MVC 1.0 is here to stay

When MVC 1.0 was dropped from Java EE 8, that should have been the end of it. But the community rallied and now MVC 1.0 lives on, with a little help from Java Champion Ivar Grimstad.
Update: In the period since the article was written, the transfer has been completed.
Since then, Christian Kaltepoth has been brought on to co-lead the specification with Ivar Grimstad. Other important news is that the Specification, JavaDoc, API, RI and TCK will be licensed using the Apache License 2.0 and the schedule has been updated. The goal is to have the Public Review ready by Q4 2017, a Proposed Final Draft by Q1 2018 and the Final Release in Q2 2018.
MVC 1.0, as specified by JSR 371, was initially planned to be a part of the upcoming Java EE 8 release. However, in the revised Java EE schedule presented at JavaOne 2016, MVC 1.0 was left out of the release.
The community reacted, and after discussions between several community members, Oracle and the Java Community Process (JCP), the specification was transferred from Oracle to yours truly for continuation as a standalone specification. [At the time of writing, there are still some legal documents that need to be drawn up and signed for the transfer to be finalized.]
The basics
The MVC 1.0 API is built on top of JAX-RS and integrates with existing EE technologies such as CDI and Bean Validation. Existing view engines (JSP and Facelets) are supported, as well as the flexibility of providing your own view engine.
A simple hello world example looks like this:
@Path("hello") public class HelloController { @Inject private User user; @GET @Controller public String hello(@QueryParam("name") String name) { user.setName(name); return "hello.jsp"; } }
Validation
The Exception handling in MVC 1.0 is based on the underlying support provided by JAX-RS. In addition to this, MVC 1.0 provides additional support for handling binding- and validation-errors.
@Controller @Path("form") public class FormController { @Inject private BindingResult br; @POST public Response formPost(@Valid @BeanParam FormDataBean f) { if (br.isFailed()) { return Response.status(BAD_REQUEST) .entity(“error.jsp”).build(); } return Response.status(OK).entity(“data.jsp”).build(); } }
Security
MVC 1.0 specifies protection against Cross-Site Request Forgery (CSRF). This is done by adding the following hidden field in the form that will be validated upon processing.
... <input type="hidden" name="${mvc.csrf.name}" value="${mvc.csrf.token}"/> ...
The CSRF protection is enabled by annotating the controller with @CsrfValid
.
... @POST @CsrfValid public void postForm(@FormParam("greeting") String greeting) { // Process greeting } ...
You may also configure your application for implicit validation, thus requiring the CSRF token in all post request without the @CsrfValid
annotation present.
Events
The MVC 1.0 specification specifies five different events that must be fired by the implementations. The mechanism is based on CDI Events and may be observed and acted upon by using standard CDI.
The five required events are:
- . BeforeControllerEvent
- . AfterControllerEvent
- . ControllerRedirectEvent
- . BeforeProcessViewEvent
- . AfterProcessViewEvent
Scopes
There is sometimes need to share data between a request that returns a redirect instruction and the new request that this redirect triggers. For this purpose, MVC 1.0 defines a new CDI scope identified by the annotation @RedirectScoped
. This is particularly useful when implementing the POST-redirect-GET pattern.
Internationalization
MVC 1.0 defines the term _request locale_ as the locale which is used for any locale dependent operation within the lifecycle of a request. The request locale is available from the MvcContext
.
@Controller @Path(“hello”) public class HelloController { @Inject private MvcContext mvc; @GET public String get() { Locale locale = mvc.getLocale(); } }
Current status
It is already possible to use the technology in a Java EE 7 environment and as Java EE 8 and 9 evolves, MVC 1.0 will be kept aligned to take advantage of the features provided by the platform.
Currently the specification is supported by two application servers (GlassFish and Payara). You will need to add the following two dependencies in your project’s pom.xml.
<dependency> <groupId>javax.mvc</groupId> <artifactId>javax.mvc-api</artifactId> <version>1.0-edr2</version> </dependency> <dependency> <groupId>org.glassfish.ozark</groupId> <artifactId>ozark</artifactId> <version>1.0.0-m03-SNAPSHOT</version> <scope>runtime</scope> </dependency>
Resources
Thank you but what is this version number : edr? What does il means? I saw also version number pr and pfd. Is there a signification? If so gessing what it means is not easy.