My 2nd edition of RESTful Java is out! RESTful Java with JAX-RS 2.0 covers the spec additions to JAX-RS 2.0 including 3 new chapters:
- JAX-RS 2.0 Client API
- Asynchronous Client and Server APIs
- Filters and Interceptors
The book has also been revised here and there to cover some of the smaller features that were added to JAX-RS 2.0 like ParamConverters, Link, an the extensions added to UriBuilder. The workbook examples and chapters have been revised and expanded to cover this new content as well, so you really get 6 new chapters in total. Many thanks to Fernando Nasser, Melanie Yarborough, Meghan Blanchette, Meghan Connolly, and Charlie Roumeliotis for making this happen. I’d also like to thank the JAX-RS 2.0 JSR Expert Group, especially Marek Potociar, Santiago Pericas-Geertsen, and Sergey Beryozkin.
Bill the Plumber 
Nov 17, 2013 @ 00:05:23
I purchased the book a day after it hit the shelves! So far, I like it. However, I think a critical piece of information is missing from the security chapter, without which, annotation-based security WILL NOT work. Surprisingly, not a single book or user guide that I read, mentions this important piece of information.
When using annotation-based security, web.xml is not optional; quite the contrary, element must be present; the web container checks for security before JAX-RS does and without a , the proper security context is not set. Thus when JAX-RS invokes isUserInRole(role), it always returns false.
In addition, either element(s) in web.xml or @DeclareRoles annotation must be present.
Nov 17, 2013 @ 00:07:25
Seems like the xml elements were stripped out. “security-constraint” and “security-role” were used.
Nov 18, 2013 @ 15:37:23
The reason is that EJBs nor JAX-RS have metadata specifically for authentication. It must be set up at the servlet layer as the HTTP engine needs to know what authentication mechanism to use. Otherwise, how would the EJB or JAX-RS layer automatically know this? Answer, they wouldn’t…
Nov 18, 2013 @ 17:36:27
My thought was that if they let an EJB to be exposed as a REST resource, it is only fair that the EJB could have it’s own security annotations without having to worry about a Servlet engine being present in front of it. There’s a JIRA for it https://java.net/jira/browse/JAX_RS_SPEC-304.
Nov 17, 2013 @ 04:26:29
Bill, is it possible to expose an EJB as a JAX-RS resource and still have role-based security through ejb-jar.xml?
Nov 26, 2013 @ 00:24:21
Bought the book and so far I’m happy with what I’m learning, thanks.
Bill, I’ve tried to download the code from https://github.com/oreillymedia/restful_java_jax-rs_2_0 but it looks like the ZIP file is corrupted. Any other place I could get the code examples from the Book ?
Nov 26, 2013 @ 13:36:39
http://sourceforge.net/projects/resteasy/files/Resteasy%20JAX-RS/3.0.5.Final/
Its always available in the latest Resteasy download. Book talks about how to download it.
Jan 25, 2014 @ 19:04:20
As a novice Java web developer (having spent a bit of time in python / django land) I’ve just had a read of the book in order to clear up my confusion around AsyncResponse. I was quite surprised to see the examples under “AsyncResponse API” look very similar to the code you took such issue with on the jax-rs-spec mailing list. (https://java.net/projects/jax-rs-spec/lists/users/archive/2012-08/message/36)
I’m trying to figure out what the best way to execute long running tasks within the context of a JAX-RS application is. Almost every example I have seen involves creating a separate thread within the resource method. e.g. https://jersey.java.net/documentation/latest/async.html
In the jax-rs-spec thread Marek points out that a request can be executed by exactly the same thread that received the client connection and so it makes sense to hand off to another thread. So say we have a limited connection thread pool of 4 threads, it would make sense to execute long running tasks on separate threads.
You appear to be saying that a thread is a thread however and that you’d be better off increasing the containers thread pool size and just executing a long running operation on one of those threads. (I’m probably quite wide of the mark here, but I’m stating it so I can be corrected!)
In the former case we seem to waste a lot of time spinning up threads to execute requests. In the latter (and again, apologies, my assumptions are likely incorrect) we leave ourselves vulnerable to a situation where long running requests saturate our connection threadpool.
Ideally I’d like to be able to put all long running requests (along with their corresponding AsyncResponse objects) onto a queue which is consumed by threads in a separate user configurable pool. This seems to avoid the saturation situation without spinning up threads in a high load situation. I’m looking into how to implement this.
Am I making any sense whatsoever? I’ll continue to ponder it once I’ve had a look at your Geothermal HVAC posts. By coincidence I’m just investigating such a system for our new home!
Presuming you’ve got this far, thanks for taking the time to read!
Jan 25, 2014 @ 19:58:25
I should amend that post slightly: “I’m trying to figure out what the best way to execute longish running tasks requiring a response within the context of a JAX-RS application is.”
Jan 26, 2014 @ 20:38:32
BTW, I’m using 3x electricity I did compared to last year during the Polar Vortex sub-zero temperature months this winter. Still more than half of what I paid in oil the previous year.
Jan 26, 2014 @ 19:01:35
Sorry for the spam, I should write that I’ve settled on injecting a singleton ExecutorService to my resource which I can configure to my hearts content. Let me know if this is crazy though!
Jan 26, 2014 @ 20:34:14
This is the way I suggest in my book. Obtain an ExecutorService, and use AsyncRequest. Queue the AsyncRequest then you can limit the amount of long-running requests.
Jan 27, 2014 @ 00:39:30
Ah! Great, thanks. Glad to see I’m doing it sensibly.
W.r.t. the HVAC, a big concern of mine was fossil fuel inflation. The recent gas boom in the States has mitigated that quite significantly and electricity supply costs are probably out-accelerating in here in Ireland. Taking into account the capital expenditure on a new build Its a real conundrum. Thanks for sharing your own experiences!
Jan 27, 2014 @ 00:50:37
I didn’t have a natural gas option and in the US, alternative energy is highly subsidized (30% tax credit). Another thing is, I have the further option of reducing my full utility costs by adding solar panels. I wouldn’t have that option with gas/oil.