Book Review: Java EE and HTML5 Enterprise Application Development

I was recently sent a copy of Java EE and HTML5 Enterprise Application Development by John Brock, Arun Gupta, and Geertjan Wielenga. This is my review of the book.

While this a fairly short book (176 pages), the authors managed to work a fair amount in. As you probably guessed from the title, the book covers Java EE in the context of an HTML5 application. Given the size of the book and the fairly large and expansive scope of Java EE, not every Java EE topic is covered. What the authors have done, however, is cover some of the basic Java EE concepts that one might need to get started with an HTML5 application in an EE environment. The topics covered in detail are JPA (persistence), JAX-RS (REST), and Java API for WebSocket, all discussed in just enough detail to get you going, but no so much that you’re buried in details.

The first chapter is an introduction to tools being used, HTML5, Java EE 7, and NetBeans. With this book being from Oracle Press (disclaimer: I work for Oracle as well), one might expect to see a slant toward Oracle tools (in fact, two of the authors, Brock and Wielenga, work directly on NetBeans). What we find in the book, however, is the use of NetBeans not as a marketing tool, but as a way to simplify the development effort. Before any steps are shown in the IDE, the code-by-hand approach is shown first, followed by how to accomplish the same thing using the IDE. A developer is free to choose any IDE he wants, of course, but showing "all" of them (or at least the three major players) isn’t practical, so a choice had to be made. Given that Oracle is the primary contributor to NetBeans, its choice makes perfect sense. As it turns out, in my opinion, it just so happens that NetBeans is a great tool for the job, so it works out well. :) Others may wish that a different IDE had been used, so, if you’re one of those people, you’ve been warned. :)

The book then spends a chapter each on persistence, REST, and websockets, covering each of the server-side technologies in turn, giving, as I stated earlier, a just-enough amount of information to get you going. To truly master each of these will likely take some more reading and certainly more experience, but the text covers enough to give a solid, if basic, understanding of how techonology works.

Chapter 5 is a discussion of HTML5 and related/supporting technologies, such Twitter Bootstrap, jQuery, Knockout.js, SASS/SCSS. It’s in this chapter, I think, that things really start to come together. Having spent three chapters discussing the server-side, including lots of example code, we finally get to see how to tie everything together on the client. There is an extensive discussion regarding the REST calls, along with some very helpful tips regarding testing and testability. Being primarily a server-side guy these days, I found the discussion of two-way data binding and Model-View-ViewModel (MVVM) via Knockout very instresting and helpful.

There is a lot of HTML and JS in the chapter, and, honestly, staring at it on the printed page can get a bit overwhelming for the longer HTML examples, but it is helpful to see the context of the code/markup being discussed. You (or at least I) have to read a bit more carefully. After each example, though, the authors do a great of breaking down the code, explaining all of the important/immediately relevant areas, so if you’re having trouble parsing some of that, you should be OK to skip ahead to the discussion, then come back later when you understand things better.

The last chapter in the book might be the most important: web application security. This topic, like Java EE and HTML5 separately, can be a very complex, long-winded discussion. That it’s included at all, though, is very nice, as it’s a strong hint to the reader that application security is something to designed into the app at the earliest stage possible, rather than bolted on later. Much like the Java EE technologies earlier in the book, this chapter doesn’t provide a deep dive into each topic, but does explain various security concerns (such as cross-site scripting (XSS), cross-site request forgery (CSRF), and clickjacking) in enough detail to help you understand what’s going, but also provides some code and guidelines to help mitigate the risks that these attacks represent. The chapter ends with a discussion of authentication and authorization, complete with code and tips to help get you going on both sides of the application.

This is a short book, but the authors managed to pack in it a very clear, easy-to-read introduction to a number of technologies and concerns. If you have a lot of experience in writing these kinds of apps, there may not be much here for you. If, however, you’re strong on the client but weak on the server (or vice-versa), this is a great, quick read that should get you moving in the right direction in no time.