Ice Penov

Hi there,

It's been a while since I posted this forum - which was a source of information for me during my certification (inform myself about procedures, links, books, etc...) - good job to the moderators of this forum!

Having recently passed the OCM:JEA exam, I want to express my views about this exam:

- First off, it is really a good exam. It is by far the most interesting and informative exam from all the others of the Java Certification Track (having passed most of them). The learning experience was fun, reading Mark Cade's book was a blast, it was like having a conversation full of 'mhm nods' with my head while I was reading it. Good job!

- I don't think that this certificate proves anything by itself (like you can solve every architectural dilemma). But it is a good addition, both on you and your resume. I've always viewed certification as an addition to your experience, but I'm kinda proud of this OCM architect certification

Back to my topic, my experience with this exam is the following: 'The way you explain your solution in the essay is more important than the solution itself' - and that I support 100%! My story with the exam was the following: I did the solution in 2-3 days trying to catch the mandatory course (I'll give you my view about that one later) and submitted on 23rd of August, in order to catch the August 27th with my essay.

The solution I submitted was simply put, not my best effort at all - in the real world, I would do things a bit more differently - but I understood the overall business requirement of this process, which is do as the examiners would do No matter the assignment you did, this rule applies to them all

So, even if I had partially disliked my solution (since I wanted to please my customers - the examiners), I had to defend it during the essay and I have to be convincing! This is for me, one of the main assets an architect can have in todays business world - and I believe this the examiners value the most! So, I took on greatest effort to tell what the examiners want to hear (security, security, security; past experienced, failed attempts, realization of failure..., NFRs, NFRs, NFRs) - and I believe the way you defend your solution is more important - that's why they are paired together for examination.

The above is very true for the business world, that's why I like it. As an architect you should be prepared to convince business people, communicate with technical people, take responsibility and, even sometimes put an angle of the best aspect of your (or someone else) architecture in order to make a sale. Now, take a look at all the bold items in the previous paragraph, not very technical are they? But it is the truth, and this is how things are developing in the business world. This is also what the exam covers, and I think that is very important and I believe they should focus even more points on that as well. After all a solution is just a solution (one of many ways a single thing can be done).

My feedback to the exam creators (if they are monitoring forums like this) - good job with this exam, in the future, make it more about the essay that about the solution and include the way you express yourself in the essay part of the scores (including phrasing, wording, etc...). I very much understand that it is difficult for many non-native speakers to express properly, so if possible, make the exam internationalized (I believe currently it is only in English?).

So, that's it from me, that's my feedback and my views - I hope it helps some of the future candidates and hopefully provide beneficial feedback to the exam creators, to make this certificate even more valuable!

Best Regards,
Ice

Originally posted by Cameron W. McKenzie:
I like J2EE Web Services:

Java Web Service Development for J2EE Applications

I'm reading this book right now. I think it is awesome ! Quick learning guide, with perfect examples that go throughout the book.

Highly recommended.

Peer, thanks for the detailed reply!

It was *very* helpful and just confirmed my views. Now I know that I'm probably 'thinking in the right way' and I feel kinda releived.

To cut the story short, I'm going 'the safe way' with Axis 1.x and using design approach and views similar to the ones you posted in your reply.

Thanks again,
Ice

Thanks for the response and the link to WSS4J, Ulf. Although I'm serious about security, I'm not paranoid about it . Maybe I'll incorporate it under certain situations.
[ October 21, 2006: Message edited by: Ice Penov ]

Hi, guys.

I'm working on a project that I'm trying to make it as scalable and interoparable as possible. I had no previous knowledge of Web Services(only conceptual knowledge) and after digging deeper into the topic, I realized that application of Web Services in my project would be very appropriate.

In shortage of time, I've tried to propel myself into this technology and get only the knowledge I need to apply it in my project. In the past few days, I read 3-4 chapters of the Java BluePrints book related to Web Services, that gave me an overview but nothing concrete( although the book as a read is great ).

Later on, someone told me that there are tools that will make my life easy and help me develop and deploy Web Services with ease. I downloaded Axis , configured it, read the manuals and starting plugging the business logic.

Today, I discovered that there is Axis2 and that it is completely different from Axis !

Before completely loosing my temper and kick something, please, for Gods sake, answer me this questions :

Can I use Axis(not Axis 2) without suffering performance loses and risking interoperability in the long term ?

Can someone briefly describe the conceptual differences between Axis and Axis 2 ?

Are there other tools that I should need to know about when working with Web Services ? I already have jUDDI.

Ladies and gentleman, Thank You in advance.

Glad I could help, Deepak.

Originally posted by Deepak Prasanna R:
Thanks a lot Ice

We are not in a position to migrate the Tomcat version.
The first time we click the servlet, am getting the session is not getting recognized. Second time if i click the same servlet, it gets recognized.
If i click any JSP links before the Servlet, then the Servlet is working fine on first click itself.

Can you please suggest a solution based on this.

Thanks & Regards
Deepak

Because you did not supplied enough information, i'll have to make assumptions:

1. You have cookies enabled
2. You have the following problem: Your session is created before you invoke the problematic servlet to join the pre-exising session. You do that by using HttpServletRequest.getSession(false) - to get only the pre-existing session, not to create a new one. So, if you're using getSession(), try using getSession(false) to detect whether the Container version has a problem with joining a pre-existing session. You'll get NullPointerException if the Container has failed to join the session and you try to use the session.

If you invoke any JSP it will automatically create a jsp session( by using the default value of the attribute in the page directive), so the next invoked servlet will already has a session to join. Try adding the following attribute session='false' to the page directive in your JSPs, and try invoking the servlet after you have invoked any of those JSPs with this session='false' attribute set. Tell us what you get.

When you're testing the application, keep track of the cookie : JSESSIONID, to see which session, where is created. If you don't now how to do it, you can use IE or Firefox menus to view cookies. That will shed some light about your problem.

In lack of information, I can advice you to try getSession(false) to only join a pre-existing session, keep track of when JSESSIONID cookie is created, and try to solve your problem. If you're still having problems, tell us what kind of errors/issues you got when you tried those things. That will help us greatly to properly diagnose your problem.

By far away, if you're doing things right( like creating and joining session the right way ), it seems a Container issue. Have you checked the docs for your Container version to see whether this what you're describing is a known issue ?

Ice

But the application works fine for JSP applications.

That is probably due to the fact that every JSP by default include an implicit session.

The same code was working fine in another Server. Only Tomcat has been upgraded from 3.x to 4.x

If the same code works well in another Servlet Container, but not in Tomcat, seems to me that Tomcat has a problem. You might wanna check the issues page of you specific version. Can you upgrade to the most recent version of Tomcat? It seems to me that the recent version doesn't has that kind of problems.

[QB}
Can you please suggest any possible solution for this scenario.
[/QB]

Upgrade your Servlet Container. If that's not possible, describe the problem in more detail so we can try and help you.

Ice

Yes, the request object is thread-safe. It is inherently in its nature. But the objects bound to the session can be potentially trouble spot. The only way( i think ) to screw a session is by opening multiple browser windows from the same client! In that situation, it is possible that multiple threads(from the same client) to access session state and to corrupt it. It is a non-likely scenario. But is can happen( most likely with IE, cause when you press ctrl+n, IE automatically creates request to the last visited page! Multiple ctrl+n will potentially create a problem).

Anyways, if you decide that's a risk you don't wanna take, couple of sollutions might come to mind :

1. Putting the service method synchronized(). Incredibly stupid sollution. That means that you'll permit one client to access your servlet at a time. It means only one thread, so your problem can be solved. But the price you'll pay is way to high.

2. Putting portions of the code, that uses the troubeling code, synchronized. That won't solve the problem, cause it will do nothing to prevent other threads to access the object. It will prevent the thread to lock the portion of the code, but it won't prevent other threads to use the troubeling object concurrently and inherently corrupt its state.

3. Whenever you use the troubeling object put a lock on the object itself. That would ensure that only one thread at a time is tamprering with session data.

Well, that how I see it. Everyone with hers/his oppinions is welcomed.

Ice
[ April 24, 2006: Message edited by: Ice Penov ]

Oh, I forgot.

No, you don't have to override init() or destroy() if you don't have needs to do it.

Gagan,

init() method is the way to put initialization code to your servlet. For example if you wanna open a DB connection or initialize any kind of code, init() is the place to do it.

On the other side, there is destroy() method that can UNDO everything you have done in init( close connections or similar ).

If you're a newcomer( I believe you are ), welcome to the servlet world.

I would recommend this free book for learning servlet. It is for the previous version of servlets, but it is a start. I would recommend to buy the second edition if you have the funds.

Happy Learning!

Satish,

thank you for your reply.

Yes, hidden fields would be also a solution, but the client will have access to my underlying mechanish easily( by pressing View Source of FF ). I never liked hidden form fields .

Of course, validating input at step 2 for valid inputs at step 1 . I always have a tendency for missing the most obvious sollutions! . Is it OK to put that checking code in the filter I already have?

That filter checks whether the client is in a valid session for ALL of my crucial session components ( by listening for all requests with /session/* pattern). I wanna do that to keep checking code out of my components, to keep it more clean with increased cohesiveness.

Once again,
Thank you

p.s., @Bear, what did you do to my post?

Hi, guys

In attempt to get more practice as possible, I created one web application and run into the following problem, that I hope one of you can help me solve it :


I created a web application that is heavily dependant of the steps involved in a particular session. For example :

|--Start-->Step 1: Entry point of the app, here I collect the basic info using a POST-->Step 2: Dependant of the info in the step 1, the user gets a new form and posts to the server-->Step 3: The server responds to the client based on the collected info.

Pretty simple and straightforward.

Now, I wanna make sure that the client cannot skip a step( by using the recorded history in the browser), so for example when he arrives at the application(Step 1) cannot skip that step by putting the URL of the second step. If that happens that client will get a malformed form and an HTTP 500 will be produced.

The session is created at step 1(when user arrives in the application) and is invalidated once he gets the results he requested(step 3).

Q1: How can I make sure that when a client request a particular resource(at step 2) that request is being made from step 1?

Cookies occurred to me at the first time(by setting some cokie flags an values when user completes one step), but cookie values can be faked and I don�t wanna mess the design by adding multiple cookie flags.

Also, the Referer HTTP Header comes to mind. I already have a filter that intercepts the request made to the crucial session components and check whether the request is from a client that has a valid session. I can make a check using �Referer� header and the getServletPath method and decide if the step N is invoked by step N-1. But, also, I know that the �Referer� header can be spoofed and that some browsers decide to filter it.

Making the links to the components not visible to the client would very much solve my problem in a clean way. For example, the client gets a same URL when he access any of the components will prevent the client for requesting a step prematurely. How can I do that? Is it possible for multiple component to have the same URL visible to the client(same url-patterns) ?!

Am I missing something obvious here ?!?

Guys, It would be great if someone tries to suggest a solution to this problem that has been eating me up for the last few hours.

Thank you in advance,
Ice
[ April 23, 2006: Message edited by: Bear Bibeault ]

Sudhir,

read this carefully :

http://www.coreservlets.com/Apache-Tomcat-Tutorial/

If you read it, and you still have deployment/compilation problems, then you're doing something wrong.

If that is the case, I have an advice for you : try again!

Glad I could help.

Ice