Javaforum Malmö – a Fresh Start

I am pleased to announce that I will take over as JUG leader in the Malmö branch of Javaforum in Sweden. As a first step we will follow our friends from the other locations in Sweden and move to Meetup. The old site at http://jforum.se has been around for 10 years and time has come to try out some more modern options.

Make sure you register yourself to stay up-to-date on what’s going on in your local Java Community.

Javaforum Malmö
Thanks to Cybercom for sponsoring the Meetup subscription.

 

Java EE Security API Moving Forward

The Java EE Security API (JSR 375) is moving forward, as summarised by Arjan Tijms here: http://arjan-tijms.omnifaces.org/p/whats-new-in-java-ee-security-api-10.html.

One thing to note is that we now have a name for the reference implementation, namely Soteria. The name originates from Greek Mythology where Soteria was the goddess of safety and salvation [Wikipedia]. Our Soteria can be found on GitHub (https://github.com/javaee-security-spec/soteria) and also has a Twitter handle. Follow @Soteria_RI.

The Soteria GitHub repo contains a couple of samples that demonstrates the features implemented so far. I have created a couple of additional examples where I combine Soteria with other Java EE technologies, such as MVC and JSF. These can be found in https://github.com/ivargrimstad/security-samples.

As the following code shows, it is fairly straightforward to define an embedded identity store for an MVC 1.0 application.

The examples will be evolved as the specification and Soteria continues to evolve.

NetBeans Dream Team

It is great to start 2016 with the announcement that I have been included in the NetBeans Dream Team!

I always try to be as objective and unbiased as possible when writing and talking about tools and technologies, but I guess it has been pretty obvious that NetBeans is my favorite IDE and in my opinion the best IDE for Java EE development. Being a member of the Dream Team will enable me to contribute even more to make this great tool even greater.

More information about the NetBeans Dream Team can be found on the wiki.

Snoop becomes SnoopEE [ˈsnuːpı]

SnoopEE [ˈsnuːpı] The lean and simple discovery mechanism for Java EE based microservices.

What’s in a name, really?

Naming is hard! When I came up with the name Snoop for my discovery mechanism for microservices based on Java EE, my though was to associate the name with snooping around for services to discover”. It seems, however, that most people’s thought goes to Snoop Dogg when hearing the name and that was never my intention.

That is one of the reasons for the renaming. Another consideration is that I want to point out that the best fit for SnoopEE is for Java EE!

At the same time I don’t want to signal that it is only for Java EE. I want it to be just as lean and simple no matter what technology used to implement the services. That is the only reason why I have been a little reluctant to the renaming.

SnoopEE has a nicer feel and as the twitter poll indicates, I am not alone thinking this.

For the record, I have nothing at all against Snoop Dogg! I just feel that Snoopy the dog is a little bit cuter…

I have crated a new page for SnoopEE, but as for everyhing else, such as GitHub repo, maven coordinates and naming, it all stays as it is until properly announced otherwise.

Cool Security Feature in MVC 1.0

If you are developing web applications, sooner or later you will come across something called Cross Site Request Forgery. The most common way to prevent CSRF attacks is by embedding additional, difficult-to-guess data fields, or tokens, in requests containing sensitive data.

Support for CSRF protection has been added to the MVC 1.0 specification. It goes like this:

First, enable CSRF Protection in your application configuration by setting the javax.mvc.security.CsrfProtection to either CsrfOptions.EXPLICIT or CsrfOptions.IMPLICIT.

Then add the CSRF token to your forms. The Csrf object is available in Expression Language as mvc.csrf .

If  CsrfOptions.IMPLICIT is used, you’re done. All controller methods annotated with  @POST and that consumes the media type x-www-form-urlencoded will be automatically checked for a valid CSRF token.

If  CsrfOptions.EXPLICIT is used, then the   @CsrfValid annotation must be added exlicitly to the methods you want the CSRF token to be validated.

And that’s all you need!

JavaOne is all about Community

JavaOne 2015 is a wrap!

2015-10-30 10.10.00

Five days packed with technical sessions, discussions, community building…It is such a blast!

I have heard more than once that this conference is more about the people than the technology. And I totally agree with that.

Since I am pretty heavy involved in the Java Community Process (JCP), many of my activities this year (as last year) was connected to this. I was interviewed on NightHacking about the JCP in general as well as the JSRs I am on the expert group of (368, 371 and 375). I also managed to get in a word or two about Snoop with input from Arun Gupta.

In addition to my planned sessions, CON1615Meet Snoop – a Discovery Service for Java EE and BOF3666How would you like to improve the Java EE Security API, I was also on stage at the CON4176: Introduction to MVC 1.0 (JSR 371).

Thursday morning we had a very productive Face-to-Face meeting in the JMS 2.1 Expert Group (JSR 368). The minutes from this meeting can be found here.

Last, but not least, thanks to Tomitribe for gathering together the #usualsuspects and making sure everyone is having a good time.

Meet Snoop @ JavaOne

JavaOne in San Francisco is less than a month away. If you have not registered yet, do so now!

j1-468x60-2590159

So far so good! Then you will need to add sessions you want to attend to to your personal schedule. Make sure you don’t wait until the last moment. The most popular sessions tend to fill up pretty fast.

My presentation Meet Snoop – a Discovery Service for Java EE may be can be found in the Schedule Builder by searching for CON1615. Add it to your schedule so that you are sure to get a seat. It may fill up…

Help Wanted – Logo for Snoop

Are you in possession of artistic and/or creative skills and want to contribute to an Open Source project?

Snoop is an open source service registry and discovery mechanism for Java EE based microservices that is in desperate need of a logo.

Have a look at https://github.com/ivargrimstad/snoop/issues/13 and see if you can help.

Check out Snoop@GitHub for more information about Snoop.

Snoop in Swarm

If you want to run a Snoop enabled microservice in WildFly Swarm, you will need to add some more dependencies to get it to work. This is because Snoop relies on being run in a Java EE 7 compliant application server. And you will need to tell Swarm what parts you need to be able to run it.

In addition to the Swarm modules your microservice depend on, you will also need to add the following dependencies that Snoop requires:

The build section may be just as any swarm application:

Doing this will enable you to run your application as a JAR:

A more complete example can be found here:

https://github.com/ivargrimstad/snoop/tree/master/snoop-examples/snoop-swarm