Click here to close now.


Java IoT Authors: Pat Romanski, Liz McMillan, Elizabeth White, Automic Blog, Betty Zakheim

Related Topics: Java IoT

Java IoT: Article

SOA Solutions with J2EE

Using different technical and functional requirements

Throughout this article I'll describe how an effective service-oriented architecture (SOA) can be achieved using J2EE technologies. In particular, I'll focus on which J2EE component types and communication channels to choose according to specific, real-world situations.

Description of the Example System
To illustrate an SOA system made of J2EE technologies, nothing is better than a good old example. Figure 1 depicts the main situations that can arise in a realistic SOA system. A component stereotype indicates the type of client or service; a dependency stereotype indicates the communication type, either as a technology (such as Web services) or as a protocol (such as CORBA IIOP); and a no dependency stereotype indicates RMI communication.

The system allows client systems to process an order (service OrderWorkflow), manage customers (service Customer), and produce reports (service Reporting). The OrderWorkflow service checks product availability and retrieves product details (service Product), creates a new customer if needed (service Customer), and orders the selected products (service Order). The Order service persists the order (service OrderData), manages the payment (service Payment), and triggers some process in a legacy system (service BackOfficeOrder).

Service Layers
Services differ according to multiple criteria. Whether the service is business oriented, public or private, or stateful or stateless dictates what layer the service is in and ultimately how it is implemented and what interfaces it exposes.

Top-layer services such as OrderWorkflow are coarse-grained business services, often stateful, that depend on one or more finer-grained stateless business services. Bottom-layer services are fine grained and data oriented, not business oriented.

Services are also separated into public and private services. Public services are services that are available outside of the system, and possibly outside of the organization. They are typically services that have a business meaning. Private services have no business meaning; they exist to support business services and there's no point in making them available to other systems. In Figure 1, public services are colored in blue and private services are not colored.

Although the number of layers of an SOA system is arbitrary, we can categorize them and associate usual J2EE component types to them as shown in Table 1.

Service Communication Interfaces
In SOA systems, service interfaces are even more important than service implementations, because interoperability essentially depends on the communication technologies supported by the service interfaces. Remember one of the founding principles of service architecture: the service implementation is separated from the service interface(s).

To continue this discussion, we'll distinguish between "internal" and "external" clients. A client is internal if the organization controls the network path between the client and the service. In all other cases the client is external. This distinction is driven by the fact that firewalls might be located between the external client and the service, and no assumption can be made on which ports the firewall keeps open and which protocols the firewall lets pass, except that it allows text over HTTP. In particular, this is true if the client component is located on the Internet.

The major condition to decide on in a service interface technology is whether the service clients are internal or not. In Figure 1, external clients are red and internal clients are green. ExternalMainClient uses the Internet. As mentioned earlier, this causes severe restrictions as to which ports and protocols are available for communication. For example, communicating in RMI or IIOP is not realistic, since most firewalls will not let these protocols go through. In such a situation, only text-based protocols over HTTP (or HTTPS) should be considered.

Web services, a standardized technology that leverages the convenience of XML as text over HTTP, is the best technology available, provided that the client platform supports Web services. The .NET client from our example understands Web services. If it were not the case, we would have had to downgrade the communication to, for example, plain XML text over HTTP, with custom XML generation and parsing on the client side.

Now let's have a look at internal clients. OrderClient is a J2EE application client using RMI to communicate with OrderWorkflow. Why RMI and not Web services? Isn't Web services the most cool technology that every supporting platform should use when possible? Well, no. Using Web services between "internal" J2EE components has a heavy performance toll. Performance, which is a critical factor for most systems, is much more favorable to RMI than to Web services. It must be noted that Web services still has opportunities for significant optimizations, but current Web services implementations are notoriously slower than RMI.

The golden rule is: if a J2EE service only has internal J2EE or Java clients, stick to RMI, but if you can't make this assumption, consider Web services.This rule can be understood with a bit of logic: the closer the interface technology is to the implementation technology, the less work that has to be done to translate between the two. For example, XML, which Web services messages are made of, is farther from Java than RMI is. The gap between XML types and Java types is wider than the gap between CORBA IIOP types and Java types, which in turn is wider than the gap between RMI types and Java types. To generalize this rule, we can say that the more interoperable a technology is, the slower it tends to be. Although technology implementations can provide exceptions to this rule, the rule remains true in the vast majority of cases.

Each situation requires a decision based on the trade-off between interoperability and performance.

Fortunately, interoperability and performance benefits can be combined thanks to the fact that a service can have more than one interface. OrderWorkflow is a good example. While its implementation of the application logic is developed only once, the service presents two different interfaces: one RMI and one Web services.

Moreover, with the right tools, service interfaces can be generated automatically from one another. For example, a tool such as Castor XML or a JAXB implementation can generate Java classes from the XML Schemas. The RMI interface is thus generated with minimal hand coding. Enabling Web services as EJB endpoints is also a good alternative.

Figure 2 focuses on the OrderWorkflow service to illustrate how a single service is accessed through two communication channels. ExternalMainClient accesses the service through its Web services interface, which in terms of J2EE component types is a Web application resource (WAR). Upon receiving a Web services request, the WAR makes an ordinary Java method call to the business delegate located in the JAR, which in turn makes an RMI call to the EJB.

In contrast, the local OrderClient J2EE client directly calls the delegate without going through the WAR. The service business logic is located in the EJB-JAR component, and the WAR implements a Web services interface layer above the ordinary business delegate. Both interfaces share exactly the same business logic. This design pattern ensures a multiple-communication-channel SOA as well as the scalability, distributability, and other capabilities provided by the EJB technology.

The marketing application is a C legacy application that calls the reporting component to present statistical data to the user. Marketing is an internal client, but does not support RMI. CORBA is an effective and mature distributed architecture available to both C and J2EE platforms. Again, the reason for choosing CORBA over Web services is the performance. As a general rule, internal components should not communicate through Web services unless some other capability of Web services, such as the UDDI publish-discover mechanism, for example, is a deciding factor.

More Stories By Bruno Collet

Bruno Collet is a seasoned J2EE architect with five years of experience. He recently founded Studio 184 (, where he is developing the ApolloNews news aggregator. Bruno holds a masters in computer science from ULB (Belgium), as well as several industry certifications (

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

@ThingsExpo Stories
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, wil...
PubNub has announced the release of BLOCKS, a set of customizable microservices that give developers a simple way to add code and deploy features for realtime apps.PubNub BLOCKS executes business logic directly on the data streaming through PubNub’s network without splitting it off to an intermediary server controlled by the customer. This revolutionary approach streamlines app development, reduces endpoint-to-endpoint latency, and allows apps to better leverage the enormous scalability of PubNub’s Data Stream Network.
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Ben Perlmutter, a Sales Engineer with IBM Cloudant, demonstrated techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, faster user experience, both offline and online. The focus of this talk was on IBM Cloudant, Apache CouchDB, and ...
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, explored the IoT cloud-based platform technologies driving this change including privacy controls, data transparency and integration of real time context with p...
I recently attended and was a speaker at the 4th International Internet of @ThingsExpo at the Santa Clara Convention Center. I also had the opportunity to attend this event last year and I wrote a blog from that show talking about how the “Enterprise Impact of IoT” was a key theme of last year’s show. I was curious to see if the same theme would still resonate 365 days later and what, if any, changes I would see in the content presented.
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical to maintaining positive ROI. Raxak Protect is an automated security compliance SaaS platform and ma...
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data shows "less than 10 percent of IoT developers are making enough to support a reasonably sized team....
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
DevOps is about increasing efficiency, but nothing is more inefficient than building the same application twice. However, this is a routine occurrence with enterprise applications that need both a rich desktop web interface and strong mobile support. With recent technological advances from Isomorphic Software and others, rich desktop and tuned mobile experiences can now be created with a single codebase – without compromising functionality, performance or usability. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, demonstrated examples of com...
As organizations realize the scope of the Internet of Things, gaining key insights from Big Data, through the use of advanced analytics, becomes crucial. However, IoT also creates the need for petabyte scale storage of data from millions of devices. A new type of Storage is required which seamlessly integrates robust data analytics with massive scale. These storage systems will act as “smart systems” provide in-place analytics that speed discovery and enable businesses to quickly derive meaningful and actionable insights. In his session at @ThingsExpo, Paul Turner, Chief Marketing Officer at...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
The Internet of Everything is re-shaping technology trends–moving away from “request/response” architecture to an “always-on” Streaming Web where data is in constant motion and secure, reliable communication is an absolute necessity. As more and more THINGS go online, the challenges that developers will need to address will only increase exponentially. In his session at @ThingsExpo, Todd Greene, Founder & CEO of PubNub, exploreed the current state of IoT connectivity and review key trends and technology requirements that will drive the Internet of Things from hype to reality.
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessions, I wanted to share some of my observations on emerging trends. As cyber security serves as a fou...
We all know that data growth is exploding and storage budgets are shrinking. Instead of showing you charts on about how much data there is, in his General Session at 17th Cloud Expo, Scott Cleland, Senior Director of Product Marketing at HGST, showed how to capture all of your data in one place. After you have your data under control, you can then analyze it in one place, saving time and resources.
With all the incredible momentum behind the Internet of Things (IoT) industry, it is easy to forget that not a single CEO wakes up and wonders if “my IoT is broken.” What they wonder is if they are making the right decisions to do all they can to increase revenue, decrease costs, and improve customer experience – effectively the same challenges they have always had in growing their business. The exciting thing about the IoT industry is now these decisions can be better, faster, and smarter. Now all corporate assets – people, objects, and spaces – can share information about themselves and thei...
The cloud. Like a comic book superhero, there seems to be no problem it can’t fix or cost it can’t slash. Yet making the transition is not always easy and production environments are still largely on premise. Taking some practical and sensible steps to reduce risk can also help provide a basis for a successful cloud transition. A plethora of surveys from the likes of IDG and Gartner show that more than 70 percent of enterprises have deployed at least one or more cloud application or workload. Yet a closer inspection at the data reveals less than half of these cloud projects involve production...
Continuous processes around the development and deployment of applications are both impacted by -- and a benefit to -- the Internet of Things trend. To help better understand the relationship between DevOps and a plethora of new end-devices and data please welcome Gary Gruver, consultant, author and a former IT executive who has led many large-scale IT transformation projects, and John Jeremiah, Technology Evangelist at Hewlett Packard Enterprise (HPE), on Twitter at @j_jeremiah. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true change and transformation possible.
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.