I wonder what happens with the injected EJB-Proxy, when the SessionScoped CDI bean was passivated and then activated. Is there a null ref? Or is the EJB "reinjected"? Thanks for clarification.
Section 6.6.3. (Passivation capable dependencies) of CDI spec states that the container guarantees Stateless beans are Passivation capable whether you declare your stateless bean serializable or not.
Section 6.6.5 of the specs states that an error occurs at deployment if a passivating scope ('#SessionScoped' for example) declares a dependency to a non-passivation capable dependency.
How the container handles the reactivation is implementation dependent. It can make the stateless bean serializable, or the proxy serializable and the reference to the bean, when the proxy is deserialized is updated.
Adding to the answer of maress; since a Stateless bean is for the client in fact stateless, the container does not necessarily have to serialize anything for it.
Every other call to a stateless bean can go to a different bean instance anyway, or every other call can cause a new bean instance to be created (which is the default behavior in WildFly 8 if I'm not mistaken).
As maress mentioned, technically the proxy can be made serializable, but the proxy typically does little more than fetch the actual bean* from a systemwide pool (which can be of zero size) and delegate all method calls to that.
*) As a technical detail; the proxy may not call the actual bean directly, but call into an interceptor chain before the actual-actual bean is called
Related
I have three questions
Generally, a bean is just a Pojo that is managed by a container (like Ejb container or CDI container), right? As for when a bean is considered an EJB is quite clear. You will have something like #Stateless or #Stateful. But I don't understand fully when a bean is considered CDI bean. Defining the scope (e.g. #RequestScope) is an indication but what about other classes? In short, when I create and write my own classes, how can I make them CDI bean instead of make them plain Java classes? The only thing I have found about this is https://docs.oracle.com/javaee/6/tutorial/doc/gjfzi.html
Related to above, in this tutorial
https://dzone.com/articles/cdi-and-the-produces-annotation-for-factory
in step 4 says that "CDI does not know how to inject the SpecialLogger object", because of LogConfiguration, so why LogConfiguration is not considered a CDI bean and cannot be injected, and needed to create a producer method ?
I don't understand when we use a producer method, in this example we use it to create a SpecialLogger object but why, we shouldn't just inject SpecialLogger?
Firstly, EJB and CDI are two different specifications with different limitations and goals. Later on in Java/Jakarta EE evolution, CDI created a bridge between the two where it considers all EJB beans to also be CDI beans (the internals of which are more complex and I won't go into now) but otherwise they are still different specs so don't conflate them.
In CDI, beans can be either managed beans or producer methods/fields. Managed beans are typically a java class which can (or in some cases must) have certain annotations to be picked up as a bean. There are some limitations as to how a managed bean looks. See this section of specification (CDI 4, Jakarta EE 10) for further information. Producer methods/fields are a way to declare a bean while also providing an instance of the bean yourself instead of letting CDI create it. In both cases, CDI then manages the bean for its lifecycle, which is typically controlled by the scope of the bean (i.e. #RequestScoped).
However, that's not all there is to it. You mentioned discovery and that's part of the process. There are three discovery modes - none, all, annotated - which can be declared in beans.xml. These control which beans will be found and if they need any kind of annotation to be recognized as beans. none simply means no beans, all means that all classes will be picked up as potential beans, even without annotations. And lastly, annotated will only pick up beans that have a so called bean defining annotation. These include scope annotations, stereotypes, and interceptor annotation. See this part of spec (CDI 4).
Note that prior to CDI 4, default discovery mode was all. With CDI 4 and onwards, it is annotated!
To your second question - SpecialLogger has no no-args constructor and has one constructor with parameters (LogConfiguration) and this constructor isn't annotated with #Inject. Therefore, CDI doesn't know how to create an instance of this object. Note that annotating the constructor with #Inject effectively tells CDI that all of its parameters are also CDI beans that it should know how to instantiate which is not going to be the case in this example.
This brings me to your last question. A producer is typically useful for when it isn't easy or even possible to have an instance of the class created automatically by CDI, but there is still value in handling the instance as a CDI bean. Once you define a producer for SpecialLogger, you can then normally #Inject SpecialLogger in your code. In the end, user won't know if their bean is a product of CDI class instantiation or a producer method. Since bean types of producer method are governed by transitive closure on method's return type, you can also choose to return one of several subclasses based on some config options etc. Overall, it gives you more control over how to create and initialize an object before you hand it over to CDI but at the cost of not having this object injected (since it is you who creates it and not CDI).
We're using CDI in our application (NOT EJB). We have a resources layer, a business beans layer and a database handler beans layer. All those beans are #RequestScoped. Right now the resource injects a business bean which in turn injects all dbhandler beans it requires. Since this is CDI and there is no object pooling (at least from what I know) is there a way to decide which beans get injected (and thus created) depending on the method called? For example, I have 2 business bean methods. Method1 uses DAOBean1 and Method2 uses DAOBean1 AND DAOBean2. Right now, even if I only want to use Method1, the business bean will inject both DAO beans. Is there a way to filter injected beans according to the method call? This is important because we have a bean that creates a datasource connection on its #PostConstruct but not all bean methods query the database which means that we create redundant connections when using the bean for non db related methods.
It seems there is no way to have different beans injected according to the method called. Since injections are resolves during the bean creation, the container cannot know which function is going to be called and can't hold on to the injection until we decide. To solve this we either use Programmatic Bean Lookup (using the BeanManager class) to access in-context beans or we can access them through the Instance<T> interface. If we use the Instance interface, we must be careful to not have memory leaks. Why is that? Because every bean injected that way gains the scope #Dependent which means it will be released when the injector class itself is destroyed. If the injector class's scope is for example #ApplicationScoped the bean itself will never be released thus creating a memory leak. In cases like those we use the Instance interface's method called `destroy(myBean).
Example:
#ApplicationScoped
public class MyClass {
#Inject
Instance<MyBean> myBeanInstance;
public void myMethod() {
//...
MyBean bean = myBeanInstance.get();
// Do stuff with bean
myBeanInstance.destroy(bean); //Release the bean otherwise it will hold memory
}
}
In essence, what is the difference between these two classes:
#ApplicationScoped
#Singleton
class A {}
#Dependent
#Singleton
class B {}
Contextual EJB instances
I prefer not to use #Inject when looking for EJB:s, unless the EJB is a #Stateful and I want the CDI container to manage the stateful's life-cycle which could be very convenient. Otherwise, using #Inject to retrieve a contextual EJB instance is a bit dangerous. For example, a #Remote client-view cannot be retrieved using CDI unless we also write a producer. Furthermore, class A and class B can not declare any other scope than what they currently do. CDI 1.1, section "3.2 Session beans" says:
A singleton bean must belong to either the #ApplicationScoped scope or
to the #Dependent pseudo-scope. If a session bean specifies an illegal
scope, the container automatically detects the problem and treats it
as a definition error.
Hence, apart from stateful beans, I see no point in using CDI when I go look for EJB:s.
A more mature version of the question
From the client code's perspective which uses #Inject to declare a dependency on either A or B, I cannot imagine there is a difference. In both cases, the call will be routed to a singleton EJB. Had I been the implementation author of a CDI provider, then I might even inject the real EJB proxy in both cases and ignore future calls asking for destruction of the dependent CDI proxy? The bottom line is that we may declare two different scopes on the EJB singleton class. So what's the difference?
I have the following scenario in my code base:
//this bean, which will be injected,
//is not annotated
public class HelperUtil {
//only default constructor with no args
public void doThis(String _in) {
//...
}
public void doThat() {
//...
}
}
In the below class we do the injection:
#Named
#Stateless
public class BusinessManager {
#PersistenceContext(unitName = "default")
private EntityManager em;
#Inject
private HelperUtil helperUtil ;
//...
}
Q1: When is the instance of HelperUtil which will be injected actually initialized by calling the default constructor? Is it done when the first client into which it is injected (like BusinessManager) is instantiated when the app server (in my case JBoss) starts (and that one will be initialized by the container because it is annotated as #Stateless)?
Q2: In the above exhibit, will HelperUtil remain a singleton as long as no client other than the container asks for an instance by calling the constructor directly and not obtaining an instance via DI?
Q3: What is the advantage of using DI and #Inject in this case vs. simply calling the constructor directly (HelperUtil helper = new HelperUtil();)?
It depends, but you can control these event to execute some code, for example:
If you need that your bean is executed when the app start you need to add #Startup annotation to your bean.
If you need to initialize your bean without access to other injected resources you can use the normal constructor.
If you need some method to be executed when the bean is initialized then use the #PostConstruct annotation in the method.
You need to remember that the creation depends on the scope of the bean, in you case, which is a stateless bean, the bean will be created if some client injects it and there are no other instance available, if is singleton then will bean created just once, in general the bean will be created when they are needed (a singleton bean initialize until the first client uses it, or at startup with the annotation)
EDIT:
For the third question, the advantage is that if you use a resource, or other bean inside your HelperUtil, they will be initialized with the proper values, for example, if you use an entity manager, or other beans inside your helper. If your helper will handle just things like static methods or other simple utilities then you are right, the advantage is none and you could simply manage like an static helper class, but if you need EE resources the you need the bean to be managed in order to get all injections and resources loaded
EDIT 2:
After some more years programming and using dependency injection in Java and C# Core, I can add: The question 3 is very open, using DI will allow your code to:
be less coupled, if you change your constructor, you then would have to go searching all the new ObjectModified(oldParams) to add the new parameters
more easy to test, because you can inject "fake objects" as dependencies, avoiding the need to load all the system and prepare the state for the test, for example, if you want to check some code that depends on the current hour, you could connect a fake provider in test mode to give always the same hour, or some sequence
Avoid cyclical dependency, where class A depends on B and B depends on A, normally this is more complex, like
ClasssA -> ClasssB -> ClasssC -> ClasssA
When this dependencies are present, you can start a modification, then modify the class that uses it, and so on... until somehow you find yourself modifying the same class as before!, so you start in a cycle because the communication path between your objects are complex.
When you use DI, this cycles can be detected early on, so you can rethink your architecture to avoid this productivity blackholes
DI is a very powerful tool to keep big projects maintainable, is now present in a lot of environments and frameworks because is very useful, if this still does not convince you, you can try start a project in Spring boot, PlayFramework, Net Core, Java EE, Ruby on Rails.... and many others that have include this as the normal flow and build a medium size app, then try without DI
Background: Everything within CDI operates within a Context. That being said
A managed bean's fields are instantiated, on request. From the spec:
When the container creates a new instance of a managed bean, session bean, or of any other Java EE component class supporting injection, the container must:
Initialize the values of all injected fields. The container sets the value of each injected field to an injectable reference.
What this means is that the first initialization of a dependent bean is when it's first called for, which is when the parent bean is initialized. Now, the JSF #ApplicationScoped has the eager="true" attribute, which allows beans of that scope to be initialized before they're needed by any other part of the application, on startup, EJB #Startup for the same effect on EJBs. CDI beans however, don't have that capability out of the box.
The default scope of CDI beans is #Dependent. What this means is that an injected bean inherits the scope of the injection target (except when the bean has its own scope; in that case, its own scope applies). In your case, HelperUtil is not going to live beyond the lifetime of that EJB, sorta like #RequestScoped
Related
how is the #RequestScoped bean instance provided to #SessionScoped bean in runtime here?
Non-lazy instantiation of CDI SessionScoped beans
JSF Named Bean, Eager application scoped (aka #ManagedBean(eager=true) )
I think its constructor is not called until the method is called like helperUtil.dothat(), its not when its containing bean is instantiated.
About all of the injected fields must be initialized by the container when the managed beans are instantiated like the other answer, its true, but all of the injected fields are injected with proxies so they are not the real objects so the real constructors aren't called.
If its constructor is called when its containing bean is instantiated then how about a #RequestScoped bean inside a servlet for example. The servlet is only instantiated one time but the injected #RequestScoped bean must be instantiated multiple times. If its true then surely the #RequestScoped annotation wouldn't work.
So by simply looking at those CDI annotations intention and name like "request" or "session", we know that the real CDI managed bean objects are made/ instantiated independent of the containing user bean instantiation.
I have not yet experienced any serialization-related issues. But PMD and Findbugs detect a bunch of potential problems regarding seriazation. A typical case is an injected logger that is being detected as non-serializable. but there are many more - EntityManager and several CDI beans.
I have not found any best practices on how to deal with serialization correctly.
will the fields, injected by #Inject and #PersistenceContext be reinjected on deserialization?
should they be marked as transient?
or should I just ignore/switch off the code checks?
should I really provide accessors to all those fields as PMD advises?
I realize this is an old question, but I believe the only answer provided is incorrect.
will the fields, injected by #Inject and #PersistenceContext be
reinjected on deserialization?
No, they will not. I personally experienced this with JBoss in a clustered environment. If the bean is passivation capable, then the container must inject a serializable proxy. That proxy gets serialized and deserialized. Once deserialized, it will locate the proper injection and rewire it. However, if you mark the field transient, the proxy is not serialized and you will see NPEs when the injected resource is accessed.
It should be noted that the injected resource or bean does not have to be Serializable, because the proxy will be. The only exception is for #Dependent scoped beans which have to be serializable or the injection transient. This is because a proxy is not used in this case.
should they be marked as transient?
No, see above.
or should I just ignore/switch off the code checks?
This is up to you, but it is what I would do.
should I really provide accessors to all those fields as PMD advises?
No, I would not.
In our projects, we disable this check when we know we are using CDI.
This answer will detail the serialization/passivation semantics for EJB 3.2 (JSR 345), JPA 2.1 (JSR 338) and CDI 1.2 (JSR 346). Noteworthy is that the Java EE 7 umbrella specification (JSR 342), the Managed Beans 1.0 specification (JSR 316) and the Commons Annotations specification 1.2 (JSR 250) does not have anything to say that is of interest to us in regards to serialization/passivation.
I will also touch on the topic of static code analyzers.
EJB
Relevant sections are "4.2 Conversational State of a Stateful Session Bean" and "4.2.1 Instance Passivation and Conversational State".
#Stateless and #Singleton instances are never passivated.
#Stateful instances may be passivated. Since EJB 3.2, the class developer can opt-out from passivation using #Stateful(passivationCapable=false).
The EJB specification explicitly notes that references to things such as UserTransaction, EntityManagerFactory and container-managed EntityManager are taken care of by the container. A #Stateful instance which uses an extended persistence context will not be passivated unless all entities in the persistence context and the EntityManager implementation is serializable.
Please note that an application-managed EntityManager always uses an extended persistence context. Also, a #Stateful instance is the only type of EJB session instance which may use a container-managed EntityManager with an extended persistence context. This persistence context would be bound to the life cycle of the #Stateful instance instead of one single JTA transaction.
The EJB specification does not explicitly address what happens to a container-managed EntityManager with an extended persistence context. My understanding is this: If there is an extended persistence context, then this guy must be deemed serializable or not according to the rules defined previously and if it is, then passivation proceeds. If passivation proceeds, then the #Stateful class developer need only concern himself with references to application-managed entity managers.
The EJB specification does not specify what happens to transient fields other than describing an assumption we as developers should make.
Section 4.2.1 says:
The Bean Provider must assume that the content of transient fields may be lost between the PrePassivate and PostActivate notifications.
[...]
While the container is not required to use the Serialization protocol for the Java programming language to store the state of a passivated session instance, it must achieve the equivalent result. The one exception is that containers are not required to reset the value of transient fields during activation. Declaring the session bean's fields as transient is, in general, discouraged.
Requiring the container to "achieve the equivalent result" as Javas serialization protocol at the same time leaving it totally unspecified as to what happens with transient fields is quite sad, to be honest. The take-home lesson is that nothing should be marked transient. For fields that the container can not handle, use #PrePassivate to write a null and #PostActivate to restore.
JPA
The word "passivation" does not occur in the JPA specification. Nor does JPA define serialization semantics for types such as EntityManagerFactory, EntityManager, Query and Parameter. The only sentence in the specification relevant to us is this (section "6.9 Query Execution"):
CriteriaQuery, CriteriaUpdate, and CriteriaDelete objects must be serializable.
CDI
Section "6.6.4. Passivating scopes" define a passivating scope as a scope explicitly annotated #NormalScope(passivating=true). This property defaults to false.
One implication is that #Dependent - which is a pseudo scope - is not a passivation capable scope. Also noteworthy is that javax.faces.view.ViewScoped is not a passivation capable scope which for whatever reason the majority of Internet seems to believe. For example, section "17-2. Developing a JSF Application" in the book "Java 9 Recipes: A Problem-Solution Approach".
A passivation capable scope requires that instances of classes declared "with the scope are passivation capable" (section "6.6.4. Passivating scopes"). Section "6.6.1. Passivation capable beans" define such an object instance simply as one being transferable to secondary storage. Special class- annotations or interfaces are not an explicit requirement.
Instances of EJB:s #Stateless and #Singleton are not "passivation capable beans". #Stateful may be (stateful is the only EJB session type which it makes sense to let CDI manage the life cycle of - i.e., never put a CDI scope on a #Stateless or #Singleton). Other "managed beans" are only "passivation capable beans" if they and their interceptors and decorators are all serializable.
Not being defined as a "passivation capable bean" does not mean that things such as stateless, singleton, EntityManagerFactory, EntityManager, Event and BeanManager can not be used as dependencies inside a passivation capable instance that you author. These things are instead defined as "passivation capable dependencies" (see section "6.6.3. Passivation capable dependencies" and "3.8. Additional built-in beans").
CDI make these depedencies passivation capable through the use of passivation capable proxies (see last bulleted item in section "5.4. Client proxies" and section "7.3.6. Lifecycle of resources"). Please note that for Java EE resources such as the EntityManagerFactory and EntityManager to be passivation capable, they must be declared as a CDI producer field (section "3.7.1. Declaring a resource"), they do not support any other scope than #Dependent (see section "3.7. Resources") and they must be looked up on the client-side using #Inject.
Other #Dependent instances - albeit not declared with a normal scope and not required to be fronted by a CDI "client proxy" - can also be used as a passivation capable dependency if the instance is transferable to secondary storage, i.e., serializable. This guy will be serialized together with the client (see last bulleted item in section "5.4. Client proxies").
To be perfectly clear and to provide a few examples; a #Stateless instance, a reference to an EntityManager produced by CDI and a serializable #Dependent instance can all be used as instance fields inside your class annotated with a passivation capable scope.
Static code analyzers
Static code analyzers are stupid. I think that for senior developers, they are more a cause of concern than being an aide. False flags raised by these analyzers for suspected serialization/passivation problems is certainly of very limited value because CDI requires the container to validate that the instance "truly is passivation capable and that, in addition, its dependencies are passivation capable" or otherwise "throw a subclass of javax.enterprise.inject.spi.DeploymentException" (section "6.6.5. Validation of passivation capable beans and dependencies" and "2.9. Problems detected automatically by the container").
Finally, as others have pointed out, it is worth repeating: we should probably never mark a field as transient.
PMD and FindBugs are only checking the interfaces and also have no information about the environment in which your code will be running. To quiet the tools, you could mark them as transient, but they'll all be properly re-injected upon deserialization and first use regardless of the transient keyword.