Thursday, August 9, 2012

Book Review: Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications

As I described in an earlier post, Packt Publishing invited me to review the book Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications. In this post, I provide a review of the strengths and weaknesses of this book along with an idea of the type of person who would gain the most from reading this book. Before doing that, I summarize the recipes covered in each chapter.

Chapter 1

The first chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications covers portions of the Java EE specification that are changing names or being removed from the Java EE specification altogether before moving onto brief introductions of new things being added to the Java EE specification. The chapter covers the "pruning" of "old APIs" such as JAX-RPC (renamed JAX-WS), JAXR, entity EJB (replaced by JPA), JSR 77, and JSR 88.

New Java EE 6 features introduced briefly in this first chapter include JSR 175 and JSR 250 annotations, JSR 299 and JSR 330 Context Dependency Injection (CDI), EJB 3.1, Java Persistence API 2.0, JAX-RS 1.1, Servlet 3.0, JavaServer Faces 2.0, Bean Validation 1.0, and Profiles.

Chapter 2

The second chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications provides more detailed coverage of JPA 2.0 introduced in the initial chapter. The chapter begins with more coverage of @CollectionTable and includes a couple recipes with quite a bit of code to demonstrate new JPA 2.0 functionality.

This second chapter also discusses profiling with JPA 2.0 and provides recipes using YourKit and IntelliJ IDE. This was probably my least favorite chapter in the book.

Chapter 3

Chapter 3 of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications is on "Security" and begins with an introduction of basic security-related terminology. The chapter also introduces GlassFish and Tomcat before covering authentication with Java EE. The chapter then moves onto authorization and specifying security settings via annotations. Significant attention is aid in this chapter to signing Java JARs before inclusion of a recipe on configuring Linux firewalls used with Tomcat.

The third chapter concludes with recipes on obfuscating and minimizing Java compiled code. I really like the example Groovy/Gradle script and equivalent Ant XML that show how to create an obfuscated JAR using yGuard. Another recipe demonstrates use of Yahoo's YUI Compressor to minimize JavaScript and CSS code size.

Chapter 4

Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications's fourth chapter is on "Enterprise Testing Strategies," a topic that can be a little tricky at times. The first recipe in this chapter demonstrates "how to attach a remote debugger process to a Maven build running outside of the IDE." This is another recipe that features Gradle in part of its example.

Another recipe in Chapter 4 examines use of DBUnit and JUnit with Enterprise Java applications. Each tool is introduced and I like the simple graphic that cleanly articulates the JUnit lifecycle.

The fourth chapter's examples build on examples introduced in the second chapter. The author starts by covering static imports of JUnit and Hamcrest classes.

Another recipe of Chapter 4 focuses on mocking and highlights use of Mockito and PowerMock. For the recipe on "testing HTTP endpoints," Selenium is the tool of choice. soapUI is used for the recipe on testing web services (JAX-WS and JAX-RS). The final recipe of the chapter builds on this and provides another great example of using Groovy in the development process.

Chapter 5

The fifth chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications is on "Extending Enterprise Applications" and talks about use of Groovy, Jython, Scala, AspectJ, and "two standard Java EE 6 extensions" (CDI Decorators and Interceptors) with enterprise Java.

The recipe in this chapter on Groovy explains the scope of coverage: "we will not cover all the inner-workings of the Groovy language and all the benefits from this JVM language, but we will cover how to integrate Groovy into a new or existing Enterprise Application and how to use Groovy for unit testing." The Groovy recipe introduces GMaven and shows use of Groovy with Maven, Ant, and unit testing Java applications.

A recipe in Chapter 6 centered on Jython demonstrates "using Jython to create a Java Servlet and access Java classes from within the Jython script dynamically." The recipe focused on Scala, like the recipes in the same chapter on Groovy and Jython, starts with use of Maven. The recipe on Scala demonstrates using Scala for Java unit testing.

The recipe "Weaving AspectJ advice into Enterprise Applications" begins with descriptions of key aspect-oriented programming terms such as aspects, cross-cutting concerns, advice, pointcut, weaving, and joinpoint. This recipe briefly shows how to use AspectJ at compilation time. The next recipe, "Weaving AspectJ advice into existing libraries," demonstrates using AspectJ with pre-existing libraries and further discusses the AspectJ compiler (ajc).

The recipe "Adding advice with CDI Decorators" starts with discussion of interceptors in general before focusing on CDI decorators specifically. The recipe contrasts the common differentiating attributes of decorators versus interceptors: decorators implement business logic and intercept specific business methods while interceptors are more general and address cross-cutting concerns rather than implement specific business logic. CDI interceptors are the focus of the final recipe of the fifth chapter. Both CDI-related recipes of the fifth chapter include examples using JBoss's JSR 299 implementation (Weld).

Chapter 6

Chapter 6 of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications covers "recipes that touch on the issues, considerations, and options related to extending enterprise development efforts into mobile application development," but also starts with an important caveat: "With the mobile device and tool landscape changing daily, it will be difficult to cover certain specific implementations, but we can cover many of the options available and considerations that can be assessed when integrating mobile applications into an enterprise project."

As advertised, the sixth chapter provides an overview of considerations to be made in the mobile space and lists examples of and pros and cons of using "mobile-web framework projects", "native code generators", and "native web runtimes." The chapter then moves onto discussion of considerations to be made related to native mobile application development with focus on development, deployment, and distribution with Apple and Android.

Two recipes of the sixth chapter list some tools for mobile device application design and testing and there is an extensive recipe on "setting up a local Apache environment" with Tomcat using XAMPP. Chapter 6 concludes with a recipe on "native SDK development considerations" with focus on available IDEs and build management tools.

As the author pointed out early in the chapter, this sixth chapter is, in general, a higher level of explanation than is commonly associated with recipes. Software development recipe books and cookbooks tend to be example-focused and tend to be heavy on code with explanations of that code snippet. Many of the recipes in this same book follow that pattern, but Chapter 6 is definitely more text than code.

Chapter 7

The seventh chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications returns to core Java EE coverage and focuses on deployment and configuration. This chapter is one of my favorites, which is not too surprising given that it includes Groovy and JMX in practical examples. The chapter starts with a JMX introduction and the statement, "The JMX recipes in this chapter are based on JDK 1.6 and VisualVM 1.3.3."

The first recipe of this chapter covers "how to implement application configuration with property files using the Contexts and Dependency Injection (CDI) APIs." The recipe looks at issues associated with using property files for application configuration and looks at how CDI can be used with properties to deal with some of these issues. Another recipe in the seventh chapter highlights advantages of using Groovy for configuration rather than properties files and provides an example using Groovy's ConfigSlurper in Java.

Chapter 7 contains four recipes focused on using JMX in conjunction with Tomcat and GlassFish with and without SSL. These recipes introduce JConsole and VisualVM (including debugging VisualVM connection issues) and demonstrate in detail how to use Tomcat and GlassFish with JMX on different operating systems. One recipe even introduces the Windows tool cacls.

One of Chapter 7's recipes focuses on JRebel and uses this in conjunction with IntelliJ IDEA IDE.

Chapter 8

The final chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications is on "performance and debugging" and is one of my other favorite chapters in the book. VisualVM is heavily covered again in recipes in this chapter, this time for profiling memory consumption in conjunction with the VisualGC VisualVM plugin and for remote profiling with jstatd.

The relatively well-known netstat tool gets covered in a Chapter 8 recipe. This recipe introduces the basics of processes and threads and contrasts the two and briefly summarizes socket states as preparation for the remainder of the recipe. The recipe concludes with coverage of other "netstat tools" NetStat Agent and TCPView.

Chapter 8 includes additional recipes that demonstrate "how to leverage TCPMon to debug TCP connections", demonstrate "how to install and configure Munin to monitor computer resources and a Tomcat application server," and demonstrate how to "leverage HTTP Debugger to trace client and server-based requests and responses."

Overall Impressions

As with all books, Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications has its pros and cons. As is also the case with most books, certain attributes of this book are pros to one reader and cons to a different reader. Given this, I'll cite things I liked and did not like about the book, but I understand that some of the things I like will not be to others' liking and some of the things I did not like might be welcome to other readers.

  • Not Your Typical Java EE Book - Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications is not the typical Java EE book. Although it does provide coverage of core new features of Java EE 6 in its early chapters, its focus is generally on use of tools and scripts to do exactly what the title describes: secure, tune, and extend Java EE-based enterprise applications. This is not the book one learns about the basics of EJBs, servlets, JavaServer Faces, JMS, or other Java EE technologies. In my opinion, this is a good thing and is what perhaps separates this book most from other Java EE 6 books.
  • Name Dropping - One of my favorite aspects of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications is its broad coverage of interesting and useful tools used in Enterprise Java development and production. This book does more than just drop the names. It provides summaries of what each tool offers and shows realistic and meaningful uses of that tool for improving the enterprise development experience. I tried to reference several of this book's referenced tools in this post to provide a flavor of its breadth of coverage of tools. The recipes each end with a list of references for additional information on the tools discussed in that recipe.
  • Use of Groovy - Although Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications features numerous tools and techniques, I think its coverage of Groovy is particularly well done and provides solid examples of how Groovy can improve the Java developer's ability to write scripts.
  • Different Operating Systems - I liked that this book generally focuses on solutions and tools that apply to many major operating systems and often provides specific details on use of a recipe on each of these different operating systems.
  • Lots of Pictures - In keeping with something I've come to expect in Packt Publishing books, this book continues the trend of featuring numerous screen snapshots to illustrate points.
  • Repetition - Several closely related recipes include similar or even identical text to one another. For the typical reader of a cookbook or recipe-oriented book, this is welcome because it can be distracting and even irritating to be referred to a separate recipe if one is only interested in how to accomplish a single recipe. I read the book from cover to cover rather than focusing on particular individual recipes as they interested me and so was more cognizant of the occasional repeated text.
  • Different Backgrounds - One of the challenges facing the author of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications must have been addressing his audience at the appropriate level. I think most chapters and recipes deliver well on this, providing enough information to introduce the reader to useful tools and approaches for working with Java EE applications and only relying only minimal knowledge of Java EE. The one exception to this is Chapter 2, which I feel assumes quite a bit of JPA-specific knowledge to be appreciated. The good news is that, in the tradition of recipe-oriented books, understanding of Chapter 2 is generally (with a few exceptions) not required for appreciating the other chapters. Chapters 7 and 8, on the other hand, might be as useful to Java EE developers as they are to Java EE developers.
  • Typos, Editing, and Formatting - I reviewed an electronic (PDF) version of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications and do not know if the printed version has the same typo and editing issues that I occasionally saw in the PDF version. At times, the PDF version of the book feels like it missed a final edit. In general, these are only slightly distracting and rarely provide any significant distraction.
The Target Audience

The "Who this book is for" section of the Preface of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications states, "This book is aimed at Java developers and programmers who want to secure, tune, and extend their Java EE applications." This articulates well the primary audience for this book, though I think that Java SE developers could benefit from several of the recipes and chapters in this book as well.

The "What you need for this book" section of the Preface also says of the book's audience, "The recipes in this book are of an intermediate to advance nature, so a good understanding of Java is required." The book definitely assumes basic familiarity with Java (SE and EE), but some recipes require this experience more than others.

Idea Generation

For me, the best thing about Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications is its introduction to a wide variety of topics, tools, and ideas. Even recipes that I might have no direct use for at this time provide value because they demonstrate use of tools for accomplishing various administrative tasks. I found myself thinking of related but different uses for some of the tools and approaches discussed in this book.

Related Links (External Sites)

The following are some other sources of information about the book Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications.

No comments: