what is new and noteworthy in jersey miroslav fuksa, jakub podlešák software developers oracle,...
TRANSCRIPT
What Is New and Noteworthy in Jersey
Miroslav Fuksa, Jakub PodlešákSoftware DevelopersOracle, Application Server GroupOctober 1, 2014
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 4
Safe Harbor StatementThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 5
Goals of The Presentation• To demonstrate some lesser-known features• To show you new additions to Jersey project
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 6
Jersey 2 Primer• Jersey 2 provides reference implementation of JAX-RS 2.0• Included in GlassFish 4.x• And in WebLogic 12.1.3 (Jersey 2 as a shared library)• Provides ouf-the-box support for other containers• 2.13 is the actual version (released this Monday)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 7
Agenda• Async Server-Side Support• Reactive/Async Client• Security (OAuth 2)• Light-weight Container Support• Jersey Test Framework (TestNG Support )• Monitoring and Tracing
8Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Async Server-side Support
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 9
When To Go Async on The Server Side?• Resource method processing takes a “long time”–Waiting for other backend resources, i/o, disk, db, …– Blocking i/o selector thread that could be utilized by other connections otherwise
• From a single user perspective, going from sync to async does not change anything!• Async is important when concurrent clients compete for I/O threads
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 10
Two methods to off-load I/O threads• Standard JAX-RS: @Suspended AsyncResponse• Jersey’s @ManagedAsync
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 11
JAX-RS Standard WayExecutorService exec = Executors.newCachedThreadPool();
@GET @Path("{id}")
public void getSession(@Suspended final AsyncResponse response, @PathParam("id") final String id) {
exec.submit(new Runnable(){
public void run() {
response.resume(db.get(id));
}
});
}
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 12
@ManagedAsync
@GET @Path("{id}")
@ManagedAsync
public void getSession(@Suspended final AsyncResponse response, @PathParam("id") final String id) {
response.resume(db.get(id));
}
13Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Reactive/Async Client
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 14
Reactive programming
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 15
Example• Travel agency– Travel to new destinations, get recommendations, forecast and price calculation
• Orchestration layer with Jersey client
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 16
Orchestration layer
(web app with Jersey client)
Visited location
Recommended locations
Forecast calculation
Price calculation
Mobile app / Web app
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 17
Visited
Recommendeddestination
Price calculation Forecast
Recommendations
Agent Response
Request
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 18
Reactive Approach
• RxJava – Observable• Java 8 – CompletionStage and CompletableFuture• JSR166e – CompletableFuture (JDK6, JDK7)• Guava – ListenableFuture and Futures
Libraries
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 19
Resources
• JAX-RS Client API– https://jax-rs-spec.java.net/nonav/2.0/apidocs/overview-summary.html– https://jersey.java.net/documentation/latest/client.html
• Jersey Rx Client– https://github.com/jersey/jersey/tree/master/incubator/rx/rx-client– https://github.com/jersey/jersey/tree/master/incubator/rx/rx-client-guava– https://github.com/jersey/jersey/tree/master/incubator/rx/rx-client-java8– https://github.com/jersey/jersey/tree/master/incubator/rx/rx-client-jsr166e– https://github.com/jersey/jersey/tree/master/incubator/rx/rx-client-rxjava
JAX-RS and Jersey
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 20
Resources
• 3rd party libraries– https://code.google.com/p/guava-libraries/– https://github.com/ReactiveX/RxJava– http://docs.oracle.com/javase/8/docs/api/java/util/concurrent/package-summary.html– http://gee.cs.oswego.edu/dl/concurrency-interest/index.html
• Example (JDK7)– https://github.com/jersey/jersey/tree/master/examples/rx-client-webapp
• Netflix blog post about RxJava– http://techblog.netflix.com/2013/02/rxjava-netflix-api.html
Example and Libraries
21Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
OAuth 2
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
OAuth: introduction
username/password
Consumer
ServiceProvider
Resource owner
usern
ame/
passw
ord ?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
OAuth 2: Authorization Code Grant Flow
1 Authorization Request2 Resource owner authorization3 Authorization Response4 Access Token5 Refreshing Token
1
2
3
4
Consumer
ServiceProvider
Resource owner 5, 6, …
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
OAuth 2: Authenticated Requests
Acces
s Tok
en
Consumer
ServiceProvider
Resource owner GET /api/students/mfuksa HTTP/1.1
User-Agent: curl/7.30.0Host: example-university.comAccept: application/jsonAuthorization: bearer jkr3ljkh3jk
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 25
OAuth support in JerseyOAuth• OAuth 1– Published in 2010– Signatures added to requests (HMAC-SHA1, RSA-SHA1) based on secret keys
• OAuth 2– Published in 2012– Not backward compatible– Easier for implementation–OpenID connect
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 26
OAuth support in JerseyJersey and OAuth• OAuth in Jersey–OAuth 1 (including 2-legged OAuth support)• Client• Server
–OAuth 2 (Authorization Code Grant Flow)• Client• Server [in progress]
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 27
OAuth support in JerseyJersey client
OAuth2ClientSupport
OAuth2CodeGrantFlow
Authentication Feature
String start();
TokenResult finish();
Client Request/Response Filter(Access Token)
Registers
Access Token
Access Token
User Authorization
Authorization Flow tool
Authenticated requests
No Access Token yet
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
OAuth: demo
Consumer
ServiceProvider
Resource owner
Jersey sampleoauth2-client-google-webapp
Google APIs
Access Token
29Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Jersey Test Framework
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 30
Jersey Test Framework• Based on JUnit• Support for TestNG available• Multiple container support– Grizzly– In memory– Java SE Http Server– Jetty– External container support
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 31
External Test Container• You can test any (already running) REST application• No need to have Jersey on the other side• Use the following parameters:mvn test \
-Djersey.config.test.container.factory=org.glassfish.jersey.test.external.ExternalTestContainerFactory \
-Djersey.test.host=localhost -Djersey.config.test.container.port=8080
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 32
TestNG Support• Predefined test types– JerseyTestNg.ContainerPerClassTest– JerseyTestNg.ContainerPerMethodTest
• Extend JerseyTestNg to define your own strategy
33Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Lightweight Container Support
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 34
Grizzly HTTP Server Support
URI AppURI = URI.create("http://localhost:8080/user-management");
HttpServer httpServer = GrizzlyHttpServerFactory.createHttpServer( AppURI, new JaxRsApplication());
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 35
Grizzly HTTP Server Support – Thread Pool ConfigHttpServer httpServer =
GrizzlyHttpServerFactory.createHttpServer(AppURI, new JaxRsApplication(), false);
NetworkListener grizzlyListener = httpServer.getListener("grizzly");
grizzlyListener.getTransport().setSelectorRunnersCount(4); grizzlyListener.getTransport().setWorkerThreadPoolConfig(
ThreadPoolConfig.defaultConfig().setCorePoolSize(16).setMaxPoolSize(16));
httpServer.start();
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 36
Other supported containers• Simple HTTP Server• Jetty HTTP Container (Jetty Server Handler)• Java SE HTTP Server (HttpHandler)• Other containers could be plugged in via
org.glassfish.jersey.server.spi.ContainerProvider SPI
37Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Monitoring And Tracing
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 38
Monitoring and Tracing of Jersey applications• Default settings– Log level to INFO• Jersey does not log exceptions thrown from request processing by default (FINE level)
– No tracing – No monitoring
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 39
Monitoring and Tracing of Jersey applicationsLogging• How to change log level– JDK logging– Add jdk.logging properties– Define path to the logging.properties file as env variable• java.util.logging.config.file
• logging.properties:#All attributes details handlers=java.util.logging.ConsoleHandler java.util.logging.ConsoleHandler.level=FINE java.util.logging.SimpleFormatter.format=%4$-7s [%3$s] %5$s%6$s%n
#All log level details.level=INFO org.glassfish.jersey.level=FINE org.glassfish.jersey.tracing.level=FINE
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 40
Monitoring and Tracing of Jersey applicationsTracing• Helps to answer questions:–Why my Message Body Writer was not used?–Which Filters and Interceptors were used?–What takes too long in the processing?–Why the resource method was not matched?
• Levels of tracing– SUMMARY, TRACE, VERBOSE
• Modes– log file, HTTP response headers
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 41
Monitoring and Tracing of Jersey applicationsMonitoring• Event listeners– Application events (start, reload, stop)– Request events (method started, exception mapped, …)
• Monitoring statistics– Contains time and application statistics– Inject statistics into your resources, providers– Expose statistics as MBeans
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Q/A
Visit http://jersey.java.net/ for more details!
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
THANK YOU!