My wishlist for GlassFish

October 06, 2008

I received a response to my post about how to deploy a seam-gen project to GlassFish from the GlassFish Group Project Manager, John Clingan. He asked me to provide feedback on how to improve GlassFish. I drafted a message to him with several items, which I want to share publicly.

My first long standing wish has already been addressed by a recent announcement. In GlassFish V3, session data is now retained across a restart. It has always been an Achilles heel of Java EE that redeployments are disruptive to manual testing (let's face it, that's how most developers work). Hot deployment was a step forward, but ultimately preserving session data is what makes the deployment truly smooth. Good job and keep working on ways to make a redeployment or partial deployment transparent to the developer's process.

Here are my other "bones" I have with GlassFish:

  1. The JNDI MailSession in GlassFish does not support authentication over SMTP. In my opinion, this is a huge let down. With Gmail, and other providers, allowing their mail server to be used for free, it's the absolute easiest way for Java EE developers to setup JavaMail. GlassFish is all about easy, but alas, this task is not so since there is no support for authentication over SMTP.
  2. It's not possible to establish a database connection in the console that uses an empty password. While it may appear silly at first, know that embedded databases such a HSQLDB work out of the box with the username "sa" and a blank password, so it just causes an inconvenience.
  3. Developers have responded to my last post about GlassFish complaining that they cannot get the exploded EAR seam-gen project to work. There are two parts to this. First, perhaps there are some limitations with the exploded EAR in GlassFish. Second, I think it would go a long way for GlassFish developers to work with Seam developers to document how to customize a seam-gen application to deploy under GlassFish.
  4. asadmin is a great tool, but one of the things it lacks is a set of built-in Ant tasks that a developer can incorporate into their build. You may notice from the wiki page that I have to create an Ant macro that calls out to asadmin from the commandline. I think it would be worthwhile to make <asadmin> a bonafide target in Ant. Any other build tool you want to target would also be helpful, but at the end of the day, Ant is king.
  5. A fairly common task when you settle into an application server is to bring your own JPA provider. In fact, it's extremely common for newcomers to GlassFish to want to use Hibernate, specifically. But to use Hibernate requires customization since GlassFish uses TopLink Essentials (i.e., EclipseLink) as the default JPA provider. I'm not going to make the argument here that one is better than the other, but rather focus on the task of swapping between them. I feel that the administration console should provide a way to register a new provider and perhaps even know how to get the JARs (or perhaps you have to upload them as a zip file). Either way, you should not have to go into your GlassFish installation and start replacing JAR files because it's tedious and error prone.
  6. It would be nice to have a JDBC driver manager. This is another JAR I have to manually copy into glassfish/domains/$domain/lib/ext. Plus, I would get a dropdown of Driver implementations when creating a new JDBC connection pool.

By no means is this a comprehensive list, but just happens to be what has been on my mind lately. If I think of other ideas, I will likely follow up with another post. However, what I am really interested in is if you have suggestions for John and the GlassFish team. Feel free to post them in the comments.

UPDATE: I forgot to mention that I was impressed by how quickly Sun picked up on my initial post and was willing to ask for input. It shows that Sun (specifically the GlassFish team) is keeping a thumb on the pulse of the community, which I feel is critical part of having a successful and useful project.

UPDATE 2: I had forgotten to add my point about managing the JPA provider

UPDATE 3: The only limitation with GlassFish deploying an exploded EAR is that all EJB modules must be exploded. That means the jboss-seam.jar must be placed into the EAR as an exploded archive.

UPDATE 4: Added point about managing JDBC drivers.

Posted at 02:08 AM in Java | Permalink Icon Permalink

11 Comments from the Peanut Gallery

1 | Posted by John Clingan on October 06, 2008 at 10:30 AM EST

Thanks for the followup, and we're taking note of your feedback. Also, please note the pre-defined ant tasks available through asant: http://docs.sun.com/app/docs/doc/819-3662/6n5s9hmt5?a=view

John Clingan GlassFish Group Product Manager

2 | Posted by Peter Williams on October 06, 2008 at 11:35 AM EST

Re: #1 - authentication over SMTP(S) -- See http://forums.java.net/jive/message.jspa?messageID=283824#283824

Or can you be more specific on exactly what you want?

3 | Posted by Dan Allen on October 06, 2008 at 11:49 AM EST

@Peter, now that you have shown me that code, I recall the exact problem. It requires me to write Java code to inject the username and password into the transport at the time the message is sent. What doesn't work is to initiate a MailSession that has an Authenticator registered so that the client code doesn't not have to know these details. Specifically, this comes up when attempting to use Seam's mail support.

I found a blog entry that explains the details. I believe users of Roller bump into the same problem.

4 | Posted by Dan Allen on October 06, 2008 at 11:57 AM EST

@John, asant looks useful for creating and deploying packages, but what I am looking for is somewhere along the lines of what Ivy provides. You import functionality into your Ant build using Ant's tag and that gives you a new namespace with a collection of task elements. In the beginning, you could just start with perhaps.

If this feature is already available, I am not sure the documentation explains it right.

5 | Posted by Peter Williams on October 06, 2008 at 03:20 PM EST

That's true. JavaMail never reads passwords from properties and GlassFish mail resources (V2 and earlier) didn't enhance this in any way.

Mail resources are being rewritten for GlassFish V3 and authentication was already my list to support in some reasonable way. Thanks for blog references, we'll take those into account.

Some comments:

1A) It sounds like you want the mail session resource authenticated a single time and then shared between several sessions for sending email? Are you concerned with security for the authentication information stored in the resource file (and if so, what steps do you take to secure it?)

1B) Or are you asking for the mail sessions to somehow authenticated per client, but not by the client? Where do you want or expect the authentication to be performed in this case?

2) I looked up Seam's mail configuration information ( http://docs.jboss.org/seam/2.0.0.GA/reference/en/html/components.html#components.mail ) and while I don't think the JNDI setting will work, the explicit session parameters should work. Or are you saying even that doesn't work?

6 | Posted by Dan Allen on October 06, 2008 at 03:44 PM EST

@Peter What I am basically looking for is the same type of arrangement as with JNDI database connections. You pull a resource from JNDI so that the credentials do not appear in the code itself (to me, that is secure).

In this case, yes, the same credentials would be shared by all calls to that MailSession (perhaps because it is a blog sending notifications). This has long been supported in both JBoss and Tomcat. It works by initiating an Authenticator when the resource is bound and that Authenticator is then consulted at the point the mail is sent. Somewhere inside the application server needs to be code that looks like this:

authenticator = new Authenticator() {
    protected PasswordAuthentication getPasswordAuthentication() {
        return new PasswordAuthentication(
            getUsername(),
            getPassword());
    }
};
session = javax.mail.Session.getInstance(properties, authenticator);

Obviously, the authentication has to happen immediately prior to the send() call or else the mail server is going to reject the message (it has a short timeout).

As you have observed, the explicit session parameters certainly work to configure a mail session, but then the credentials are once again in the project (components.xml). We really need to get those credentials abstracted out into the application server configuration.

7 | Posted by vince on October 07, 2008 at 12:49 AM EST

There is a work-around for bone #2...

Use the string "()" to signify an empty string.

I think I have a hint for bone #3...

GF assumes that jar files in an exploded EAR file that contain EJB's are exploded... Last time I looked, one of the seam jars had EJBs in it, but the jar was not exploded. YMMV on this one.

I think there is also a hint for bone #4...

Read through the code in this file: http://hg.netbeans.org/main/file/6022c5d694f5/j2ee.sun.appsrv81/src/org/netbeans/modules/j2ee/sun/ide/j2ee/ant-deploy.xml

8 | Posted by Kem Elbrader on October 09, 2008 at 12:43 PM EST

We don't use seam-gen but do successfully directory deploy our projects on Glassfish. We use maven to build our seam projects and have it expand wars and ejbs during the build. If you'd like I can send you an example of what we're doing.

9 | Posted by Dan Allen on November 19, 2008 at 06:52 PM EST

@vince, the suggestion about exploding jboss-seam.jar did the trick! I just deployed an explode EAR Seam application to GlassFish for the first time!

10 | Posted by Peter Williams on August 18, 2009 at 03:18 PM EST

@Dan - Support for passwords in mail resources is committed to GlassFish V2.1.1 and will be in GlassFish V3 shortly. See https://glassfish.dev.java.net/issues/show_bug.cgi?id=5247

11 | Posted by Dan Allen on August 18, 2009 at 04:13 PM EST

Awesome! This is great news. I'll be sure to spread the word!