Book Review: Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications

As I described in an earlier post, Packt Publishing invited me to review the book Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications. In this post, I provide a review of the strengths and weaknesses of this book along with an idea of the type of person who would gain the most from reading this book. Before doing that, I summarize the recipes covered in each chapter.

Chapter 1

The first chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications covers portions of the Java EE specification that are changing names or being removed from the Java EE specification altogether before moving onto brief introductions of new things being added to the Java EE specification. The chapter covers the "pruning" of "old APIs" such as JAX-RPC (renamed JAX-WS), JAXR, entity EJB (replaced by JPA), JSR 77, and JSR 88.

New Java EE 6 features introduced briefly in this first chapter include JSR 175 and JSR 250 annotations, JSR 299 and JSR 330 Context Dependency Injection (CDI), EJB 3.1, Java Persistence API 2.0, JAX-RS 1.1, Servlet 3.0, JavaServer Faces 2.0, Bean Validation 1.0, and Profiles.

Chapter 2

The second chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications provides more detailed coverage of JPA 2.0 introduced in the initial chapter. The chapter begins with more coverage of @CollectionTable and includes a couple recipes with quite a bit of code to demonstrate new JPA 2.0 functionality.

This second chapter also discusses profiling with JPA 2.0 and provides recipes using YourKit and IntelliJ IDE. This was probably my least favorite chapter in the book.

Chapter 3

Chapter 3 of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications is on "Security" and begins with an introduction of basic security-related terminology. The chapter also introduces GlassFish and Tomcat before covering authentication with Java EE. The chapter then moves onto authorization and specifying security settings via annotations. Significant attention is aid in this chapter to signing Java JARs before inclusion of a recipe on configuring Linux firewalls used with Tomcat.

The third chapter concludes with recipes on obfuscating and minimizing Java compiled code. I really like the example Groovy/Gradle script and equivalent Ant XML that show how to create an obfuscated JAR using yGuard. Another recipe demonstrates use of Yahoo's YUI Compressor to minimize JavaScript and CSS code size.

Chapter 4

Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications's fourth chapter is on "Enterprise Testing Strategies," a topic that can be a little tricky at times. The first recipe in this chapter demonstrates "how to attach a remote debugger process to a Maven build running outside of the IDE." This is another recipe that features Gradle in part of its example.

Another recipe in Chapter 4 examines use of DBUnit and JUnit with Enterprise Java applications. Each tool is introduced and I like the simple graphic that cleanly articulates the JUnit lifecycle.

The fourth chapter's examples build on examples introduced in the second chapter. The author starts by covering static imports of JUnit and Hamcrest classes.

Another recipe of Chapter 4 focuses on mocking and highlights use of Mockito and PowerMock. For the recipe on "testing HTTP endpoints," Selenium is the tool of choice. soapUI is used for the recipe on testing web services (JAX-WS and JAX-RS). The final recipe of the chapter builds on this and provides another great example of using Groovy in the development process.

Chapter 5

The fifth chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications is on "Extending Enterprise Applications" and talks about use of Groovy, Jython, Scala, AspectJ, and "two standard Java EE 6 extensions" (CDI Decorators and Interceptors) with enterprise Java.

The recipe in this chapter on Groovy explains the scope of coverage: "we will not cover all the inner-workings of the Groovy language and all the benefits from this JVM language, but we will cover how to integrate Groovy into a new or existing Enterprise Application and how to use Groovy for unit testing." The Groovy recipe introduces GMaven and shows use of Groovy with Maven, Ant, and unit testing Java applications.

A recipe in Chapter 6 centered on Jython demonstrates "using Jython to create a Java Servlet and access Java classes from within the Jython script dynamically." The recipe focused on Scala, like the recipes in the same chapter on Groovy and Jython, starts with use of Maven. The recipe on Scala demonstrates using Scala for Java unit testing.

The recipe "Weaving AspectJ advice into Enterprise Applications" begins with descriptions of key aspect-oriented programming terms such as aspects, cross-cutting concerns, advice, pointcut, weaving, and joinpoint. This recipe briefly shows how to use AspectJ at compilation time. The next recipe, "Weaving AspectJ advice into existing libraries," demonstrates using AspectJ with pre-existing libraries and further discusses the AspectJ compiler (ajc).

The recipe "Adding advice with CDI Decorators" starts with discussion of interceptors in general before focusing on CDI decorators specifically. The recipe contrasts the common differentiating attributes of decorators versus interceptors: decorators implement business logic and intercept specific business methods while interceptors are more general and address cross-cutting concerns rather than implement specific business logic. CDI interceptors are the focus of the final recipe of the fifth chapter. Both CDI-related recipes of the fifth chapter include examples using JBoss's JSR 299 implementation (Weld).

Chapter 6

Chapter 6 of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications covers "recipes that touch on the issues, considerations, and options related to extending enterprise development efforts into mobile application development," but also starts with an important caveat: "With the mobile device and tool landscape changing daily, it will be difficult to cover certain specific implementations, but we can cover many of the options available and considerations that can be assessed when integrating mobile applications into an enterprise project."

As advertised, the sixth chapter provides an overview of considerations to be made in the mobile space and lists examples of and pros and cons of using "mobile-web framework projects", "native code generators", and "native web runtimes." The chapter then moves onto discussion of considerations to be made related to native mobile application development with focus on development, deployment, and distribution with Apple and Android.

Two recipes of the sixth chapter list some tools for mobile device application design and testing and there is an extensive recipe on "setting up a local Apache environment" with Tomcat using XAMPP. Chapter 6 concludes with a recipe on "native SDK development considerations" with focus on available IDEs and build management tools.

As the author pointed out early in the chapter, this sixth chapter is, in general, a higher level of explanation than is commonly associated with recipes. Software development recipe books and cookbooks tend to be example-focused and tend to be heavy on code with explanations of that code snippet. Many of the recipes in this same book follow that pattern, but Chapter 6 is definitely more text than code.

Chapter 7

The seventh chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications returns to core Java EE coverage and focuses on deployment and configuration. This chapter is one of my favorites, which is not too surprising given that it includes Groovy and JMX in practical examples. The chapter starts with a JMX introduction and the statement, "The JMX recipes in this chapter are based on JDK 1.6 and VisualVM 1.3.3."

The first recipe of this chapter covers "how to implement application configuration with property files using the Contexts and Dependency Injection (CDI) APIs." The recipe looks at issues associated with using property files for application configuration and looks at how CDI can be used with properties to deal with some of these issues. Another recipe in the seventh chapter highlights advantages of using Groovy for configuration rather than properties files and provides an example using Groovy's ConfigSlurper in Java.

Chapter 7 contains four recipes focused on using JMX in conjunction with Tomcat and GlassFish with and without SSL. These recipes introduce JConsole and VisualVM (including debugging VisualVM connection issues) and demonstrate in detail how to use Tomcat and GlassFish with JMX on different operating systems. One recipe even introduces the Windows tool cacls.

One of Chapter 7's recipes focuses on JRebel and uses this in conjunction with IntelliJ IDEA IDE.

Chapter 8

The final chapter of Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications is on "performance and debugging" and is one of my other favorite chapters in the book. VisualVM is heavily covered again in recipes in this chapter, this time for profiling memory consumption in conjunction with the VisualGC VisualVM plugin and for remote profiling with jstatd.

The relatively well-known netstat tool gets covered in a Chapter 8 recipe. This recipe introduces the basics of processes and threads and contrasts the two and briefly summarizes socket states as preparation for the remainder of the recipe. The recipe concludes with coverage of other "netstat tools" NetStat Agent and TCPView.

Chapter 8 includes additional recipes that demonstrate "how to leverage TCPMon to debug TCP connections", demonstrate "how to install and configure Munin to monitor computer resources and a Tomcat application server," and demonstrate how to "leverage HTTP Debugger to trace client and server-based requests and responses."

Overall Impressions

As with all books, Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications has its pros and cons. As is also the case with most books, certain attributes of this book are pros to one reader and cons to a different reader. Given this, I'll cite things I liked and did not like about the book, but I understand that some of the things I like will not be to others' liking and some of the things I did not like might be welcome to other readers.

1 2 Page 1
Page 1 of 2