It lives!

MVC 1.0 is here to stay

June 14, 2017 Ivar Grimstad

#java #MVC 1.0

When MVC 1.0 was dropped from Java EE 8, that should have been the end of it. But the community rallied and now MVC 1.0 lives on, with a little help from Java Champion Ivar Grimstad.

Update: In the period since the article was written, the transfer has been completed.

Since then, Christian Kaltepoth has been brought on to co-lead the specification with Ivar Grimstad. Other important news is that the Specification, JavaDoc, API, RI and TCK will be licensed using the Apache License 2.0 and the schedule has been updated. The goal is to have the Public Review ready by Q4 2017, a Proposed Final Draft by Q1 2018 and the Final Release in Q2 2018.

MVC 1.0, as specified by JSR 371, was initially planned to be a part of the upcoming Java EE 8 release. However, in the revised Java EE schedule presented at JavaOne 2016, MVC 1.0 was left out of the release.

The community reacted, and after discussions between several community members, Oracle and the Java Community Process (JCP), the specification was transferred from Oracle to yours truly for continuation as a standalone specification. [At the time of writing, there are still some legal documents that need to be drawn up and signed for the transfer to be finalized.]

The basics

The MVC 1.0 API is built on top of JAX-RS and integrates with existing EE technologies such as CDI and Bean Validation. Existing view engines (JSP and Facelets) are supported, as well as the flexibility of providing your own view engine.

A simple hello world example looks like this:

@Path("hello")
public class HelloController {

    @Inject
    private User user;

    @GET
    @Controller
    public String hello(@QueryParam("name") String name) {
        user.setName(name);
        return "hello.jsp";
    }
}

Validation

The Exception handling in MVC 1.0 is based on the underlying support provided by JAX-RS. In addition to this, MVC 1.0 provides additional support for handling binding- and validation-errors.

@Controller
@Path("form")
public class FormController {
   @Inject private BindingResult br;

@POST
public Response formPost(@Valid @BeanParam FormDataBean f) {
    if (br.isFailed()) {
        return Response.status(BAD_REQUEST)
                       .entity(“error.jsp”).build();
      }
      return Response.status(OK).entity(“data.jsp”).build();
   }
}

Security

MVC 1.0 specifies protection against Cross-Site Request Forgery (CSRF). This is done by adding the following hidden field in the form that will be validated upon processing.

...
<input type="hidden" name="${mvc.csrf.name}" value="${mvc.csrf.token}"/>
...

The CSRF protection is enabled by annotating the controller with @CsrfValid.

...
@POST
    @CsrfValid
    public void postForm(@FormParam("greeting") String greeting) {
        // Process greeting
    }
...

You may also configure your application for implicit validation, thus requiring the CSRF token in all post request without the @CsrfValid annotation present.

Events

The MVC 1.0 specification specifies five different events that must be fired by the implementations. The mechanism is based on CDI Events and may be observed and acted upon by using standard CDI.

The five required events are:

. BeforeControllerEvent
. AfterControllerEvent
. ControllerRedirectEvent
. BeforeProcessViewEvent
. AfterProcessViewEvent

Scopes

There is sometimes need to share data between a request that returns a redirect instruction and the new request that this redirect triggers. For this purpose, MVC 1.0 defines a new CDI scope identified by the annotation @RedirectScoped. This is particularly useful when implementing the POST-redirect-GET pattern.

Internationalization

MVC 1.0 defines the term _request locale_ as the locale which is used for any locale dependent operation within the lifecycle of a request. The request locale is available from the MvcContext.

@Controller
@Path(“hello”)
public class HelloController {

   @Inject
   private MvcContext mvc;

  @GET
  public String get() {
    Locale locale = mvc.getLocale();

  }
}

Current status

It is already possible to use the technology in a Java EE 7 environment and as Java EE 8 and 9 evolves, MVC 1.0 will be kept aligned to take advantage of the features provided by the platform.

Currently the specification is supported by two application servers (GlassFish and Payara). You will need to add the following two dependencies in your project’s pom.xml.

<dependency>
   <groupId>javax.mvc</groupId>
   <artifactId>javax.mvc-api</artifactId>
   <version>1.0-edr2</version>
</dependency>

<dependency>
   <groupId>org.glassfish.ozark</groupId>
   <artifactId>ozark</artifactId>
   <version>1.0.0-m03-SNAPSHOT</version>
   <scope>runtime</scope>
</dependency>

Resources

Author

Ivar Grimstad

Ivar Grimstad is a Java Champion, JUG Leader and software architect focusing on Enterprise Java.

He is participating in the Java Community Process as a member of the Executive Committee, Spec Lead for JSR 371 (MVC 1.0) and Expert Group Member for JSR 375 (Java EE Security API). He is also a member of the NetBeans Dream Team. Ivar is a frequent speaker at international developer conferences.

He has been working with Java since the beginning and has over the years tried out everything from lightweight mobile applications to large scale enterprise applications. His experience covers all aspects of designing architectures based on a variety of technologies including standard Java EE as well as other frameworks such as Spring and a variety of open source products.

Be the First to Comment!

400