Java
™
2 Enterprise
Edition 1.4 Bible
James McGovern, Rahim Adatia, Yakov Fain,
Jason Gordon, Ethan Henry, Walter Hurst,
Ashish Jain, Mark Little, Vaidyanathan Nagarajan,
Harshad Oak, Lee Anne Phillips
a539663 FM.qxd 7/25/03 9:12 AM Page i
a539663 FM.qxd 7/25/03 9:12 AM Page i
Java
™
2 Enterprise
Edition 1.4 Bible
James McGovern, Rahim Adatia, Yakov Fain,
Jason Gordon, Ethan Henry, Walter Hurst,
Ashish Jain, Mark Little, Vaidyanathan Nagarajan,
Harshad Oak, Lee Anne Phillips
a539663 FM.qxd 7/25/03 9:12 AM Page i
Java
™
2 Enterprise Edition 1.4 Bible
Published by
Wiley Publishing, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com
Copyright © 2003 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 0-7645-3966-3

Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
1O/RS/QY/QT/IN
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of
the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through
payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978)
750-8400, fax (978) 646-8700. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley
Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-Mail:

is a trademark of Wiley Publishing, Inc.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: WHILE THE PUBLISHER AND AUTHOR HAVE USED THEIR BEST
EFFORTS IN PREPARING THIS BOOK, THEY MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE
ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS BOOK AND SPECIFICALLY DISCLAIM ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED
OR EXTENDED BY SALES REPRESENTATIVES OR WRITTEN SALES MATERIALS. THE ADVICE AND STRATEGIES
CONTAINED HEREIN MAY NOT BE SUITABLE FOR YOUR SITUATION. YOU SHOULD CONSULT WITH A
PROFESSIONAL WHERE APPROPRIATE. NEITHER THE PUBLISHER NOR AUTHOR SHALL BE LIABLE FOR ANY LOSS
OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL,
CONSEQUENTIAL, OR OTHER DAMAGES.
For general information on our other products and services or to obtain technical support, please contact our Customer
Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in
electronic books.
Library of Congress Control Number: 2003101921
Trademarks: Wiley, the Wiley logo, and related trade dress are trademarks or registered trademarks of John Wiley & Sons,
Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Java is a
trademark of Sun Microsystems, Inc. All other trademarks are the property of their respective owners. Wiley Publishing,
Inc., is not associated with any product or vendor mentioned in this book.
a539663 FM.qxd 7/25/03 9:12 AM Page ii

About the Authors
James McGovern is currently employed as an enterprise architect for Hartford
Financial Services. He is the coauthor of The Practical Guide to Enterprise
Architecture (Prentice Hall, 2003), Java Web Services Architecture (Morgan
Kaufmann, 2003), and Xquery — Kick Start (Sams Publishing, 2003). James has 16
years of experience in information technology. He is a member of the Java
Community Process, the IEEE, and the Worldwide Institute of Software Architects.
He holds industry certifications from Microsoft, Cisco, and Sun.
Rahim Adatia has been programming since he got his first computer — a TRS-80 —
way back in the beginning of the ’80s. Fortunately, he didn’t stagnate there and pro-
gressed on to developing large-scale enterprise architectures using C/C++, UML,
CORBA, J2EE/EJB/Java, and now C# and .NET. He has applied his more than 15
years of experience to leading implementations at Charles Schwab, Williams
Communications, Valtech, Nortel Networks, Corel Corporation, Lokah Limited, and
T-Mobile International, to name a few. Most recently, he has focused on the wireless
middleware market, where he has led product development using Web services,
J2EE, and .NET. He is also a delegate for T-Mobile International at the Open Mobile
Alliance standards body. Rahim has contributed to numerous books and articles
throughout his career, including the books Professional EJB and J#, and is actively
reviewing other titles. He can be reached at

Yakov Fain has more than 20 years of experience in information technology and is
an experienced architect, developer, instructor, and mentor. He is the author of The
Java Tutorial for the Real World. Yakov is the principal of Smart Data Processing, Inc.
(
), whose clients include major Wall
Street companies. He is a Sun Certified Java 2 Programmer and a Sybase Certified
Powerbuilder Developer.
Jason Gordon is a software engineer for Verizon and serves as lead for the Global
Email system team. While at Verizon he has played a variety of roles, including

systems architect for the eBusiness Technology Integration and eInfrastructure
group and key developer of the EDGE project, which helped provide a Web-based
infrastructure to facilitate the merger of Bell Atlantic and GTE into Verizon. Jason
also served as a member of Verizon’s XML-Task Force and collaborated on several
wireless and Web-services initiatives within the company. In addition to being an
active technical author, Jason also currently serves as the national technology
coordinator for the National Society of Black Engineers. He can be reached at
or .
Ethan Henry has most recently worked as the manager of training services at
Sitraka. In previous positions he was a developer, product manager, and Java evan-
gelist. He has written numerous articles for Java Report, Dr. Dobbs Journal, Java
Developers Journal, and Web Techniques. He has been a technical reviewer of
multiple books, including Enterprise Java Beans by Valesky, Java How to Program by
Dietel and Dietel, Professional JSP by Wrox, and Java Language API Superbible from
the Waite Group all the way back in 1996.
a539663 FM.qxd 7/25/03 9:12 AM Page iii
iv
About the Authors
Walter Hurst is the chief technology officer and founder of Wakesoft. He is widely
recognized as a leader in the design and implementation of large-scale distributed
enterprise applications. At Wakesoft, Walter was the product architect and author
before becoming more involved in company strategy and industry leadership. He is
a frequent speaker at conferences and often writes for technical publications.
During his career he has been involved in the design, architecture, and implementa-
tion of distributed business systems for many Fortune 1000 companies as an inde-
pendent consultant and also, while at Xpedior and Andersen Consulting, Walter
received a B.S. in computer engineering from the University of Michigan. When he
needs a break from technology, Walter volunteers as a scuba diver for the Steinhart
Aquarium in San Francisco, where he cleans the shark tank.
Ashish Jain is an enterprise consultant/architect with over ten years of IT experi-

ence. He currently works for BEA Systems Professional Services. In this capacity,
Ashish assists BEA customers in designing and implementing their e-business
strategies using solutions based on J2EE. He holds several industry certifications
from SUN and BEA. He is an active member of local J2EE-user groups and a board
member of the Denver BEA-user group. He holds a degree in electronics engineering
from BITS Pilani, India.
Mark Little is Head of Transactions Technology for Arjuna Technologies Limited, a
company that spun off from Hewlett-Packard to concentrate on developing transac-
tions technologies for J2EE and Web services. Prior to this, Mark was a distin-
guished engineer/architect in HP’s Arjuna Labs in England, where he led the HP
Transaction Service and HP Web Services Transaction teams. He is one of the pri-
mary authors of the OMG Activity Service Specification. He is a member of the
expert group for the work in J2EE: JSR 95 and JSR 117, and is the specification lead
for JSR 156 (Java API for XML Transactions). Mark is active on the OTS Revision
Task Force and the OASIS Business Transactions Protocol specification. He is the
coauthor of an upcoming book, Transaction and Java for Systems Professionals
(Prentice Hall). He has been published in many industry magazines, including
Doctor Dobbs, The Java Developers Journal, the Web Services Journal,
Developer.com, and Application Development Advisor. Mark holds a Ph.D. in com-
puter science from the University of Newcastle.
Vaidyanathan Nagarajan, a.k.a Nathan, is the coauthor of a recent book, Xquery —
Kick Start (Sams Publishing). He coauthored Professional EJB for Wrox in summer of
2001. He has seven years of experience in information technology. Prior to joining
Hartford Life Insurance as an enterprise developer, he worked as a consultant to
Netscape Professional Services. He has an M.B.A. in General Management from a
leading business school in the New England area. He is a former student of the
Indian Institute of Technology, Mumbai, India. His main interests include program-
ming in Java, robotics using Lego Mindstorms, writing, reading, and cartooning. If
he is not thinking about design patterns or Java, he will be modeling a robot in his
robotic lab. He can be reached at


a539663 FM.qxd 7/25/03 9:12 AM Page iv
v
About the Authors
Harshad Oak holds a master’s degree in computer management and is a Sun
Certified Java Programmer and a Sun Certified Web Component Developer. He has
been part of several J2EE projects at i-flex Solutions and Cognizant Technology
Solutions. He is also a regular contributor of articles to developer Web sites like
.
Lee Anne Phillips has a long history in computer networking and interface design,
having created beaucoup systems-firmware and machine-language hardware-inter-
face routines before the appearance of Java and other sensible tools to relieve the
burdens of a suffering humanity. She attended the University of California at
Berkeley. Lee Anne is the author of many books and articles on computer-related
subjects, including Special Edition Using XML, Practical HTML 4, and about a fifth of
HTML 4.0 Unleashed Professional Reference Edition. An extended list may be seen on
her Web site:
www.leeanne.com.
a539663 FM.qxd 7/25/03 9:12 AM Page v
Credits
Acquisitions Editor
Jim Minatel
Project Editors
Valerie H. Perry
Neil Romanosky
Mark Enochs
Technical Editor
Kunal Mittal
Copy Editor
S. B. Kleinman

Editorial Manager
Mary Beth Wakefield
Vice President & Executive Group
Publisher
Richard Swadley
Vice President and Executive
Publisher
Bob Ipsen
Vice President and Publisher
Joseph B. Wikert
Executive Editorial Director
Mary Bednarek
Project Coordinator
Kristie Rees
Graphics and Production Specialists
Beth Brooks
Jennifer Click
Sean Decker
Heather Pope
Quality Control Technicians
Laura Albert
John Greenough
Brian H.Walls
Media Development Specialist
Angela Denny
Proofreading and Indexing
TECHBOOKS Production Services
a539663 FM.qxd 7/25/03 9:12 AM Page vi
Foreword
S

omething about this book needs to be short, so I guess it’s going to have to be
the foreword. Seriously, though, this is a very good book. In fact, it’s the best
introduction to J2EE that I’ve seen. It’s well written, covering all the information you
need to succeed with J2EE. And it’s presented in an order that makes sense — the
chapters provide an end-to-end overview of J2EE. The book starts by showing you
how to build the frontend of your application, then describes your connectivity
options, then shows you how to build your business logic using Enterprise
JavaBeans (EJB), and finally explains how to connect to the backend databases. In
other words, this book is architecturally layered.
Why should you read this book? First, because the authors know what they’re talk-
ing about and can explain it in ways that you can understand. Second, because it
really does cover the fundamentals of J2EE incredibly well. The first five parts of
this book are oriented toward people learning to work with J2EE technology, and in
my opinion they do an incredibly good job of explaining exactly what you need to
know. Third, because the book goes beyond J2EE. Part VI is a great overview of
using Web services with J2EE, a critical issue most developers need to understand.
Part VII is a great overview of common J2EE patterns, and Part VIII covers such
important topics as performance and frameworks. In many ways this book is a
“one-stop shop” for J2EE information.
In the end the thing that I like most about this book is that it’s practical. Yes, it’s
pretty darn big, but as a result it provides a significant amount of real-world advice.
Isn’t that what good books are supposed to do?
Scott W. Ambler
Senior consultant, Ronin International, Inc. (
)
Author, Agile Modeling, Agile Database Techniques
Coauthor, Mastering EJB 2/e
a539663 FM.qxd 7/25/03 9:12 AM Page vii
Acknowledgments
T

he process of writing a book is more time-consuming than anyone could ever
imagine. Luckily, the author team was composed of very talented people who
made the experience enjoyable. Some doubted that we could complete a book of
this magnitude on schedule without sacrificing quality. That you are reading it now
means that we were successful in our undertakings.
This book is the result of many people’s efforts. We would first like to thank our
acquisitions editor, Jim Minatel, for providing insight into the publishing industry in
general, and for allowing us to challenge the typical book-production process and
to focus on writing a good book instead of simply following a publishing formula.
The team would also like to thank Neil Romanosky for his efforts in making Wiley a
little more agile.
We would also like to acknowledge authors we have worked with in the past and
hope to work with in the future, including Sameer Tyagi, Martin Fowler, Sunil
Mathew, James Linn, Michael Stevens, Elias Jo, Vikas Sharan, John Crupi, Steven
Graham, Erich Gamma, Paul Reed, Tim Howes, Kent Beck, Jeff Sutherland, Marty
Biggs, Alistair Cockburn, Ed Roman, Nitin Narayan, Marty Biggs, Chris Caserio, Kurt
Cagle, Per Bothner, and Jeff Ryan.
To our peers in the industry who maintain a sense of speed, agility, and balance
a539663 FM.qxd 7/25/03 9:12 AM Page viii
ix
Acknowledgments
James McGovern—First, I must thank my wife, Sherry, and my son, little James,
for putting up with me for the past several months while I’ve kidnapped and held
myself hostage in my dungeon (office) working on this book. I know they would
have liked to have me around more, but writing this book is something I really
needed to do. Thank you for your support.
I would like to acknowledge my Connecticut family: Daisy May, Pamela, Annika,
Demesha, Aunt Jesse, and the little doggie Pinto. Universal greetings to my Trinidad
family: Soogia, Kello Ricky (Kenrick), Robby (Kiley), Kelon, and Keifer, and to my
United Kingdom family: Nicholas, Ian, and Alex.

Finally, thanks to my father James Sr. and mother Mattie Lee, who gave me the
courage to start and the discipline to finish.
Rahim Adatia — I would like to thank James McGovern, Jim Minatel, and Mark
Enochs for all their hard work in developing this book. Thank you for your patience.
I would also like to thank the professors and colleagues I have worked with at the
University of Ottawa, Valtech (U.K. and U.S.A.!), BEA, and T-Mobile International.
Last but not least, I would like to thank my family and friends who have been there
to support and encourage me — I know that I can be difficult at times (did I say
that?). Thank you for your strength.
Yakov Fain — I’d like to thank my family — Natalia, Yuri, and David — for their love
and support. I’d also like to thank a wonderful teacher and a lovely lady, Dr. Alice S.
Koutkova, and close friends of our family, Dora and Felix Rubinchik.
Jason Gordon — I would like to thank GOD for giving me guidance and strength. I
would also like to acknowledge the following people: Abby, Jerry, Marvin, Charlie
Lindahl, Beth, Mitch, Kyle, Lisa, The Jamisons, and my entire family. A special
thanks to my Mother who has been there every time I needed her. I would like to
thank MaryKim for her encouraging words and advice. I would like to thank Lee
Felts who gave me the inspiration to write. I would like to thank Kyle for his support
and guidance. Last but not least . . . thanks to Mr. Starbucks and his friend Mr.
Caffeine! You guys are awesome!
Ethan Henry—I’d like to thank my family, especially my wonderful wife Margit, for
helping me work on this book, my colleagues at Sitraka (now Quest Software), the rest
of the author team, and the fine people at Wiley who helped pull everything together.
Walter Hurst — For all the effort required writing my chapter, I would first like to
thank my wife, Christine. This chapter is just one more instance where I had to
work hard on nights and weekends, and her cheerful support is what made it all
possible. I would also like to thank James McGovern for inviting me to write the
chapter; this book would not be possible without a lead author organizing the many
required writers, which is a task probably very akin to herding cats. The concepts
contained within this chapter I have learned indirectly from thought leaders in the

industry, directly from my time at Sage IT Partners, and even more definitely since
founding Wakesoft. There are too many individuals to list them, but they know who
they are. Thank you.
a539663 FM.qxd 7/25/03 9:12 AM Page ix
x
Acknowledgments
Ashish Jain — I would like to thank my wife Nishma and our son Eshan for their
love and patience and support. I would also like to thank my colleagues at BEA,
Chris John and Bob Webster, for their useful and insightful comments.
Mark Little — I would like to thank my wife Paula and two sons, Daniel and Adam
(who was born during the writing of this book) for their support and love. They
have put up with my disappearances into the book-writing world many times over
the past few months, and I know it can’t have been easy. My entire family has given
all the effort over the many years meaning and ensured that I stayed sane. Lots of
love to Adam, who thinks his rattle and toys are far more important than Java
and J2EE!
Vaidyanathan Nagarajan — I would like to thank my wife Padma and my parents,
Nagarajan and Geetha, for encouraging me to put in my best effort in contributing
to this book. This book is dedicated to Padma, Geetha, Nagarajan, Vedham, all my
family members, and my best friends the Srinivasans (Arun and Sujata) who have
supported me in being what I am. A special mention goes to James McGovern for
giving me an opportunity to work with him and for introducing me to the world of
writing technical books. Thanks to those Asterix comics (by the time I completed
writing this book, I have collected all the Asterix collection except for one) and
Dilbert strips for making the creative juices run fresh in me every morning. I would
also like to take a moment to thank my friend and colleague, Thomas Nordlund, for
prototyping the source code for the session-authenticator pattern.
Harshad Oak — I wish to thank my father, Baba, without whose affection, support,
inspiration, and experiments at the art of cooking Indian food, nothing would have
been possible. I also wish to thank my dear sister Charu for always being there for

me, and Sangeeta for helping me with my writing and painstakingly reviewing my
work. Thanks to Jim and Mark for being a big help throughout this project and to
Laura and Stacey for playing an important part in my writing endeavors.
Lee Anne Phillips — My deepest thanks to Alison Eve Ulman, who provided needed
support and advice throughout the development of the chapter on JAAS, and to my
editors, whose tactful suggestions rarely failed to be either right on the mark or an
indication of a needed new direction for the phrase or discussion in question. Any
remaining errors or infelicitous explanations are entirely my own responsibility, the
creation of a book being a cooperative enterprise, especially this one that ulti-
mately depends on the imagination and skill of the author.
a539663 FM.qxd 7/25/03 9:12 AM Page x
Contents at a Glance
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix
Part I: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Chapter 1: Understanding Java and the J2EE Platform . . . . . . . . . . . . . . . . 3
Chapter 2: Reviewing XML Fundamentals . . . . . . . . . . . . . . . . . . . . . . . 17
Chapter 3: Introducing Application Servers . . . . . . . . . . . . . . . . . . . . . . 43
Chapter 4: Understanding Remote Method Invocation . . . . . . . . . . . . . . . 55
Part II: The Presentation Tier . . . . . . . . . . . . . . . . . . . . . . . . 75
Chapter 5: Studying Servlet Programming . . . . . . . . . . . . . . . . . . . . . . . 77
Chapter 6: Going Over JSP Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Chapter 7: Using JSP Tag Extensions . . . . . . . . . . . . . . . . . . . . . . . . . 143
Part III: The Enterprise Information System Tier . . . . . . . . . . . . 179
Chapter 8: Working with JavaMail . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Chapter 9: Understanding the Java Messaging Service . . . . . . . . . . . . . . . 231
Chapter 10: Introducing Java Transactions . . . . . . . . . . . . . . . . . . . . . 255
Chapter 11: Examining JNDI and Directory Services . . . . . . . . . . . . . . . . 303
Chapter 12: Understanding Java Authentication and Authorization Services . . . 347

Chapter 13: Exploring Java Cryptography Extensions . . . . . . . . . . . . . . . 409
Part IV: The Service Tier . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Chapter 14: Understanding EJB Architecture and Design . . . . . . . . . . . . . 429
Chapter 15: Explaining Session Beans and Business Logic . . . . . . . . . . . . 483
Chapter 16: Working with Entity Beans . . . . . . . . . . . . . . . . . . . . . . . . 511
Chapter 17: Using Message-Driven Beans . . . . . . . . . . . . . . . . . . . . . . 565
Part V: The Data Tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579
Chapter 18: Reviewing Java Database Connectivity . . . . . . . . . . . . . . . . . 581
Chapter 19: Understanding the J2EE Connector Architecture . . . . . . . . . . . 607
a539663 FM.qxd 7/25/03 9:12 AM Page xi
Part VI: Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
Chapter 20: Introducing Web Services . . . . . . . . . . . . . . . . . . . . . . . . 647
Chapter 21: Digging Deeper into SOAP, WSDL, and UDDI . . . . . . . . . . . . . . 665
Chapter 22: Understanding J2EE Web Services . . . . . . . . . . . . . . . . . . . 711
Part VII: Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727
Chapter 23: Reviewing Presentation-Tier Patterns . . . . . . . . . . . . . . . . . 729
Chapter 24: Working with Service-Tier Patterns . . . . . . . . . . . . . . . . . . . 763
Chapter 25: Using Data-Tier Patterns . . . . . . . . . . . . . . . . . . . . . . . . . 797
Part VIII: Advanced Topics . . . . . . . . . . . . . . . . . . . . . . . . . 817
Chapter 26: Exploring Frameworks and Application Architecture . . . . . . . . 819
Chapter 27: Using ANT to Build and Deploy Applications . . . . . . . . . . . . . 857
Chapter 28: Creating High-Performance Java Applications . . . . . . . . . . . . 881
Appendix A: Airline Reservations Business Case . . . . . . . . . . . . . . . . . . 915
Appendix B: Magazine Publisher Business Case . . . . . . . . . . . . . . . . . . . 923
Appendix C: Additional Reading and References . . . . . . . . . . . . . . . . . . 927
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 935
a539663 FM.qxd 7/25/03 9:12 AM Page xii
Contents
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix
Part I: Introduction 1
Chapter 1: Understanding Java and the J2EE Platform . . . . . . . . . 3
Reviewing a Brief History of Java . . . . . . . . . . . . . . . . . . . . . . . . . 3
Understanding J2SE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Examining the Origin of (J2EE) . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Application components . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Working with the Model-View-Controller . . . . . . . . . . . . . . . . . . . . . 9
The model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
The view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
The control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Understanding J2EE APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
J2EE standard services . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Application component APIs . . . . . . . . . . . . . . . . . . . . . . . . 13
Discovering What’s New in J2EE 1.4 . . . . . . . . . . . . . . . . . . . . . . . 13
Looking toward the Future of J2EE . . . . . . . . . . . . . . . . . . . . . . . . 14
Understanding the Java Community Process (JCP) . . . . . . . . . . . . . . 14
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 2: Reviewing XML Fundamentals . . . . . . . . . . . . . . . . 17
Explaining XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Well-formed XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Valid XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Understanding XML Document Structure . . . . . . . . . . . . . . . . . . . . 20
Prologue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
a539663 FM.qxd 7/25/03 9:12 AM Page xiii
xiv
Contents

Examining XML Parsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
DOM parsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
SAX parsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
DOM versus SAX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Implementing XML DTDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Understanding XML Namespaces . . . . . . . . . . . . . . . . . . . . . . . . 26
Exploring XML Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Working with eXtensible Stylesheet
Language Transformations (XSLT) . . . . . . . . . . . . . . . . . . . . . . 34
Producing simple HTML with XSLT . . . . . . . . . . . . . . . . . . . . 35
Producing a Wireless Markup Language (WML) Document
with XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Introducing J2EE XML–Based APIs . . . . . . . . . . . . . . . . . . . . . . . . 40
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter 3: Introducing Application Servers . . . . . . . . . . . . . . . 43
Implementing the J2EE Platform . . . . . . . . . . . . . . . . . . . . . . . . . 43
Understanding the Features of an Application Server . . . . . . . . . . . . . 45
Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Client agnosticism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Server management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Examining Full J2EE Implementations . . . . . . . . . . . . . . . . . . . . . . 47
BEA WebLogic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Borland Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . 48
IBM WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
JBoss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Oracle 9iAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Orion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Sun ONE Application Server . . . . . . . . . . . . . . . . . . . . . . . . 50
Examining Partial J2EE Implementations . . . . . . . . . . . . . . . . . . . . 51

Apache Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Resin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
ServletExec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Avoiding Vendor Lock-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Chapter 4: Understanding Remote Method Invocation . . . . . . . . 55
Providing an Overview of RMI . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Developing Applications with RMI . . . . . . . . . . . . . . . . . . . . . . . . 57
Declaring remote interfaces . . . . . . . . . . . . . . . . . . . . . . . . 57
Implementing remote interfaces . . . . . . . . . . . . . . . . . . . . . . 58
Stubs and skeletons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Registering remote objects . . . . . . . . . . . . . . . . . . . . . . . . . 61
Writing RMI clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Setting up the Flight Server example . . . . . . . . . . . . . . . . . . . 65
a539663 FM.qxd 7/25/03 9:12 AM Page xiv
xv
Contents
Pushing Data from the RMI Server . . . . . . . . . . . . . . . . . . . . . . . . 68
RMI over Inter-ORB Protocol (IIOP) . . . . . . . . . . . . . . . . . . . . . . . 72
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Part II: The Presentation Tier 75
Chapter 5: Studying Servlet Programming . . . . . . . . . . . . . . . . 77
Creating a Magazine Publisher Application Using Servlets . . . . . . . . . . 77
The server side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
The client side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Creating an HTML login screen . . . . . . . . . . . . . . . . . . . . . . 79
Using the Servlet Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Performing URL Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Using RequestDispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Using sendRedirect( ) . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

The Lost Password screen example . . . . . . . . . . . . . . . . . . . . 87
Session tracking with servlets . . . . . . . . . . . . . . . . . . . . . . . 88
Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
URL rewriting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Hidden fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
The session-tracking API with HttpSession object . . . . . . . . . . . 91
Example of a LoginServlet with an access counter . . . . . . . . . . . 93
Listeners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Deploying servlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
The Web-application archive . . . . . . . . . . . . . . . . . . . . . . . 103
Examining the web.xml Deployment Descriptor . . . . . . . . . . . . . . . 104
Mandatory servlet elements . . . . . . . . . . . . . . . . . . . . . . . 104
Servlet listener elements . . . . . . . . . . . . . . . . . . . . . . . . . 105
Servlet filter elements . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Applet-servlet communication . . . . . . . . . . . . . . . . . . . . . . 107
What’s New in the Servlet 2.4 Specification . . . . . . . . . . . . . . . . . . 111
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Chapter 6: Going Over JSP Basics . . . . . . . . . . . . . . . . . . . . 113
Introducing JSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Examining MVC and JSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
JSP Scripting Elements and Directives . . . . . . . . . . . . . . . . . . . . . 116
Declarations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Scriptlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Implicit JSP objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
a539663 FM.qxd 7/25/03 9:12 AM Page xv

xvi
Contents
Working with Variable Scopes . . . . . . . . . . . . . . . . . . . . . . . . . 122
Error Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Using JavaBeans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Using JavaBeans in JSP . . . . . . . . . . . . . . . . . . . . . . . . . . 125
The scope of JavaBeans . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Creating a login JSP using a JavaBean . . . . . . . . . . . . . . . . . 127
Deploying the Login JSP example using Tomcat . . . . . . . . . . . . 129
Designing an Online Store with JSP . . . . . . . . . . . . . . . . . . . . . . . 130
Airline Reservations Business Case . . . . . . . . . . . . . . . . . . . . . . 133
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Chapter 7: Using JSP Tag Extensions . . . . . . . . . . . . . . . . . . . 143
Why Use Tag Extensions? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Explaining Custom-Tag Concepts . . . . . . . . . . . . . . . . . . . . . . . . 144
Working with the JSP Standard Tag Library . . . . . . . . . . . . . . . 145
Importing a tag library . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
The Tag Library Descriptor . . . . . . . . . . . . . . . . . . . . . . . . 148
The tag-library-descriptor location . . . . . . . . . . . . . . . . . . . 151
Explaining taglib Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Understanding Tag Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Classic tag handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Simple tag handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Exploring Dynamic Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Part III: The Enterprise Information System Tier 179
Chapter 8: Working with JavaMail . . . . . . . . . . . . . . . . . . . . 181
Exploring the “Hello World” of JavaMail . . . . . . . . . . . . . . . . . . . . 181
Understanding the Protocols for JavaMail . . . . . . . . . . . . . . . . . . . 183
SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

POP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
IMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
MIME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
JavaMail Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Session management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Message manipulation . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Message content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Mail storage and retrieval . . . . . . . . . . . . . . . . . . . . . . . . . 205
Transportation with javax.mail.Transport . . . . . . . . . . . . . . . 216
Using the JavaMail API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Sending e-mail and attachments . . . . . . . . . . . . . . . . . . . . . 218
Receiving e-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Integrating JavaMail into J2EE . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
a539663 FM.qxd 7/25/03 9:12 AM Page xvi
xvii
Contents
Chapter 9: Understanding the Java Messaging Service . . . . . . . . 231
Explaining Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Introducing JMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
JMS versus RMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Message structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Examining Messaging Models . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Point-to-point messaging . . . . . . . . . . . . . . . . . . . . . . . . . 235
Publish-and-subscribe messaging . . . . . . . . . . . . . . . . . . . . 236
Understanding the Major JMS Components . . . . . . . . . . . . . . . . . . 236
Destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Connection factories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Producers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Consumers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Configuring JMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Connexia Airlines Point-to-Point Messaging Business Case . . . . . . . . . 240
Magazine-Publisher Publish-Subscribe Messaging Business Case . . . . . 248
Explaining Reliable Messaging . . . . . . . . . . . . . . . . . . . . . . . . . 252
Autonomous messages . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Persistent messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Synchronous acknowledgments . . . . . . . . . . . . . . . . . . . . . 253
Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Introducing Message-Driven Enterprise JavaBeans . . . . . . . . . . . . . 254
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Chapter 10: Introducing Java Transactions . . . . . . . . . . . . . . . 255
What Are Atomic Transactions? . . . . . . . . . . . . . . . . . . . . . . . . 255
Examining Transactional Objects and Participants . . . . . . . . . . . . . 257
Reviewing Atomicity and the Two-Phase Commit Protocol . . . . . . . . . 259
Optimizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Heuristics and removing the two-phase block . . . . . . . . . . . . . 261
Understanding Local and Distributed Transactions . . . . . . . . . . . . . 262
Local transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Distributed transactions . . . . . . . . . . . . . . . . . . . . . . . . . 264
Interposition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Understanding Consistency . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Introducing Isolation (Serializability) . . . . . . . . . . . . . . . . . . . . . 268
Optimistic versus pessimistic concurrency control . . . . . . . . . . 269
Degrees of isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Understanding the Role of Durability . . . . . . . . . . . . . . . . . . . . . 272
Performing Failure Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Using Transaction-Processing Monitors . . . . . . . . . . . . . . . . . . . . 274
Transaction Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Nested transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Nested top-level transactions . . . . . . . . . . . . . . . . . . . . . . . 277
Extended transaction models and the J2EE Activity Service . . . . . 278
a539663 FM.qxd 7/25/03 9:12 AM Page xvii
xviii
Contents
Understanding Transaction Standards . . . . . . . . . . . . . . . . . . . . . 283
X/Open Distributed Transaction Processing . . . . . . . . . . . . . . 284
The Object Transaction Service . . . . . . . . . . . . . . . . . . . . . 285
Understanding the Java Transaction API . . . . . . . . . . . . . . . . . . . 288
The JTA’s relationship to the JTS . . . . . . . . . . . . . . . . . . . . . 289
The UserTransaction interface . . . . . . . . . . . . . . . . . . . . . . 290
The TransactionManager interface . . . . . . . . . . . . . . . . . . . 291
Suspending and resuming a transaction . . . . . . . . . . . . . . . . 292
The Transaction interface . . . . . . . . . . . . . . . . . . . . . . . . . 293
The XAResource interface . . . . . . . . . . . . . . . . . . . . . . . . 294
Enrolling participants with the transaction . . . . . . . . . . . . . . . 295
Transaction synchronization . . . . . . . . . . . . . . . . . . . . . . . 296
Transaction equality . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
The XID interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Airline Reservation Using Transactions Business Case . . . . . . . . . . . 297
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Chapter 11: Examining JNDI and Directory Services . . . . . . . . . 303
Explaining Naming Services and Directory Services . . . . . . . . . . . . . 303
Providing an Overview of X.500 and LDAP . . . . . . . . . . . . . . . . . . 305
LDAP implementations . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Configuring OpenLDAP . . . . . . . . . . . . . . . . . . . . . . . . . . 306
LDAP schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Reviewing the JNDI Structure . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Directories and entries . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Names and attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Binding and references . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Contexts and subcontexts . . . . . . . . . . . . . . . . . . . . . . . . 311
File systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
DNS naming conventions . . . . . . . . . . . . . . . . . . . . . . . . . 311
LDAP mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Using JNDI and LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Connecting to the server . . . . . . . . . . . . . . . . . . . . . . . . . 312
Specifying environment properties . . . . . . . . . . . . . . . . . . . 313
Implementing authentication . . . . . . . . . . . . . . . . . . . . . . . 316
Performing simple LDAP lookups . . . . . . . . . . . . . . . . . . . . 316
Performing searches and comparing entries . . . . . . . . . . . . . . 318
Modifying the directory . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Adding objects to a directory . . . . . . . . . . . . . . . . . . . . . . . 323
Connecting to DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
DNS environment properties . . . . . . . . . . . . . . . . . . . . . . . 330
DNS lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Reverse DNS lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
a539663 FM.qxd 7/25/03 9:12 AM Page xviii
xix
Contents
Considering Other JNDI Service Providers . . . . . . . . . . . . . . . . . . 332
File systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
COS naming for CORBA . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Network Information System . . . . . . . . . . . . . . . . . . . . . . . 333
Directory Services Markup Language . . . . . . . . . . . . . . . . . . 334
Application-server providers . . . . . . . . . . . . . . . . . . . . . . . 334
Exploring the Enterprise JavaBean Environment . . . . . . . . . . . . . . . 335
Airline Reservations Business Case . . . . . . . . . . . . . . . . . . . . . . 337
Magazine Publisher Business Case . . . . . . . . . . . . . . . . . . . . . . . 342

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Chapter 12: Understanding Java Authentication and
Authorization Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Examining the Importance of Java Security . . . . . . . . . . . . . . . . . . 348
Typical Java security weaknesses . . . . . . . . . . . . . . . . . . . . 349
Providing an overview of JAAS . . . . . . . . . . . . . . . . . . . . . 353
Understanding Security Realms . . . . . . . . . . . . . . . . . . . . . . . . . 355
Single login across security domains . . . . . . . . . . . . . . . . . . 356
Setting up for JAAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Callback handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Pluggable/stackable authentication . . . . . . . . . . . . . . . . . . . 360
Examining the Java Subject Class . . . . . . . . . . . . . . . . . . . . . . . . 362
Authenticating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Authorizing users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
JAAS policy files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Compiling the example . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Debugging the Simple JAAS Module . . . . . . . . . . . . . . . . . . . . . . 372
Hiding JAAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Predefined JAAS login callbacks and their handlers . . . . . . . . . . 375
Custom login modules . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Writing your own login handler . . . . . . . . . . . . . . . . . . . . . 385
Writing your own callback handler . . . . . . . . . . . . . . . . . . . 394
Authenticating a Web user against a Windows NT domain . . . . . . 397
Brief security analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Security limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Alternative methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Connexia Airlines Business Case . . . . . . . . . . . . . . . . . . . . . . . . 404
Authenticating a Web user against a directory service . . . . . . . . 404
Brief security analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 404

Security limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
a539663 FM.qxd 7/25/03 9:12 AM Page xix
xx
Contents
Chapter 13: Exploring Java Cryptography Extensions . . . . . . . . . 409
Grasping the Basic Terminology . . . . . . . . . . . . . . . . . . . . . . . . 410
One-way encryption versus two-way encryption . . . . . . . . . . . 410
Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Shared-key cryptography . . . . . . . . . . . . . . . . . . . . . . . . . 415
Public-key cryptography . . . . . . . . . . . . . . . . . . . . . . . . . 416
Digital certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Reviewing the Java Cryptography Package . . . . . . . . . . . . . . . . . . 420
Writing a Java Program Using JCE . . . . . . . . . . . . . . . . . . . . . . . 421
Magazine Publisher Business Case . . . . . . . . . . . . . . . . . . . . . . . 422
Airline Reservations Business Case . . . . . . . . . . . . . . . . . . . . . . 424
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Part IV: The Service Tier 427
Chapter 14: Understanding EJB Architecture and Design . . . . . . 429
Explaining the EJB Component Model . . . . . . . . . . . . . . . . . . . . . 429
Reviewing Roles, Relationships, and Responsibilities . . . . . . . . . . . . 432
The deployment descriptor . . . . . . . . . . . . . . . . . . . . . . . . 432
The bean provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
The server/container provider . . . . . . . . . . . . . . . . . . . . . . 433
The application assembler . . . . . . . . . . . . . . . . . . . . . . . . 434
The EJB deployer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
The system administrator . . . . . . . . . . . . . . . . . . . . . . . . . 435
The Enterprise JavaBean . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

Entity beans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Session beans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Entity beans versus session beans . . . . . . . . . . . . . . . . . . . . 441
Message-driven beans (MDB) . . . . . . . . . . . . . . . . . . . . . . . 442
What does an EJB contain? . . . . . . . . . . . . . . . . . . . . . . . . 443
Understanding EJB Container Functionality . . . . . . . . . . . . . . . . . . 446
Restrictions on the bean provider . . . . . . . . . . . . . . . . . . . . 447
Achieving scalability by pooling resources . . . . . . . . . . . . . . . 450
The life of an entity bean . . . . . . . . . . . . . . . . . . . . . . . . . 451
The life of a session bean . . . . . . . . . . . . . . . . . . . . . . . . . 454
Transactions and EJBs . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Container-managed transactions . . . . . . . . . . . . . . . . . . . . . 456
Examining a transactional EJB example . . . . . . . . . . . . . . . . . 462
Naming objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
The security infrastructure . . . . . . . . . . . . . . . . . . . . . . . . 464
The Timer service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Persistence in BMP and CMP . . . . . . . . . . . . . . . . . . . . . . . 466
Distribution support . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Integrating with CORBA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Why is CORBA important to J2EE? . . . . . . . . . . . . . . . . . . . . 468
When J2EE met CORBA . . . . . . . . . . . . . . . . . . . . . . . . . . 469
a539663 FM.qxd 7/25/03 9:12 AM Page xx
xxi
Contents
Performance and Scalability Issues . . . . . . . . . . . . . . . . . . . . . . . 472
Application-server availability strategies . . . . . . . . . . . . . . . . 473
Transaction concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Threading model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481

Chapter 15: Explaining Session Beans and Business Logic . . . . . 483
Writing a Session EJB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
The home interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
The component interface . . . . . . . . . . . . . . . . . . . . . . . . . 485
The session bean class . . . . . . . . . . . . . . . . . . . . . . . . . . 487
The deployment descriptor . . . . . . . . . . . . . . . . . . . . . . . . 488
The stateless session bean . . . . . . . . . . . . . . . . . . . . . . . . 489
Connexia Airlines Business Case . . . . . . . . . . . . . . . . . . . . . . . . 492
FlightServiceHome—The home interface . . . . . . . . . . . . . . . 493
FlightService—The remote interface . . . . . . . . . . . . . . . . . . 493
FlightServiceBean—The bean class . . . . . . . . . . . . . . . . . . . 494
The ejb-jar.xml deployment descriptor . . . . . . . . . . . . . . . . . 495
Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Writing an EJB client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Stateful-session-bean model . . . . . . . . . . . . . . . . . . . . . . . 499
The lifecycle of the stateful session bean . . . . . . . . . . . . . . . . 500
Passivation and activation . . . . . . . . . . . . . . . . . . . . . . . . 502
Implementing the Session Synchronization Interface . . . . . . . . . . . . 503
Storing a Handle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Collecting Payment Business Case . . . . . . . . . . . . . . . . . . . . . . . 504
WorkFlowHome — The home interface . . . . . . . . . . . . . . . . . 504
WorkFlow — The remote interface . . . . . . . . . . . . . . . . . . . . 504
WorkFlowBean — The bean class . . . . . . . . . . . . . . . . . . . . 505
Choosing between Stateless and Stateful Beans . . . . . . . . . . . . . . . 509
The stateless model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
The stateful model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Chapter 16: Working with Entity Beans . . . . . . . . . . . . . . . . . 511
Understanding Entity Beans . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Remote and local client views . . . . . . . . . . . . . . . . . . . . . . 512

Entity-bean components . . . . . . . . . . . . . . . . . . . . . . . . . 513
The entity-container contract . . . . . . . . . . . . . . . . . . . . . . 517
Container-managed persistence (CMP) . . . . . . . . . . . . . . . . . 526
Bean-managed persistence (BMP) . . . . . . . . . . . . . . . . . . . . 552
Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
a539663 FM.qxd 7/25/03 9:12 AM Page xxi
xxii
Contents
Chapter 17: Using Message-Driven Beans . . . . . . . . . . . . . . . 565
Understanding the Need for MDB . . . . . . . . . . . . . . . . . . . . . . . . 565
Reviewing MDB Lifecycle Methods . . . . . . . . . . . . . . . . . . . . . . 569
Examining MDB Deployment Descriptors . . . . . . . . . . . . . . . . . . . 570
Deployment descriptors as per EJB 2.0 . . . . . . . . . . . . . . . . . 570
Changes in MDB 2.1 deployment descriptors . . . . . . . . . . . . . 572
Internal messaging within EJB applications . . . . . . . . . . . . . . 573
Understanding Clients and MDB . . . . . . . . . . . . . . . . . . . . . . . . 575
Working with EJBs Asynchronously . . . . . . . . . . . . . . . . . . . . . . 576
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
Part V: The Data Tier 579
Chapter 18: Reviewing Java Database Connectivity . . . . . . . . . . 581
Introducing JDBC Driver Types . . . . . . . . . . . . . . . . . . . . . . . . . 582
Creating Your First JDBC Program . . . . . . . . . . . . . . . . . . . . . . . 583
Retrieving data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
Database-error processing . . . . . . . . . . . . . . . . . . . . . . . . 587
Processing result sets . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
The ResultSetMetaData class . . . . . . . . . . . . . . . . . . . . . . . 589
Scrollable result sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
The PreparedStatement class . . . . . . . . . . . . . . . . . . . . . . . 592
The CallableStatement class . . . . . . . . . . . . . . . . . . . . . . . 592

Performing Batch Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
Using Savepoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594
Configuring the JDBC-ODBC Bridge . . . . . . . . . . . . . . . . . . . . . . 594
Explaining Database Connection Pools and Data Sources . . . . . . . . . . 596
Configuring connection pools . . . . . . . . . . . . . . . . . . . . . . 597
Creating Data Source objects . . . . . . . . . . . . . . . . . . . . . . . 597
Revisiting DBProcessor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
Using the RowSet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
Working with CachedRowSet . . . . . . . . . . . . . . . . . . . . . . . 602
The WebRowSet class . . . . . . . . . . . . . . . . . . . . . . . . . . . 606
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606
Chapter 19: Understanding the J2EE Connector Architecture . . . . 607
Examining the Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
The lifecycle-management contract . . . . . . . . . . . . . . . . . . . 610
Work management contract . . . . . . . . . . . . . . . . . . . . . . . . 612
Outbound communication . . . . . . . . . . . . . . . . . . . . . . . . 616
Inbound communication . . . . . . . . . . . . . . . . . . . . . . . . . 631
The Common Client Interface (CCI) . . . . . . . . . . . . . . . . . . . . . . 633
Connection interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 634
Interaction interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 635
Data interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635
a539663 FM.qxd 7/25/03 9:12 AM Page xxii