OReilly designing enterprise applications with java 2 ent
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (5.34 MB, 362 trang )
Designing Enterprise Applications
with the JavaTM 2 Platform, Enterprise Edition
Nicholas Kassem and the Enterprise Team
Version 1.0.1
Final Release
October 3, 2000
Copyright 2000 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, CA 94303, U.S.A. All rights reserved.
This product or document is protected by copyright and distributed under licenses restricting its use, copying,
distribution, and decompilation. No part of this product or documentation may be reproduced in any form by any
means without prior written authorization of Sun and its licensors, if any.
Third party software, including font technology, is copyrighted and licensed from Sun suppliers.
Sun, Sun Microsystems, the Sun Logo, Java, JavaServer Pages, Enterprise JavaBeans, Java Compatible, JDK, JDBC,
J2EE, J2SE, EJB, JavaBeans, JavaMail, Write Once, Run Anywhere, and Java Naming and Directory Interface are
trademarks or registered trademarks of Sun Microsystems, Inc in the U.S. and other countries.
UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open
Company, Ltd.
DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE
EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
----------------------------------------------------------------------------------------------------------------------------------------------------Copyright 2000 Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA 94303, Etats-Unis. Tous droits
réservés.
Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation,
la copie, la distribution, et la décompilation. Aucune partie de ce produit ou de sa documentation associée ne peut
être reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et écrite de Sun et
de ses bailleurs de licence, s’il y en a.
Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par
un copyright et licencié par des fournisseurs de Sun.
Sun, Sun Microsystems, le logo Sun Logo, Java, JavaServer Pages, Enterprise JavaBeans, Java Compatible, JDK,
JDBC, J2EE, J2SE, EJB, JavaBeans, JavaMail, Write Once, Run Anywhere, et Java Naming and Directory Interface
sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d’autres
pays.
UNIX est une marque enregistree aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open
Company Ltd.
LA DOCUMENTATION EST FOURNIE "EN L’ETAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET
GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE
PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA
QUALITE MARCHANDE, A L’APTITUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFACON.
Contents
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii
1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
1.1
1.2
1.3
1.4
2
Challenges of Enterprise Application Development. . . . . . . . . . . . . . 3
1.1.1 Programming Productivity . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1.2 Response to Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1.3 Integration with Existing Systems. . . . . . . . . . . . . . . . . . . . . 5
1.1.4 Freedom to Choose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1.5 Maintaining Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
The Platform for Enterprise Solutions . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2.1 J2EE Platform Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2.2 J2EE Platform Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
J2EE Application Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.3.1 Multitier Application Scenario . . . . . . . . . . . . . . . . . . . . . . 16
1.3.2 Stand-Alone Client Scenario . . . . . . . . . . . . . . . . . . . . . . . . 18
1.3.3 Web-Centric Application Scenario . . . . . . . . . . . . . . . . . . . 19
1.3.4 Business-to-Business Scenario . . . . . . . . . . . . . . . . . . . . . . 20
1.3.5 A Note on the MVC Architecture . . . . . . . . . . . . . . . . . . . . 21
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
J2EE Platform Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
2.1
2.2
Component Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.1.1 Applets and Application Clients . . . . . . . . . . . . . . . . . . . . . 26
2.1.2 Web Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.1.3 Enterprise JavaBeans Components . . . . . . . . . . . . . . . . . . . 28
2.1.4 Components, Containers, and Services . . . . . . . . . . . . . . . . 29
Platform Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.2.1 J2EE Product Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
2.2.2 Application Component Provider . . . . . . . . . . . . . . . . . . . . 31
2.2.3 Application Assembler . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
v
vi
CONTENTS
2.3
2.4
2.5
2.6
3
2.2.4 Deployer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.2.5 System Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.2.6 Tool Provider. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Platform Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.3.1 Naming Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.3.2 Deployment Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.3.3 Transaction Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.3.4 Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Service Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
2.4.1 JDBC API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
2.4.2 Java Transaction API and Service. . . . . . . . . . . . . . . . . . . . 40
2.4.3 Java Naming and Directory Interface . . . . . . . . . . . . . . . . . 40
2.4.4 Connector Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Communication Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
2.5.1 Internet Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.5.2 Remote Method Invocation Protocols. . . . . . . . . . . . . . . . . 42
2.5.3 Object Management Group Protocols . . . . . . . . . . . . . . . . . 43
2.5.4 Messaging Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
2.5.5 Data Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
The Client Tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
3.1
3.2
3.3
3.4
3.5
3.6
Requirements and Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.1.1 Operating Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.1.2 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.1.3 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Overview of Client Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Web Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.3.1 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.3.2 Content Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.3.3 Types of Web Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
EJB Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.4.1 Protocols and Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.4.2 Strengths and Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.4.3 Types of EJB Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Enterprise Information System Clients. . . . . . . . . . . . . . . . . . . . . . . 67
Designing for Multiple Types of Client . . . . . . . . . . . . . . . . . . . . . . 68
3.6.1 Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
3.6.2 View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
CONTENTS
3.7
4
The Web Tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
5
3.6.3 Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Web Applications and Web Containers . . . . . . . . . . . . . . . . . . . . . . 75
Dynamic Content Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
4.2.1 Common Gateway Interface . . . . . . . . . . . . . . . . . . . . . . . . 76
4.2.2 Servlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
4.2.3 JavaServer Pages Technology . . . . . . . . . . . . . . . . . . . . . . . 78
Servlets and JSP Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
4.3.1 Web Component Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
4.3.2 Servlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
4.3.3 JSP Pages Versus Servlets. . . . . . . . . . . . . . . . . . . . . . . . . . 85
JSP Page Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
4.4.1 JavaBeans Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
4.4.2 Custom Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
4.4.3 Using Scriptlets and Expressions . . . . . . . . . . . . . . . . . . . . 88
Internationalization and Localization . . . . . . . . . . . . . . . . . . . . . . . . 88
4.5.1 Internationalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4.5.2 Localization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Application Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
4.6.1 Applications with Basic JSP Pages and Servlets. . . . . . . . . 97
4.6.2 Applications with Modular Components. . . . . . . . . . . . . . . 98
4.6.3 EJB-Centric Applications . . . . . . . . . . . . . . . . . . . . . . . . . 103
Application Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
4.7.1 Migrating a Web-Centric Application to Use
Enterprise Beans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
The Enterprise JavaBeans Tier. . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
5.1
5.2
5.3
5.4
Business Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.1.1 Common Requirements of Business Objects . . . . . . . . . . 115
Enterprise Beans as J2EE Business Objects . . . . . . . . . . . . . . . . . . 117
5.2.1 Enterprise Beans and EJB Containers . . . . . . . . . . . . . . . . 118
Entity Beans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
5.3.1 Guidelines for Using Entity Beans . . . . . . . . . . . . . . . . . . 122
5.3.2 Persistence in Entity Beans . . . . . . . . . . . . . . . . . . . . . . . . 124
Session Beans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.4.1 Stateful Session Beans. . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
vii
viii
CONTENTS
5.5
5.6
6
5.4.2 Stateless Session Beans . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Design Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
5.5.1 Data Access Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
5.5.2 Value Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
5.5.3 Session Beans as a Facade to Entity Beans. . . . . . . . . . . . 135
5.5.4 Master-Detail Modeling Using Enterprise Beans . . . . . . . 136
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
The Enterprise Information System Tier . . . . . . . . . . . . . . . . . . . .141
6.1
6.2
Enterprise Information System Capabilities and Limitations. . . . . 142
Enterprise Information System Integration Scenarios . . . . . . . . . . 143
6.2.1 An Internet E-Store Application . . . . . . . . . . . . . . . . . . . . 143
6.2.2 An Intranet Human Resources Application . . . . . . . . . . . 144
6.2.3 A Distributed Purchasing Application . . . . . . . . . . . . . . . 145
6.3 Relational Database Management System Access . . . . . . . . . . . . . 146
6.4 Other Enterprise Information System Access. . . . . . . . . . . . . . . . . 146
6.5 Application Component Provider Tasks. . . . . . . . . . . . . . . . . . . . . 147
6.6 Application Programming Model . . . . . . . . . . . . . . . . . . . . . . . . . . 148
6.7 Programming Access to Data and Functions . . . . . . . . . . . . . . . . . 149
6.7.1 Client API for Enterprise Information System Access . . . 149
6.7.2 Tools for Application Development . . . . . . . . . . . . . . . . . 150
6.7.3 Access Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
6.8 Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
6.8.1 Establishing a Connection . . . . . . . . . . . . . . . . . . . . . . . . . 154
6.8.2 Guidelines for Connection Management. . . . . . . . . . . . . . 155
6.9 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
6.9.1 Security Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
6.9.2 Application Programming Model . . . . . . . . . . . . . . . . . . . 158
6.9.3 Resource Signon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
6.10 J2EE Connector Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
6.11 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
7
Packaging and Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
7.1
7.2
Roles and Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Packaging J2EE Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
7.2.1 EJB Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
7.2.2 Packaging Components Into EJB Modules . . . . . . . . . . . . 170
7.2.3 Web Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
7.2.4 Packaging Components Into Web Modules . . . . . . . . . . . 173
CONTENTS
7.3
7.4
7.5
8
Transaction Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
8.1
8.2
8.3
8.4
8.5
8.6
8.7
8.8
8.9
9
7.2.5 Application Client Modules . . . . . . . . . . . . . . . . . . . . . . . 174
Deployment Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
7.3.1 Specifying Deployment Descriptor Elements . . . . . . . . . . 176
Deployment Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
7.4.1 Deployment Tool Actions . . . . . . . . . . . . . . . . . . . . . . . . . 187
7.4.2 Deployment Tool Requirements . . . . . . . . . . . . . . . . . . . . 189
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Properties of Transactions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
J2EE Platform Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
8.3.1 Accessing Multiple Databases. . . . . . . . . . . . . . . . . . . . . . 199
8.3.2 Accessing Multiple Enterprise Information Systems
From Multiple EJB Servers . . . . . . . . . . . . . . . . . . . . . . . . 200
JTA Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
8.4.1 JTA and JTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Transactions in Applets and Application Clients . . . . . . . . . . . . . . 202
Transactions in Web Components . . . . . . . . . . . . . . . . . . . . . . . . . 202
Transactions in Enterprise Beans . . . . . . . . . . . . . . . . . . . . . . . . . . 203
8.7.1 Bean-Managed Transaction Demarcation . . . . . . . . . . . . . 204
8.7.2 Container-Managed Transaction Demarcation . . . . . . . . . 204
8.7.3 Transaction Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Transactions in Enterprise Information Systems . . . . . . . . . . . . . . 208
8.8.1 JTA Transactions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
8.8.2 Resource Manager Local Transactions . . . . . . . . . . . . . . . 209
8.8.3 Choosing Between JTA and Local Transactions. . . . . . . . 209
8.8.4 Compensating Transactions. . . . . . . . . . . . . . . . . . . . . . . . 210
8.8.5 Isolation Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215
9.1
9.2
Security Threats and Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . 215
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
9.2.1 Protection Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
9.2.2 Authentication Mechanisms . . . . . . . . . . . . . . . . . . . . . . . 220
9.2.3 Authentication Call Patterns . . . . . . . . . . . . . . . . . . . . . . . 223
9.2.4 Auto-Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
9.2.5 Exposing Authentication Boundaries with References . . . 225
ix
x
CONTENTS
9.3
9.4
9.5
9.6
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
9.3.1 Declarative Authorization . . . . . . . . . . . . . . . . . . . . . . . . . 226
9.3.2 Programmatic Authorization . . . . . . . . . . . . . . . . . . . . . . . 227
9.3.3 Declarative Versus Programmatic Authorization . . . . . . . 228
9.3.4 Isolation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
9.3.5 Identity Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
9.3.6 Encapsulation for Access Control . . . . . . . . . . . . . . . . . . . 229
9.3.7 Controlling Access to J2EE Resources . . . . . . . . . . . . . . . 230
9.3.8 Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Protecting Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
9.4.1 Integrity Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
9.4.2 Confidentiality Mechanisms . . . . . . . . . . . . . . . . . . . . . . . 235
9.4.3 Identifying Sensitive Components . . . . . . . . . . . . . . . . . . 236
9.4.4 Ensuring Confidentiality of Web Resources . . . . . . . . . . . 236
Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
10 The Sample Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
10.1 Application Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
10.1.1 Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
10.1.2 Functional Specification . . . . . . . . . . . . . . . . . . . . . . . . . . 247
10.2 Application Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
10.2.1 Application Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
10.2.2 Application Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
10.3 The View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
10.3.1 Shopping Interaction Interface . . . . . . . . . . . . . . . . . . . . . 256
10.3.2 JSP Pages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
10.3.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
10.4 The Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
10.4.1 State in the J2EE Platform . . . . . . . . . . . . . . . . . . . . . . . . 273
10.4.2 Persistent Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
10.5 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
10.6 The Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
10.6.1 Main . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
10.6.2 RequestProcessor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
10.6.3 RequestToEventTranslator . . . . . . . . . . . . . . . . . . . . . . . . 285
10.6.4 ShoppingClientControllerWebImpl . . . . . . . . . . . . . . . . . 287
10.6.5 ShoppingClientController . . . . . . . . . . . . . . . . . . . . . . . . . 288
10.6.6 StateMachine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
CONTENTS
10.6.7 ScreenFlowManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
10.6.8 Model-View Synchronization . . . . . . . . . . . . . . . . . . . . . . 294
10.7 MVC Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
10.8 Stateless Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
10.8.1 Example: A Mailer Bean . . . . . . . . . . . . . . . . . . . . . . . . . . 298
10.9 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
10.10 Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
10.11 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
10.11.1 Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
10.11.2 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
10.12 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Afterword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .313
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333
xi
Foreword
THE Java
TM
platform was conceived to connect door knobs to light switches—
smart door knobs to smart light switches, certainly, but door knobs to light switches
nonetheless. And yet it is now widely used for building large server-side applications which run on some of the largest computers in the world. It is the fate of great
inventions to be used in ways unimagined by their creators even when the creators—like James Gosling, creator of the Java programming language—see a
horizon the rest of us do not glimpse. This is part of what makes an invention great.
In retrospect, the phenomenal success of the Java platform on servers might
seem inevitable. After all, the platform provides exactly what is needed to transform the Internet from a publishing medium to a transactional one. The Java platform is available on all of the many different servers where Internet applications
run. “Write Once, Run AnywhereTM” works so the programs can be quickly tested
and deployed. Engineers are several times more productive when they write to the
Java platform. But being the right thing at the right time isn’t the whole story. Two
more elements were needed: Technical leaders who were looking in a different
direction than most of us were, and business leaders who were eager to work
together in new ways so the ideas could become reality. The result was the development of consistent products across the computer industry in a surprisingly short
period of time.
I joined the JavaSoft Division of Sun Microsystems in late 1995, recruited by
Eric Schmidt and Bill Joy, to lead the then tiny band of engineers and marketers.
We grew as fast as we could, barely keeping up with the early success of the Java
platform and the industry alliances we’d made around it. Even then, when the
focus was on applets running in browsers, when version 1.0 had not yet shipped,
there were two brilliant engineers with a different idea—Rick Cattell and Graham
Hamilton. They were thinking about the Java runtime environment on servers, and
even mainframes. Because of them, the now ubiquitous JDBCTM technology was
the first significant addition to the Java platform. Many excellent engineers have
followed Rick and Graham. But they started it. I’m pleased that I was clever
enough to listen to them as we expanded the group and the vision for the platform.
Until recently, “rocket scientists” have been needed to build the applications
the industry clamored for—applications that create new ways to do business over
the Internet while drawing on the resources already in place, such as databases,
xiii
xiv
FOREWORD
transaction systems, inventory systems, invoicing systems, and credit systems.
These applications need to scale to thousands, even millions, of users. They must
interact with a wide array of legacy technologies that can’t be replaced, and they
have to be built in a hurry. The engineers who can build them are few—the rocket
scientists of our industry. But Rick and Graham saw a way to make the process a
lot easier by building the rocket science into the Java platform, bringing portability and consistency through industry standardization, enabling quick adoption by
adapting to the systems already in place, and making development much easier by
automating most of the complicated details of server programming. These ideas
became the underpinnings of the Java 2 Platform, Enterprise Edition.
JDBC was a huge hit. As soon as the Java community released it, drivers for
all the important databases materialized in the market. Applications using JDBC
rapidly appeared in large numbers. The success of JDBC lead to a parade of other
middleware and database adapter projects—the Java Naming and Directory InterfaceTM API for uniform access to naming and directory services, the Java Message
Service for asynchronous exchange of data and events, the Java Transaction API
and Java Transaction Service for transactions, JavaServer PagesTM technology for
building dynamic Web pages, Java XML for developing XML-oriented applications, and the Enterprise JavaBeansTM architecture, a component model for server
applications. All of these were developed in collaboration with industry partners
in a process created by Rick and Graham and later refined and formalized as the
Java Community Process.
The seminal offering of JDBC in 1996 soon grew into an amazing array of
facilities, each with its own acronym and release plan. For those who didn’t live
with the various “J*’s” (and for some of us who did) it could be confusing. When
vendors announced support for Enterprise JavaBeansTM 1.0 before the specification had been completed, we realized it was time to make this now very successful
portfolio a little easier to understand and manage.
The Java 2 Platform, Enterprise Edition (J2EETM platform) brings all of these
pieces together. The J2EE platform is defined by four key pieces: the specification, the reference implementation, the compatibility test suite, and the J2EE
Blueprints design guidelines. The specification defines how the J2EE platform
works, whether it is included in an application server, a database, or anywhere
else. The reference implementation is useful for experimenting with the J2EE
platform and it offers a working standard for comparison. The compatibility test
suite ensures that J2EE vendors implement fully compliant versions of the platform to ensure “Write Once, Run Anywhere” portability, and these design guidelines show developers how the pieces fit together to make up complete
FOREWORD
applications. The key J2EE specifications are published in Java 2 Platform, Enterprise Edition : Platform and Components Specifications (also from Addison-Wesley), while supplemental specifications are available at />j2ee. The reference implementation used to create the examples in this book is
available on the Sun Microsystems Java Software Web site at http://
java.sun.com/j2ee/download.html.
Many people contributed to the Java 2 Platform, Enterprise Edition. Mala
Chandra joined the group to lead the server efforts and quickly became the chief
crusader. Her passion and determination carried the project around, over, or
through many obstacles. Jeff Jackson, Connie Weiss, Karen Tegan, and Tom
Kincaid provided exceptional engineering management. Technical leadership
came from many, including Mark Hapner, Vlada Matena, Bill Shannon, Shel
Finkelstein, Eduardo Pelegri-Llopart, Larry Cable, and Nick Kassem. Bill Roth,
Gina Centoni, George Paolini, and Kathy Knutsen kept the Sun crew connected to
the industry.
A staggering list of companies helped build this new server platform—a
“Who’s Who” of the industry; big, small, old and new. BEA Systems, IBM,
Oracle and Sun Microsystems stand out as the companies who worked on nearly
every piece, but they were never alone. Many companies sent their most senior
architects and engineers and their most experienced managers to quickly build a
common platform that set a new standard for ease of development, scalability, and
applicability. They put these new Java platform technologies in their products,
both old and new. The most widely deployed databases and the newest development tools from Silicon Valley startups now share the same interfaces. We are all
the beneficiaries of their foresight and commitment.
In many ways, this book represents the culmination of these collective efforts.
Designing Enterprise Applications with the Java 2 Platform, Enterprise Edition
effectively demonstrates how this new platform simplifies and streamlines the
design, development, and deployment of a new generation of enterprise applications.
Jon Kannegaard
Vice President and Deputy Director
Sun Microsystems Laboratories
Mountain View, California
March 20, 2000
xv
Preface
THIS book describes a standard approach to designing multitier enterprise applications with the Java™ 2 Platform, Enterprise Edition. The book does not contain
information on how to use individual J2EE™ technologies to develop applications, but rather focuses on guidelines for distributing application functionality
across tiers and choosing among design options within each tier.
The book describes the principles and technologies employed in building J2EE
applications and the specific approach adopted by a sample application. Striking a
balance between specificity on the one hand, and articulating broader principles
on the other, is never easy. The hope is that the principles presented are both consistent with and complement the sample application documented in the book.
This book is most relevant to IT managers, system architects, and enterprise
application developers considering a transition to or intending to use the J2EE platform or vendors providing J2EE products.
How This Book Is Organized
This book contains the following chapters:
• Chapter 1, “Introduction,” discusses challenges in building enterprise applications and describes how the J2EE platform addresses those challenges. The
chapter also discusses application scenarios that the J2EE platform supports.
• Chapter 2, “J2EE Platform Technologies,” provides an overview of the
component, service, and communication technologies supported by the J2EE
platform.
• Chapter 3, “The Client Tier,” presents implementation options for J2EE clients and provides guidelines for choosing among these options.
• Chapter 4, “The Web Tier,” describes technologies available for supporting
development in the Web tier. It includes guidelines and techniques for using
J2EE Web components and describes several Web application architectures.
• Chapter 5, “The Enterprise JavaBeans Tier,” describes the capabilities of
xvii
xviii
PREFACE
the EJB tier of the J2EE platform and discusses design choices for implementing business logic.
• Chapter 6, “The Enterprise Information System Tier,” describes recommended approaches for accessing enterprise information systems and how J2EE
components must be configured to access them.
• Chapter 7, “Packaging and Deployment,” describes the capabilities provided by the J2EE platform for packaging and deploying J2EE applications, provides heuristics and practical tips on how to use these capabilities, and
provides recommendations to the vendors who provide deployment tools.
• Chapter 8, “Transaction Management,” describes the transaction services
provided by the J2EE platform and provides recommendations on how to best
use those services.
• Chapter 9, “Security,” describes the mapping of the J2EE security model to
enterprise computing environments and infrastructures.
• Chapter 10, “The Sample Application,” illustrates the J2EE programming
model in the context of an in-depth description of a multitier J2EE application.
• “Glossary,” is a list of words and phrases found in this book and their definitions.
Obtaining the Sample Application
You can download the sample application described in this book from:
/>
The sample application requires a J2EE v1.2 compliant platform on which to
run. From the sample application download page you can also download Sun’s
J2EE SDK, a freely available implementation of the J2EE v1.2 platform.
Related Information
Pointers to J2EE documentation can be found at:
/>
PREFACE
For information on how to use the J2EE SDK to construct multitier enterprise applications refer to the J2EE Developer’s Guide, available at:
/>
The J2EE technologies cited in this book are described in their specifications:
• Java™ 2 Platform, Enterprise Edition Specification, Version 1.2 (J2EE specification). Copyright 1999, Sun Microsystems, Inc. Available at />• Java™ 2 Platform, Standard Edition, Version 1.2.2 (J2SE specification).
Copyright 1993-99, Sun Microsystems, Inc. Available at />• Java™ Servlet Specification, Version 2.2 (Servlet specification). Copyright
1998, 1999, Sun Microsystems, Inc. Available at />• JavaServer Pages™ Specification, Version 1.1 (JSP specification). Copyright
1998, 1999, Sun Microsystems, Inc. Available at />• Enterprise JavaBeans™ Specification, Version 1.1 (EJB specification). Copyright 1998, 1999, Sun Microsystems, Inc. Available at />products/ejb.
• JDBC™ 2.0 API (JDBC specification). Copyright 1998, 1999, Sun Microsystems, Inc. Available at />• JDBC™ 2.0 Standard Extension API (JDBC extension specification). Copyright 1998, 1999, Sun Microsystems, Inc. Available at />products/jdbc.
• Java™ Transaction API, Version 1.0.1 (JTA specification). Copyright 1998,
1999, Sun Microsystems, Inc. Available at />jta.
• Java™ Transaction Service, Version 0.95 (JTS specification). Copyright
1997-1999, Sun Microsystems, Inc. Available at />• Java Naming and Directory Interface™, Version 1.2 (JNDI specification).
xix
xx
PREFACE
Copyright 1998, 1999, Sun Microsystems, Inc. Available at />• Java IDL. Copyright 1993-99, Sun Microsystems, Inc. Available at http://
java.sun.com/products/jdk/1.2/docs/guide/idl/index.html.
• RMI over IIOP 1.0.1. Available at />• Java™ Message Service, Version 1.0.2 (JMS specification). Copyright 1998,
Sun Microsystems, Inc. Available at />• JavaMail™ API Design Specification, Version 1.1 (JavaMail specification).
Copyright 1998, Sun Microsystems, Inc. Available at />products/javamail.
• JavaBeans™ Activation Framework Specification, Version 1.0.1 (JAF specification). Copyright 1998, Sun Microsystems, Inc. Available at />
Typographic Conventions
Table 1 describes the typographic conventions used in this book.
Table 1
Typeface or
Symbol
Typographic Conventions
Meaning
Example
AaBbCc123
The names of commands, files,
and directories; interface, class,
method, and deployment
descriptor element names;
programming language
keywords
Edit the file Main.jsp.
How to retrieve a UserTransaction
object.
Specify the resource-ref element.
AaBbCc123
Variable name
The files are named XYZfile.
AaBbCc123
Book titles, new words or terms,
or words to be emphasized
Read Chapter 6 in User’s Guide. These
are called class options. You must be
root to do this.
PREFACE
Acknowledgments
This book is the result of many people’s efforts.
Each Enterprise Team member had primary responsibility for one chapter and
made significant contributions to other chapters. In addition, Danny Coward wrote
the initial draft of the deployment chapter.
The authors of the J2EE specifications and the developers of the reference
implementation provided useful input at various points during the development of
the J2EE programming model.
We are indebted to Rick Cattell, Bill Shannon, Mark Hapner, John Crupi,
Sean Brydon, and many other reviewers who provided feedback on early versions
of the manuscript.
Jim Inscore and Stephanie Bodoff provided editorial oversight of this project.
xxi
About the Author
NICHOLAS KASSEM is a Senior Staff Engineer with Sun Microsystems and has
influenced and had responsibility for a number of technologies and initiatives within
Java Software including the Java Web Server, Java Embedded Server, the Servlet API,
JavaServer Pages, Java Message Queuing, and the J2EE programming model. He is currently leading the XML Messaging initiative.
Nicholas has over twenty years industry experience and has held senior engineering and management positions at Philips (Data Systems) and the Santa Cruz Operation. He has had direct responsibility for a wide variety of engineering projects
including the development of Data Communications Gateway Hardware (DISOSS),
Novell and Lan Manager protocol stacks, and an implementation of OSF DCE on
SCO UNIX. He is an Engineering Graduate of Birmingham University in the UK.
C H A P T E R
1
Introduction
by Nicholas Kassem
THE Internet and World Wide Web represent a foundation on which enterprises
are working to build an information economy. In this economy, information takes on
as much value as goods and services, and becomes a vital part of the market. The
information economy challenges today’s enterprises to radically re-think the way
they do business.
Predictions about the future of this economy range from glowing scenarios of
dynamic new business, industrial, and financial environments capable of unlimited expansion, to gloom and doom prophecies of overinflated expectations and
unsustainable hypergrowth. Whatever the predictions, the reality is that enterprises have always tried to gain a competitive advantage by any reasonable means
at their disposal, including the latest technologies. This is a natural survival
instinct: all viable enterprises, including for-profit, non-profit, and government
institutions, continuously look for ways to keep pace by adopting such changes.
Complacent organizations routinely fall by the wayside, while the innovators
work to transform new challenges into business success.
In the information economy, information assets take on far-reaching strategic
value to an organization. The ability to capitalize on this value is key to success.
Organizations that succeed will do so by increasing their productivity in moving
information into the marketplace.
While these may appear to be new challenges, in many ways the Internet and
World Wide Web only intensify a challenge that has long faced information technology professionals: the demand for responsive management of information
assets. The initial response to this demand was to ensure that all critical business
functions were effectively managed by computerized systems. More recently, the
response has been to strive for greater integration among these systems, and
1
2
CHAPTER 1
INTRODUCTION
increased ability to correlate data from disparate sources into information that
serves specific strategic needs. Corporate mergers, acquisitions, and partnerships
have provided additional incentive for organizations to integrate such information.
Distributed custom applications are the packages in which an organization
delivers information as a commodity. Custom applications add value to and
extract value from the information assets of an organization. They allow IT organizations to target specific functionality to specific user needs. By making information available within an organization, they add strategic value to the
management and planning processes. By selectively projecting information assets
outside the organization, they enable exchanges that are mutually valuable to customers, suppliers, and the organization itself.
In the competitive environment of the information economy, response time is
key to the value of custom applications to the enterprise. Organizations need to
quickly develop and deploy custom applications, and to easily refine and enhance
them to improve their value. They need ways to simply and efficiently integrate
these applications with existing enterprise information systems, and to scale them
effortlessly to meet changing demands. All these factors affect an organization’s
ability to respond quickly to changes in the competitive environment.
The goal of the JavaTM 2 Platform, Enterprise Edition (J2EETM platform) is to
define a standard of functionality that helps meet these challenges and thus
increases the competitiveness of enterprises in the information economy. The
J2EE platform supports distributed applications that take advantage of a wide
range of new and evolving technologies, while simplifying development through a
component-based application model. The J2EE model supports applications
ranging from traditional client-server applications delivered over corporate intranets to e-commerce Web sites on the Internet.
In presenting the J2EETM Blueprints programming model, this book hopes to
provide enterprise application developers with a strategic perspective on the challenges of the information economy, and a methodical exploration of ways the
J2EE platform supports custom applications to meet a reasonably broad range of
application requirements. The underlying theme of this discussion is that the J2EE
platform provides a single, unified standard that enhances the opportunity for
enterprises to project their business information systems beyond their historical
borders, while avoiding risks inherent in the task.
This book approaches the J2EE Blueprints programming model by taking a
logical view of enterprise platforms and suggesting ways to partition application
functionality to use the technologies provided by the J2EE platform most effectively. The intent is to divide the problem of architecting and developing multitier
CHALLENGES OF ENTERPRISE APPLICATION DEVELOPMENT
applications with J2EE into manageable portions, then apply appropriate technologies to the portions, leading to more maintainable and scalable solutions. In the
process, certain simplifying assumptions are made, not to trivialize certain factors,
but to focus on the essential J2EE theme. Note that none of the statements in this
book should be interpreted as mandates or requirements, but rather as advice, suggestions, and simple recommendations.
1.1
Challenges of Enterprise Application Development
While timing has always been a critical factor to adopting new technologies, the
accelerated pace inherent in a virtual, information-driven business model has put
even greater emphasis on response times. To leverage Internet economics, it’s
imperative not only to project enterprise systems into various client channels, but to
do so repeatedly and in a timely manner, with frequent updates to both information
and services. The principal challenge is therefore one of keeping up with the Internet’s hyper-competitive pace while maintaining and leveraging the value of existing
business systems. In this environment, timeliness is absolutely critical in gaining
and maintaining a competitive edge. A number of factors can enhance or impede an
organization’s ability to deliver custom enterprise applications quickly, and to maximize their value over their lifetime.
1.1.1
Programming Productivity
The ability to develop and deploy applications is key to success in the information
economy. Applications need to go quickly from prototype to production, and to continue evolving even after they are deployed.
Productivity is thus vital to responsive application development. Providing
application development teams with standard means to access the services
required by multitier applications, and standard ways to support a variety of clients, can contribute to both responsiveness and flexibility.
One destabilizing factor in Internet and other distributed computing applications is the current divergence of technologies and programming models. Historically (in Web terms), technologies such as HTML and CGI have provided a
mechanism for distributing dynamic content, while backend systems such as
transaction processors and database management systems have provided controlled access to the data to be presented and manipulated. These technologies
present a diversity of programming models, some based on well-defined stan-
3
4
CHAPTER 1
INTRODUCTION
dards, others on more ad-hoc standards, and others still on proprietary architectures.
With no single application model, it can be difficult for teams to communicate
application requirements effectively and productively. As a result, the process of
architecting applications becomes more complex. What’s more, the skill sets
required to integrate these technologies aren’t well organized for effective division
of labor. For example, CGI development requires coders to define both content
and layout to appear on a dynamic Web page.
Another complicating factor in application development time is the choice of
clients. While many applications can be distributed to Web browser clients
through static or dynamically generated HTML, others may need to support a specific type of client, or to support several types of clients simultaneously. The programming model needs to support a variety of client configurations, with
minimum effect on basic application architecture or the core business logic of the
application.
1.1.2
Response to Demand
Imagine a brick-and-mortar business trying to increase its customer base by a scale
of 10. How much time and effort would they expend on remodelling storefronts,
building new warehouses, and so on, to keep up? The fact is, the constant rework
would drastically impact their ability to serve the customers they’re trying to attract.
This holds for businesses in the information economy as well. The ability for
applications to scale easily and automatically to accommodate anticipated—or
unexpected—growth is key to achieving the goals. Systems that require any
restructuring or redeployment to scale will impede growth and diminish the company’s expected performance.
In order to scale effectively, systems need to be designed to handle multiple
client interactions with ease. They need mechanisms for efficient management of
system resources and services such as database connections and transactions.
They need to have access to features such as automatic load balancing without any
effort on the part of the application developer. Applications should be able to run
on any server appropriate to anticipated client volumes, and to easily switch server
configurations when the need arises.
CHALLENGES OF ENTERPRISE APPLICATION DEVELOPMENT
1.1.3
Integration with Existing Systems
Much of the data of value to organizations has been collected over the years by
existing information systems. Much of the programming investment resides in
applications on those same systems. The challenge for developers of enterprise
applications is how to reuse and commoditize this value.
To achieve this goal, application developers needs standard ways to access
middle-tier and backend services such as database management systems and
transaction monitors. They also need systems that provide these services consistently, so that new programming models or styles aren’t required as integration
expands to encompass various systems within an enterprise.
1.1.4
Freedom to Choose
Application development responsiveness requires the ability to mix and match solutions to come up with the optimum configuration for the task at hand. Freedom of
choice in enterprise application development should extend from servers to tools to
components.
Choices among server products gives an organization the ability to select configurations tailored to their application requirements. It also provides the ability to
move quickly and easily from one configuration to another as internal and external
demand requires.
Access to the appropriate tools for the job is another important choice. Development teams should be able to adopt new tools as new needs arise, including
tools from server vendors and third-party tool developers. What’s more, each
member of a development team should have access to tools most appropriate to
their skill set and contribution.
Finally, developers should be able to choose from a ready market of off-theshelf application components to take advantage of external expertise and to
enhance development productivity.
1.1.5
Maintaining Security
Somewhat ironically, projecting information assets to extract their value can jeopardize that very value. Traditionally, IT departments have been able to maintain a relatively high level of control over the environment of both servers and clients. When
information assets are projected into less-protected environments, it becomes
increasingly important to maintain tight security over the most sensitive assets,
while allowing seemingly unencumbered access to others.
5
