Everyones favourite example/educational J2EE application has been updated and improved. Under the 1.1.2 release, the Petstore now features: improved portability, a servlet-based sign-in/sign-out architecture, exception handling at all tiers, Japanese localization, new tools and documentation.
Read The New Java Pet Store Demo
It seems that they kicked out the security management of J2EE, and instead to use a poor login management so that
it reaches "PORTABLE".
I assume that you are refering to not using Form-based login mechanism for web-user management. The fact that the petstore application is more portable was a (good) side-effect, not the goal of this exercise.
Form-based login is used to authenticate a user with the application server. An app-server authenticated user potentially can have capabilities not intended for a casual web-user. Typically, anyone on Internet can create a web-user just by supplying an imagined username/password combination, and hence there is very little (verifiable) information to take a decision to grant serious capabilities to such a user. It probably is best left to the application to manage it as application data.
Form-based login is more suitable for users that are pre-created by an administrative action, for example, when a new employee joins an organization. So, form-based login is suitable for typical MIS applications, but not suitable for web-user management.
This rationale applies very well to the petstore application, and hence it does not use the Form-based login for web-user management. However, there is another application in the bundle, called petstoreadmin, to administer the petstore itself. This application uses the form-based login to authenticate users before they can use any functionality. Note that the admin user needs to be pre-created before this application can be used.
I am a newbie to J2EE programming and I am trying to learn from the petstore blueprints application. How do you guys learn such an application with lots of classes? Where do I start? Sorry for this dumb question!
While I don't want to throw the stone, I'll notice though that the guys writing PetStore demo don't seem to have a clue why JDBC contains a PreparedStatement interface after all .
They generate by hand SQL statements with values included all over the place, and while this is not efficient, it is also an invitation for disaster.
Of course they don't bother to check for escape problems.
Or just consider this SQL:
"SELECT ordernum.currval from " + DatabaseNames.ORDER_TABLE;
in order to get the generated primary key.
There is a vast collection of anti-patterns you can find in there, including process anti-patterns since it is clear from me that this type of coding didn't benefited from code reviews but rather benefited from copy and paste reuse, because the vast repetition of errors.
I guess you rushed into declaring this everyone's favourite .
For me it is a document of how high level architecture and concern generate tons of clumsy, bad, inflated code.
It is an anti-patterns collection.
Costin, you are right.PetStore has very beautiful diagrams but the implementation is very poor.I thought Sun is able to produce a better demo application for the "comunity", but is seems to me that all the PetStore versions are poor.
Maybe "TheServerSide"(The Middleware Company) should produce a demo application and offer it to Sun :).It would be nice to have from the "teachers" a complete example, not just very good articles.
Well, Ed Romana showed a well designed and coded
J2EE example "Computer Parts Shop" in his "Mastering EJB" book. I think that it will be very interesting if he includes another example in his second book which will use design patterns of Sun and fascinating Romana's code presentation. It would be very cool if it will comply with EJB 2.0 specification...
BTW: Why are Sun guys not using CMP in they PetStore?
Do you guys know where I can get a good J2EE demo which has good design patterns and excellent implementation?
Well, PetStore has a good design pattern, but its implementation is very poor.
Even from a design point of view you have a lot of anti-patterns, some of them proclaimed as patterns.
And as they say in XP, the design is in the code.
There's no such thing as good design but bad implementation.
So the quality of code speaks in the end about the quality of design.
Costin, can you please point out what you said anti-pattern
Paged List is an anti-pattern the way they put it.
BiModal data access is an anti-pattern the way they describe it.
Not using PreparedStatement the way it should be is an anti-pattern,
And I could go on, but I'm not going to have a discussion about these things (sorry if I may sound unpolite).
The fact is that the guys are especially paid to do this
job and you see how they did it.
So, my recommendation is that if you want a good source of this type of patterns you could read Floyd's work in-progress at this site and buy the book.
Other very good book already on the market is San Francisco Patterns.
But if you want to discuss specific issues about Pet Store they have a mail list especially for this purpose.
Where to get San Francisco pattern?
Do a search at amazon.com or shopping.yahoo.com (they have better prices usually)
You can read about it in a book, or you can adopt a production Java/XML-based framework like Oracle's Business Components for Java that implements all of the J2EE Blueprints design patterns for EJB developers (including avoiding the "antipatterns" by implementing these features correctly so no compromises are necessary).
The framework lets you build applications that
target the Sun-recommended architecture of
Session Beans that act as the facade for
business entities. You can either the J2EE
"Web Tier" or the "EJB Tier" depending on
your needs without code changes.
I'll be presenting a talk on this at JavaOne this year, on June 8th.
I am having trouble downloading this app. Anybody know any alternate location I can get this.
At this page:
exists a "continue" button.From here you must log in and you
can download it. If "ftp download" it's not working, try "HTTP download".