preferably in a transparent way, I. e. through Entity beans. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 98

Legacy Data II: Present Approach JDBC ve Nati ss Acce JDBC Driver XA JDBC-ODBC Mainframes, Bridge Relational DB, File systems, Native ODBC OO databases. Access Entity “Regular” Bean Container Transaction Manager Driver Na Ac tive ce ss © 1999 by Carnegie Mellon University Native Access Custom Resource Manager EJB Server “Specialized” Entity Container XA CUSTOM SEI/CBS Initiative Bean Enterprise Java Beans- page 99

Legacy Data III: Future Approach Database Transaction Processor ERP Native Access Entity Bean Container Connector EJB Server Connector Native Access Transactions Native Access Connector © 1999 by Carnegie Mellon University Standard interfaces Security Resource management SEI/CBS Initiative Enterprise Java Beans- page 100

Connectors Java SM Community Process Initiated • expert group being formed Schedule for specification release not yet defined • not expected until at least 2000 • implementations will follow For more information contact: Rahul Sharma, Member of Technical Staff Sun Microsystems, Inc. Rahul. Sharma@sun. com © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 101

Connectors: Advantages Standard connection EIS resources and application servers. No more proprietary and non-portable solutions like specialized containers. Only covers the system level interfaces. Application level interfaces are still vendor specific. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 102

Conclusions Application servers in general, and EJB in particular, are powerful and smart ways to integrate legacy systems in modern EIS. Every legacy integration effort includes risks. It is a difficult task that requires a great deal of expertise. Other options like big-bang migration or screen scraping are more expensive or do not fully solve the problem. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 103

Portability in EJB Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 104

Implementation vs. Standard (MTS vs. EJB) Implementation • Over-specification: every function, interface and behavior is defined • Single vendor Standard • Under-specification: different grades of imprecision - compatibility test suites and reference implementations can help portability • Multi-vendor environment brings competence and innovation © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 105

Portability Is Not EJB’s Only Target Product differentiation Portability © 1999 by Carnegie Mellon

EJB Development Process 1 E. Beans Specialized E. Beans 2 G E. ene Be ric an s Set of assembled E. Beans Deployed application Deployed E. Beans 3 Application template Market Application Assembler © 1999 by Carnegie Mellon University SEI/CBS Initiative EJB Deployer Server & container Enterprise Bean Provider Component Market EJB Platform Provider Enterprise Java Beans- page 107

When Portability is Important Component vendors that want a broad-based market for their components. Application assemblers that want a large market of pre-built components for reuse. Application server providers that want to expand the number of third-party components available for their platforms. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 108

When Portability is Not Important Enterprises that make a strategic decision to use a particular EJB server to take advantage of proprietary features. Organizations that custom develop beans to meet non-negotiable requirements or to differentiate their application. Application server providers that want to offer nonstandard extensions as a business strategy. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 109

Basic Structure of an Enterprise Bean EJB Server-Container Contract EJB Container Client JNDI. . . Portability Related © 1999 by Carnegie Mellon University Enterprise Bean EB-Client Contract EB-Container • Home • Remote interface • Bean • DD Contract SEI/CBS Initiative Enterprise Java Beans- page 110

The Enterprise Bean Contracts Source Code • API definition • Programming practices, rules and prohibitions Deployment descriptor • XML based syntax • Defined set of attributes Life cycle, transactional behavior…. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 111

Source Code Incompatibility Different flavors of JPE APIs • JDK 1. 1 vs. 1. 2 • RMI-CORBA mapping Additional and proprietary APIs • XML • Security Semantic differences • Objects passed by value • JNDI © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 112

Deployment Descriptor Incompatibility Syntactic differences have disappeared with EJB 1. 1’s XML-based descriptor. There is a “standard core” set of deployment descriptor attributes. Different servers additional attributes to control specific capabilities • difficult to use only standard attributes • Compatibility problems in deployment descriptors can affect the source code © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 113

Conclusions Are EJB applications portable? • we could say that it is possible to make portable EJB applications, but it requires some workarounds and developer guidelines. Portability will increase with future releases of the standard • the holes in the standard will be gradually filled • EJB servers will more closely meet the standard • test suites and reference implementation will be soon released. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 114

Conclusions -2 Portability in EJB is an inversion. • Making portable EJB applications is harder than using proprietary capabilities. • Is it worth the effort in your case? © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 115

For More Information. . . Telephone Fax Email World Wide Web U. S. mail © 1999 by Carnegie Mellon University 412 / 268 -5800 412 / 268 -5758 rcs@sei. cmu. edu kcw@sei. cmu. edu jer@sei. cmu. edu scd@sei. cmu. edu http: //www. sei. cmu. edu Customer Relations Software Engineering Institute Carnegie Mellon Pittsburgh, PA 15213 -3890 SEI/CBS Initiative Enterprise Java Beans- page 116

Additional Slides (I will only use them for specific questions) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 117

Resource Managers They must provide: • The XA interface to make them transactional aware • A “custom” interface to access data - JDBC is one of these “custom” interfaces - Can be used by bean-managed persistence or container-managed if interface understood by container • Pooling, concurrence and similar features implemented at this level © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 118

Resource Managers- 2 JDBC is a resource manager to access a special kind of legacy data: relational databases • There are JDBC native drivers for plenty of databases: mainframes. . . • If not native version available ==> an ODBC driver and a JDBC-ODBC bridge can be used. • Developing JDBC drivers is complex but all EJB infrastructure can make transparent use of them. There are other resource managers to access other kinds of data e. g. , OO, file system, SAP. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 119

Specialized Containers If we want to use CM persistence, the container must “know” the resource manager • Normal containers know JDBC sources, sometimes plain file systems. • There could be other containers that know other resources: ODMG sources, SAP R/3…. - Versant Container to access the Versant ODBMS in Web. Logic - Web. Sphere to CICS © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 120

Legacy Programs Different approaches: • Traditional solutions: - Screen scraping, CGI extensions, “magic converters”…. - They meet only some objectives. • Application server solutions - Adapters - Service brokers © 1999 by Carnegie Mellon University Middleware SEI/CBS Initiative Enterprise Java Beans- page 121

EJB Roadmap Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 122

Java 2 Enterprise Edition • Platform specification • Reference implementation (RI) • Application programming model (APM) • Compatibility test suite (CTS) © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 123

J 2 EE Status and Schedule J 2 EE Platform Specification • Public Draft June 15 • Public Release July 1999 • Final Release December 1999 J 2 EE RI & CTS • Beta • FCS September 1999 December 1999 J 2 EE APM document • Public Draft • Sample App Beta August 1999 © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 124

Enterprise Java. Beans 2. 0 Specification Integration of Enterprise Java. Beans with the Java Message Service™ (JMS) Improved support for entity beans persistence support for relationships among EJBs Support for inheritance and subclassing of Enterprise Java. Beans Query syntax for entity bean finder methods support for additional methods in the Home Interface Mechanisms for container extensions EJB Server network interoperability protocol © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 125

Integration of EJB with JMS is an API for accessing enterprise messaging systems from Java programs. JMS integration is needed to allow • Enterprise Java. Beans to be invoked asynchronously from clients • EJBs to interoperate with legacy systems that use JMS for integration • use of disconnected clients with Enterprise Java. Beans • use of Enterprise Java. Beans within publish/subscribe configurations. © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 126

Improved Support for Persistence for Entity Beans Define a standard interface between the container and the persistent storage mechanism • insure that a bean developed on one EJB server can be portably deployed in a different server environment with a different - persistent storage facility - set of tools - database • enable tools to operate across the containers of multiple vendors © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 127

Support for Relationships among Enterprise Java. Beans The bean provider in EJB 1. 1 is responsible for • management of 1 -1, 1 -n, and m-n associations among enterprise beans • management of relationships between enterprise beans and their dependent objects Capture information about relationships so that it can be made available at • deployment time • run time © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 128

Support for Inheritance and Subclassing of Enterprise Java. Beans EJB currently supports class inheritance but not component inheritance Subclassing of components being considered for EJB 2. 0 • unclear how object persistence will be implemented • practical advantages unclear © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 129

Query Syntax for Entity Bean Finder Methods Define a format for specifying the query criteria or the selection predicates that are to be used by finder method implementations • support the definition of portable finder methods © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 130

Mechanisms for Container Extensions Interceptors are methods the container invokes during the bean invocation protocol • provides a portable means for specializing the behavior of the container for specific operational environments • reduces the need for specialized containers © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 131

Support for Additional Methods in the Home Interface Currently no means for adding methods independent of individual bean instances (other than create and finder methods) • home methods are similar to static members in traditional OO • can be used, for example, to support bulk update operations © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 132

EJB Server Network Interoperability Protocol Movement towards requiring RMI/IIOP Complete the mapping of EJB via RMI/IIOP by specifying support for interoperable security and naming • supports network interoperability among CORBA-based EJB server implementations © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 133

Not Planned for EJB 2. 0 Portable, security solution • vendors must implement their

EJB Release Schedule Release 1. 0 • March 98, Final Release 1. 1 • May 99, Public Draft • Q 3 99, Public Release • Q 4 99, Final Release 2. 0 • Year 2000 © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 135

EJB Summary and Conclusions Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 -3890 Sponsored by the U. S. Department of Defense © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans - page 136

EJB Summary EJB server implementations lag behind proprietary application servers in • support for distributed transactions • security EJB supports development of “Write Once, Run Anywhere. TM” Java applications • issues exist porting between EJB servers © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 137

What are the Alternatives? Microsoft Transaction Server (MTS) Vendor suites • database vendors (I. e. , Oracle, Sybase) • transaction manager (I. e. , BEA Tuxedo) • Web vendors (I. e. , Netscape) Custom integration of Java technologies Enterprise Resource Planning (I. e. , SAP, People. Soft, Baan, IBM San Francisco) © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 138

Microsoft Transaction Server (MTS) Microsoft proprietary solution • only runs on Windows NT • based on the Component Object Model (COM) • interfaces to broad range of databases • Active directory, security and clustering extensions added in Windows 2000 Efficient, low-cost solution on Microsoft platform • “feel the power of the dark side of the force” © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 139

Vendor Suites Application servers that do not adhere to an EJB specification • application programming language usually C++ but may also be Java • typically provides support for distributed transactions, security, failover, replication • database, transactions, Web vendors have different strengths Allows the development of large, complex enterprise systems • risk of vendor lock © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 140

Custom Integration Best-of-breed integration of components • control own architecture • allows flexibility in selection of components that meet specific requirements • components can be incrementally upgraded Greater degree of control and flexibility but • requires greater expertise in infrastructure technologies • greater investment in time and $$$ • integrating products from different vendors can be problematic © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 141

Enterprise Resource Planning (ERP) Vertically integrated domain-specific frameworks • includes business processes • often difficult to integrate with legacy systems • usually does not consist of the latest and greatest technologies Offers business solution • may require the adoption of business processes • trades flexibility for complete solution © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 142

Conclusion EJB can be used to build scalable, platformneutral, multi-tier applications, but only if you avoid product-specific features EJB is still rapidly evolving -- look for stability elsewhere EJB is the keystone of Sun’s Java 2 Enterprise Edition © 1999 by Carnegie Mellon University SEI/CBS Initiative Enterprise Java Beans- page 143

For More Information. . . Telephone Fax Email World Wide Web U. S. mail © 1999 by Carnegie Mellon University 412 / 268 -5800 412 / 268 -5758 rcs@sei. cmu. edu kcw@sei. cmu. edu jer@sei. cmu. edu scd@sei. cmu. edu http: //www. sei. cmu. edu Customer Relations Software Engineering Institute Carnegie Mellon Pittsburgh, PA 15213 -3890 SEI/CBS Initiative Enterprise Java Beans- page 144