REST TX, Clustering, Dead SOAP, Timers, Microservices vs. Monolith, Principal Propagation or Questions for the 12th Airhacks

Last chance to ask questions. We will discuss them at 2nd March, 6.PM. CET: http://www.ustream.tv/channel/adambien:

1. HTTP Session Replication and Clustering discussion Piotrek
2. I have a question for you :) You may even queue it up for an upcoming stream, but I’m really curious! You stated that SOAP (support?) could even be removed from the API.I just got into the SOAP world a few months ago, came from a REST background, and I am really confident that it still has it’s place. The type safety, and the tools that Java gives us are really great. Why do people hate it so much nowadays? Plus in the finance sector they are relying on it really heavily still, so it’s a good thing to be familiar with either way IMHO. noherczeg
3. Can two ejb modules communicate with each other through local interfaces in the same app server or JVM? (…) Viktor Citaku
4. What’s the most effective/elegant way of implementing single-table multi-tenancy (with discriminator column) in JPA2/2.1 without using provider specific (like that of EclipseLink 2.5) [Mátyás B.]
5. Example scenario: a J2EE app utilizing single-table multi-tenancy that would allow users to sign-in using either Facebook, Google, Paypal, etc. as well as using native accounts (username/pw in the application’s DB itself) while using the HTML UI of the App. Its REST Resources would need a ‘token’ to authenticate. App server: GF 4.1
6. Do we need to propagate the security context (Subject/Principals) to EJBs if using a form-based authentication? Isn’t it better (and almost easier) to use custom annotations and interceptors to implement a “permission” based security (as opposed to the container’s role based security)? Octopus (https://bitbucket.org/contribute-bitbucket/javaeesecurityfirst) comes to my mind.
7. Would a JASPIC ServerAuthenticationModule (SAM) fit this scenario? How to tell SAM which authentication method to start based on the user’s choice? Similarly, how to tell JASPIC that the REST resources need a completely different ‘SAM’? ratcashdev
8. Single timer event of a EJB timers in a distributed application [Tibor D.]
9. What do you think about gradle? What about use gradle instead of maven? Can you talk a little bit about this subject? @Brunos_Santos
10. With Java 8 and streams I do not really get how the exception handling should work when composing several functions? (Michael G.)
11. “I’ve added beans.xml, but I read somewhere we don’t need it in JavaEE 7? The error is gone even if the file is empty!!” PoslovniAdresar
12. “Can we set scheduler time from some property file so that we don’t need to
    recompile for changing time? Also, while executing scheduler, can I set next execution time at runtime?” Valsaraj
13. Can we get @scheduler configurations details from properties file? like sec,min… Ravi
14. (...) In one of your past presentations, I believe I remember you saying that being monolithic is your friend, vs nowadays there’s a lot of discussion around microservices. Can the ideas of “monolithic is your friend” and microservices still peacefully co-exist in your mind? John Hogan

15. REST is stateless:

    Some are claiming, that you should not even keep any client state on the server (no session, nothing).

    Does this not imply, that Java EE server sessions should not be generated for requests at all?

    How would you do that with stateful session beans then? I guess, they are completely out of scope for REST?

    Does this mean, that each request should contain a reference or concrete information about eg. user credentials or client state if the server needs that information? Is that not producing a huge communication overhead in some scenarios?
16. How would you implement a user authentication with a UI based on a pure RESTful API? With tokens? How to pass and maintain tokens and invalidate “sessions” without keeping client state on the server? Would that not also be a potential performance problem, as the token (and thus, every single API request needing authorization) would normally always have to be sent over HTTPS to avoid being intercepted and risk identity theft?
17. How would you maintain transactions over several REST API calls? Is that at all possible with REST? Or would it simply be maintained completely on client side until final submission? (I have read eg. this resource https://jcalcote.wordpress.com/2009/08/06/restful-transactions/, but I am not fully convinced by the solution, or maybe miss some points) [heppa](https://gist.github.com/heppa

18. @Entity

    @PrimaryKey(validation=IdValidation.NONE, columns={@column(name=“a”), @column(name=“b”, @column(name=“c”)})

    public class MyView implements Serializable ……

    If I run the query (as JUnit test) then I will receive the following error message:

    Exception [EclipseLink–6044] (Eclipse Persistence Services - 2.5.1. …..

    org.eclipse.persistence.exceptions.QueryException Exception Description: The primary key read from the row [row omitted here] during the execution of the query was detected to be null. Primary keys must not contain null. jhoryna
19. How would you structure your web application to keep one code base for several customers each with their own customizations? haisi

See also the airhacks archives airhacks.tv for past shows and subscribe to the airhacksnews.com.

See you at Java EE Workshops at Munich Airport, Terminal 2 or Virtual Dedicated Workshops / consulting