In this chapter we will see how to implement the standard Java EE security in a WebLogic Enterprise application, with extensive use of real world examples, and finish with a fully complete Maven project that you can deploy with a goal into your development server.
Now we will create, step-by-step, a secure application using Maven, the Oracle Maven plugin, and of course the WebLogic server. A prerequisite for this is that Maven 3 should be installed and properly configured. See the official Maven site for information about how to download and install Maven, at http://maven.apache.org.
The following are the steps we need to follow to create the application that we will be using during this chapter:
- Create the parent Project Object Model (POM) by navigating to the project folder from the command-line tool and launching the following command:
mvn archetype:generate -Dversion=1.0-SNAPSHOT -DgroupId=net.lucamasini.security -DartifactId=chapter3 -DarchetypeArtifactId=pom-root -DarchetypeGroupId=org.codehaus.mojo.archetypes - Navigate to the newly created
chapter3folder using the command-line tool and create the EAR module, as follows:mvn archetype:generate -Dversion=1.0-SNAPSHOT -DgroupId=net.lucamasini.security -DartifactId=chapter3-ear -DarchetypeArtifactId=ear-javaee6 -DarchetypeGroupId=org.codehaus.mojo.archetypes - In the same way, create an EJB module using the following command:
mvn archetype:generate -Dversion=1.0-SNAPSHOT -DgroupId=net.lucamasini.security -DartifactId=chapter3-ejb -DarchetypeArtifactId=ejb-javaee6 -DarchetypeGroupId=org.codehaus.mojo.archetypes - Finally, create a web module using the following command:
mvn archetype:generate -Dversion=1.0-SNAPSHOT -DgroupId=net.lucamasini.security -DartifactId=chapter3-web -DarchetypeArtifactId=webapp-javaee6 -DarchetypeGroupId=org.codehaus.mojo.archetypes
To test if everything was correctly configured, we can now launch an install by navigating to the parent folder and executing the following command:
mvn install
Also check if an EAR file is created in the chapter3-ear/target folder; look out for the following file:
chapter3-ear-1.0-SNAPSHOT.ear
The EAR file that is created is completely empty, because the Maven EAR plugin looks at the EAR module dependencies to create an enterprise module, so now we need to add the following dependencies into the EAR pom.xml file:
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${parent.artifactId}-ejb</artifactId>
<version>${project.version}</version>
<type>ejb</type>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${parent.artifactId}-web</artifactId>
<version>${project.version}</version>
<type>war</type>
</dependency>
</dependencies>The EAR is not yet a valid Enterprise application for WebLogic; we still need to add an Enterprise Bean into the EJB module. The following is the simplest Bean we can code:
package net.lucamasini.security;
import javax.ejb.Stateless;
@Stateless
public class MySimpleNoInterfaceBean {
public String echo(String input) {
return "$"+input+"$";
}
}Finally, we
have a working EAR! If you have WebLogic running, you can deploy it and go to the http://localhost:7001/chapter3-web URL, after which the following output is displayed:
In case you don't have one, you will learn how to create a domain, launch a server, and deploy the EAR in the upcoming sections.
A copy of WebLogic Server 12c can be downloaded from Oracle TechNet at http://www.oracle.com/technetwork/index.html (the downsized ZIP file for developers should be about 180 MB). After we get the binaries, we need to extract the following two files from the archive by using the following commands for the respective files:
unzip /Users/lucamasini/Downloads/wls1211_dev.zip wlserver/server/lib/wls-maven-plugin.jar.pack unzip /Users/lucamasini/Downloads/wls1211_dev.zip wlserver/server/lib/pom.xml
Use the following command to unpack the JAR:
unpack200 -r wlserver/server/lib/wls-maven-plugin.jar.pack wlserver/server/lib/wls-maven-plugin.jar
Now that we have everything we need to issue the installation of the plugin into the localRepository element, execute the following command:
cd wlserver/server/lib mvn install mvn install:install-file -Dfile=wls-maven-plugin.jar -DpomFile=pom.xml
Also add the
plugin groupId to the set of the default groups, as follows:
<pluginGroups> <pluginGroup>com.oracle.weblogic</pluginGroup> </pluginGroups>
Edit the global settings.xml file (run mvn -X | grep global to see where you can find it in your environment).
Now we must navigate to the EAR folder chapter3/chapter3-ear and launch a local installation of WebLogic Server, the one we will use throughout this book, as follows:
mvn wls:install -DartifactLocation=/Users/lucamasini/Downloads/wls1211_dev.zip
Now we only need a domain to start, with a username and password for the administrator account, so execute the following command:
mvn wls:create-domain -Duser=weblogic -Dpassword=weblog1c
Tip
64-bit Java Virtual Machine
Under 64-bit systems, we need to enlarge the Permanent Generation space if we are using the HotSpot JVM. Export this environment variable before launching the server, as follows:
export USER_MEM_ARGS="-Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m"
Finally, we can launch our development server as follows:
mvn wls:start-server
If everything is right, we can tail the output file (look into the previous command log for stdout) and see if the server is in the RUNNING mode, as follows:
<Notice> <WebLogicServer> <BEA-000360> <The server started in RUNNING mode.>
Another test we can do is to check if we can stop it gracefully, using the following:
mvn wls:stop-server -Duser=weblogic -Dpassword=weblog1c
Since
the user and password elements are often used during development, we can configure the plugin on the EAR module's pom.xml file so that we don't need to pass them every time, using the following code snippet:
<build>
<plugins>
<plugin>
<groupId>com.oracle.weblogic</groupId>
<artifactId>wls-maven-plugin</artifactId>
<version>12.1.1.0</version>
<configuration>
<user>weblogic</user>
<password>weblog1c</password>
<verbose>true</verbose>
</configuration>
</plugin>
</plugins>
</build>Now that we have configured our development environment, we can start deploying the application into the already running WebLogic Server domain.
Tip
Debugging your Enterprise application
Often we need to attach a debugger to our running application; for this we can export the following environment variable before running the start-server goal. This way the Java Virtual Machine will accept connections on the 55822 port from the local/remote debugger.
export JAVA_OPTIONS="-Xdebug -Xrunjdwp:transport=dt_socket,address=127.0.0.1:55822,suspend=n,server=y"
Now that we have our simple application and are running WebLogic Server, we can start developing by simply doing an install using the following command:
mvn install
This command is executed in the root POM folder. From the EAR module folder, execute the following:
wls:deploy -Dname=chapter3-ear
There are many reasons why you can't consider this as an agile development lifecycle, but the main reason is that you need to repackage the entire application every time you change a class or a deployment descriptor.
In fact these are two separate problems that are resolved by tools/technologies that are shipped with WebLogic: fast-swap and split deployment, described as follows:
- Split deployment: This is a set of folder layout and WebLogic tools that allow the developer to redeploy the application faster without file copying or application archive creation
- Fast-swap: This is an enhancement to the Java EE runtime class redefinition that allows the reloading of modified classes into a running application's class loader
But you can't use them out of the box in your Maven application, because of the following reasons:
- Fast-swap is not compatible with the 64 bit development box, a common development configuration these days
- Split deployment uses folder layout that is not conventional for Maven users
To solve the fast-swap issue you can use a JVM that supports bytecode reload—like the open source Dynamic Code Evolution VM (DCEVM)—or use JRebel from http://zeroturnaround.com/ (which also supports resource reload).
Solving the split deployment problem leads us to write some Maven configurations. We first need to configure the beabuild-generator-plugin into the root pom.xml file as follows:
<pluginRepositories>
<pluginRepository>
<id>beabuild.release</id>
<name>Beabuild Release Repository</name>
<url>http://maven-beabuild-plugin.googlecode.com/svn/maven2/releases</url>
</pluginRepository>
</pluginRepositories>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>beabuild-generator-plugin</artifactId>
<version>0.9.3</version>
<executions>
<execution>
<id>generate</id>
<goals>
<goal>generate-beabuild</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
</build>And then into the EAR and WAR modules' pom.xml file, insert the following code:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>beabuild-generator-plugin</artifactId>
</plugin>Now execute mvn install from the root POM and a new file will be generated, named .beabuild.txt. This will contain a catalog that WebLogic will use in place of the standard Java EE layout to create the application that will be deployed. The plugin knows how Maven works, so you will find in those files all the dependencies required at runtime that are referenced as libraries, classes into target/classes, and the webapp folder where our WAR resources are contained.
By working this way we can forget about packaging our application; all we need to do is make an install from the root folder every time we add or remove a dependency, and then run the standard deploy goal pointing as source at the folder containing the .beabuild.txt file. This can be configured into our EAR module's POM by adding the following tags to the WebLogic plugin configuration:
<name>${project.artifactId}</name>
<source>${basedir}/src/main/application</source>We also need the application.xml file, which is not mandatory in a Java EE 6 application but is necessary for WebLogic when we use this kind of deployment. The following code, if inserted in the EAR POM, will automatically generate the application.xml file for us:
<executions>
<execution>
<id>generate-application-xml</id>
<phase>install</phase>
<goals>
<goal>generate-application-xml</goal>
<goal>ear</goal>
</goals>
</execution>
</executions>We also need to exclude the .beabuild.txt file. From the generated EAR or WebLogic will try to do split deployment in production mode when this file is found and tell where application.xml will be generated, by using the following code:
<generatedDescriptorLocation>${project.basedir}/src/main/application/META-INF/</generatedDescriptorLocation>
<earSourceExcludes>.beabuild.txt</earSourceExcludes>The previous tag in the EAR plugin configuration does all the dirty work. Now we can run install from the root module for the first time so that application.xml and .beabuild.txt will be generated, by using the following command:
mvn install
From now on, deploy our application from the EAR module with only the following simple command:
mvn wls:deploy
We don't need to package the application anymore!
To summarize, using a JVM that reloads classes and resources and the beabuild-plugin, our development lifecycle will be able to do the following:
- Compile with the IDE for changes to the source code
- If you also change some deployment descriptors or annotations, then launch
mvn wls:deployfrom the EAR module, without packaging the application
That's what we call an agile development workflow!