Besides EAR and EJB, what do I get from a Java EE app server that I don't get in a servlet container like Tomcat?
We use Tomcat to host our WAR based applications. We are servlet container compliant J2EE applications with the exception of org.apache.catalina.authenticator.SingleSignOn.
We are being asked to move to a commercial Java EE application server.
- The first downside to changing that I see is the cost. No matter what the charges for the application server, Tomcat is free.
- Second is the complexity. We don't use either EJB nor EAR features (of course not, we can't), and have not missed them.
What then are the benefits I'm not seeing?
What are the drawbacks that I haven't mentioned?
Mentioned were...
- JTA - Java Transaction API - We control transaction via database stored procedures.
- JPA - Java Persistence API - We use JDBC and again stored procedures to persist.
- JMS - Java Message Service - We use XML over HTTP for messaging.
This is good, please more!
Solution 1:
When we set out with the goal to Java EE 6 certify Apache Tomcat as Apache TomEE, here are some of the gaps we had to fill in order to finally pass the Java EE 6 TCK.
Not a complete list, but some highlights that might not be obvious even with the existing answers.
No TransactionManager
Transaction Management is definitely required for any certified server. In any web component (servlet, filter, listener, jsf managed bean) you should be able to get a UserTransaction
injected like so:
@Resource UserTransaction transaction;
You should be able use the javax.transaction.UserTransaction
to create transactions. All the resources you touch in the scope of that transaction should all be enrolled in that transaction. This includes, but is not limited to, the following objects:
javax.sql.DataSource
javax.persistence.EntityManager
javax.jms.ConnectionFactory
javax.jms.QueueConnectionFactory
javax.jms.TopicConnectionFactory
javax.ejb.TimerService
For example, if in a servlet you start a transaction then:
- Update the database
- Fire a JMS message to a topic or queue
- Create a Timer to do work at some later point
.. and then one of those things fails or you simply choose to call rollback()
on the UserTransaction
, then all of those things are undone.
No Connection Pooling
To be very clear there are two kinds of connection pooling:
- Transactionally aware connection pooling
- Non-Transactionally aware connection pooling
The Java EE specs do not strictly require connection pooling, however if you have connection pooling, it should be transaction aware or you will lose your transaction management.
What this means is basically:
- Everyone in the same transaction should have the same connection from the pool
- The connection should not be returned to the pool until the transaction completes (commit or rollback) regardless if someone called
close()
or any other method on theDataSource
.
A common library used in Tomcat for connection pooling is commons-dbcp. We wanted to also use this in TomEE, however it did not support transaction-aware connection pooling, so we actually added that functionality into commons-dbcp (yay, Apache) and it is there as of commons-dbc version 1.4.
Note, that adding commons-dbcp to Tomcat is still not enough to get transactional connection pooling. You still need the transaction manager and you still need the container to do the plumbing of registering connections with the TransactionManager
via Synchronization
objects.
In Java EE 7 there's talk of adding a standard way to encrypt DB passwords and package them with the application in a secure file or external storage. This will be one more feature that Tomcat will not support.
No Security Integration
WebServices security, JAX-RS SecurityContext, EJB security, JAAS login and JAAC are all security concepts that by default are not "hooked up" in Tomcat even if you individually add libraries like CXF, OpenEJB, etc.
These APIs are all of course suppose to work together in a Java EE server. There was quite a bit of work we had to do to get all these to cooperate and to do it on top of the Tomcat Realm
API so that people could use all the existing Tomcat Realm
implementations to drive their "Java EE" security. It's really still Tomcat security, it's just very well integrated.
JPA Integration
Yes, you can drop a JPA provider into a .war file and use it without Tomcat's help. With this approach you will not get:
-
@PersistenceUnit EntityManagerFactory
injection/lookup -
@PersistenceContext EntityManager
injection/lookup - An
EntityManager
hooked up to a transactional aware connection pool - JTA-Managed
EntityManager
support - Extended persistence contexts
JTA-Managed EntityManager
basically mean that two objects in the same transaction that wish to use an EntityManager
will both see the same EntityManager
and there is no need to explicitly pass the EntityManager
around. All this "passing" is done for you by the container.
How is this achieved? Simple, the EntityManager
you got from the container is a fake. It's a wrapper. When you use it, it looks in the current transaction for the real EntityManager
and delegates the call to that EntityManager
. This is the reason for the mysterious EntityManager.getDelegate()
method, so users can get the real EntityManager if they want and make use of any non-standard APIs. Do so with great care of course and never keep a reference to the delegate EntityManager
or you will have a serious memory leak. The delegate EntityManager
will normally be flushed, closed, cleaned up and discarded when a transaction completes. If you're still holding onto a reference, you will prevent garbage collection of that EntityManager
and possibly all the data it holds.
- It's always safe to hold a reference to a
EntityManager
you got from the container - Its not safe to hold a reference to
EntityManager.getDelegate()
- Be very careful holding a reference to an
EntityManager
you created yourself via anEntityManagerFactory
-- you are 100% responsible for its management.
CDI Integration
I don't want to over simplify CDI, but I find it is a little too big and many people have not take a serious look -- it's on the "someday" list for many people :) So here is just a couple highlights that I think a "web guy" would want to know about.
You know all the putting and getting you do in a typical webapp? Pulling things in and out of HttpSession
all day? Using String
for the key and continuously casting objects you get from the HttpSession
. You've probably go utility code to do that for you.
CDI has this utility code too, it's called @SessionScoped
. Any object annotated with @SessionScoped
gets put and tracked in the HttpSession
for you. You just request the object to be injected into your Servlet via @Inject FooObject
and the CDI container will track the "real" FooObject instance in the same way I described the transactional tracking of the EntitityManager
. Abracadabra, now you can delete a bunch of code :)
Doing any getAttribute
and setAttribute
on HttpServletRequest
? Well, you can delete that too with @RequestScoped
in the same way.
And of course there is @ApplicationScoped
to eliminate the getAttribute
and setAttribute
calls you might be doing on ServletContext
To make things even cooler, any object tracked like this can implement a @PostConstruct
which gets invoked when the bean gets created and a @PreDestroy
method to be notified when said "scope" is finished (the session is done, the request is over, the app is shutting down).
CDI can do a lot more, but that's enough to make anyone want to re-write an old webapp.
Some picky things
There are some things added in Java EE 6 that are in Tomcats wheelhouse that were not added. They don't require big explanations, but did account for a large chunk of the "filling in the gaps".
- Support for
@DataSourceDefinition
- Support for Global JNDI (
java:global
,java:app
,java:module
) - Enum injection via
@Resource MyEnum myEnum
and - Class injection via
@Resource Class myPluggableClass
and - Support for
@Resource(lookup="foo")
Minor points, but it can be incredibly useful to define DataSource
in the app in a portable way, share JNDI entries between webapps, and have the simple power to say "look this thing up and inject it"
Conclusion
As mentioned, not a complete list. No mention of EJB, JMS, JAX-RS, JAX-WS, JSF, Bean Validation and other useful things. But at least some idea of the things often overlooked when people talk about what Tomcat is and is not.
Also be aware that what you might have thought of as "Java EE" might not match the actual definition. With the Web Profile, Java EE has shrank. This was deliberately to address "Java EE is too heavy and I don't need all that".
If you cut EJB out of the Web Profile, here's what you have left:
- Java Servlets
- Java ServerPages (JSP)
- Java ServerFaces (JSF)
- Java Transaction API (JTA)
- Java Persistence API (JPA)
- Java Contexts and Dependency Injection (CDI)
- Bean Validation
It's a pretty darn useful stack.
Solution 2:
Unless you want EJB proper, you don't need a full stack J2EE server (commercial or not).
You can have most J2EE features (such as JTA, JPA, JMS, JSF) with no full stack J2EE server. The only benefit of a full stack j2ee is that the container will manage all these on your behalf declaratively. With the advent of EJB3, if you need container managed services, using one is a good thing.
You can also have no cost full stack server such as Glasfish, Geronimo or JBoss.
You can also run embedded j2ee container managed services with embedded Glasfish for example, right inside Tomcat.
You may want an EJB container if you want to use session beans, message beans, timer beans nicely managed for you, even with clustering and fail over.
I would suggest to the management to consider upgrades based on feature need. Some of these EJB containers might just well use embedded Tomcat as their webserver so what gives!
Some managers just like to pay for things. Ask them to consider a city shelter donation or just go for BEA.
Solution 3:
If you are being asked to move to a commercial J2EE server, the reasons may have nothing to do with the J2EE stack but with non-technical considerations.
One thing that you do get with a commercial J2EE offering that you don't get with Tomcat is technical support.
This may not be a consideration for you, depending on the service levels your web applications are supposed to meet. Can your applications be down while you try and figure out a problem with Tomcat, or will that be a major problem?
Solution 4:
Cost isn't necessarily a downside as there a few free J2EE servers, e.g. JBoss and Glassfish.
Your question assumes that (J2EE = Servlet + EJB + EAR) and therefore, there's no point in using anything more than a Servlet container if you're not using EJB or EAR. This is simply not the case, J2EE includes a lot more than this. Examples include:
- JTA - Java transaction API
- JPA - Java persistence API
- JMS - Java messaging specification
- JSF - technology for constructing user interfaces out of components
Cheers, Donal