The JPA Modeler plugin for NetBeans provides visual support for creating, designing and editing entity relationship models. It also provides Java code generation and new for version 1.5.5 is that it provides support for generating MVC 1.0 applications.
Check out MVC 1.0 Generator Tutorial to see how it works.
Kudos to Gaurav Gupta (@jGauravGupta) for this awesome tool! Another proof that NetBeans is the IDE for developing Java EE applications!
Follow @jpamodeler on Twitter!
I am pleased to announce that I will take over as JUG leader in the Malmö branch of Javaforum in Sweden. As a first step we will follow our friends from the other locations in Sweden and move to Meetup. The old site at http://jforum.se has been around for 10 years and time has come to try out some more modern options.
Make sure you register yourself to stay up-to-date on what’s going on in your local Java Community.
Thanks to Cybercom for sponsoring the Meetup subscription.
The Java EE Security API (JSR 375) is moving forward, as summarised by Arjan Tijms here: http://arjan-tijms.omnifaces.org/p/whats-new-in-java-ee-security-api-10.html.
One thing to note is that we now have a name for the reference implementation, namely Soteria. The name originates from Greek Mythology where Soteria was the goddess of safety and salvation [Wikipedia]. Our Soteria can be found on GitHub (https://github.com/javaee-security-spec/soteria) and also has a Twitter handle. Follow @Soteria_RI.
The Soteria GitHub repo contains a couple of samples that demonstrates the features implemented so far. I have created a couple of additional examples where I combine Soteria with other Java EE technologies, such as MVC and JSF. These can be found in https://github.com/ivargrimstad/security-samples.
As the following code shows, it is fairly straightforward to define an embedded identity store for an MVC 1.0 application.
@EmbeddedIdentityStoreDefinition({
@Credentials(callerName = "hem", password = "cheese", groups = {"foo"}),
@Credentials(callerName = "haw", password = "cheeze", groups = {"foo", "bar"})}
)
@DeclareRoles({"foo", "bar"})
@ApplicationPath("ui")
public class ApplicationConfig extends Application {
@Override
public Set<Class<?>> getClasses() {
Set<Class<?>> classes = new HashSet<>();
// add controllers
return classes;
}
The examples will be evolved as the specification and Soteria continues to evolve.
SnoopEE [ˈsnuːpı] – The lean and simple discovery mechanism for Java EE based microservices.
What’s in a name, really?
Naming is hard! When I came up with the name Snoop for my discovery mechanism for microservices based on Java EE, my though was to associate the name with “snooping around for services to discover”. It seems, however, that most people’s thought goes to Snoop Dogg when hearing the name and that was never my intention.
That is one of the reasons for the renaming. Another consideration is that I want to point out that the best fit for SnoopEE is for Java EE!
At the same time I don’t want to signal that it is only for Java EE. I want it to be just as lean and simple no matter what technology used to implement the services. That is the only reason why I have been a little reluctant to the renaming.
SnoopEE has a nicer feel and as the twitter poll indicates, I am not alone thinking this.
For the record, I have nothing at all against Snoop Dogg! I just feel that Snoopy the dog is a little bit cuter…
I have crated a new page for SnoopEE, but as for everyhing else, such as GitHub repo, maven coordinates and naming, it all stays as it is until properly announced otherwise.
If you are developing web applications, sooner or later you will come across something called Cross Site Request Forgery. The most common way to prevent CSRF attacks is by embedding additional, difficult-to-guess data fields, or tokens, in requests containing sensitive data.
Support for CSRF protection has been added to the MVC 1.0 specification. It goes like this:
First, enable CSRF Protection in your application configuration by setting the javax.mvc.security.CsrfProtection to either CsrfOptions.EXPLICIT or CsrfOptions.IMPLICIT.
@ApplicationPath("mvc")
public class MyApplication extends Application {
@Override
public Map<String, Object> getProperties() {
final Map<String, Object> map = new HashMap<>();
// explicit CSRF Protection
map.put(Csrf.CSRF_PROTECTION, Csrf.CsrfOptions.EXPLICIT);
return map;
}
}
Then add the CSRF token to your forms. The Csrf object is available in Expression Language as mvc.csrf .
<form name="form" action="" method="post">
...
<input type="hidden" name="${mvc.csrf.name}" value="${mvc.csrf.token}"/>
</form>
If CsrfOptions.IMPLICIT is used, you’re done. All controller methods annotated with @POST and that consumes the media type x-www-form-urlencoded will be automatically checked for a valid CSRF token.
If CsrfOptions.EXPLICIT is used, then the @CsrfValid annotation must be added exlicitly to the methods you want the CSRF token to be validated.
@CsrfValid
@POST
@Path("new")
public Response createReservation(@BeanParam FormBean form) {
// your controller implementation
}
And that’s all you need!
Five days packed with technical sessions, discussions, community building…It is such a blast!
I have heard more than once that this conference is more about the people than the technology. And I totally agree with that.
Since I am pretty heavy involved in the Java Community Process (JCP), many of my activities this year (as last year) was connected to this. I was interviewed on NightHacking about the JCP in general as well as the JSRs I am on the expert group of (368, 371 and 375). I also managed to get in a word or two about Snoop with input from Arun Gupta.
In addition to my planned sessions, CON1615: Meet Snoop – a Discovery Service for Java EE and BOF3666: How would you like to improve the Java EE Security API, I was also on stage at the CON4176: Introduction to MVC 1.0 (JSR 371).
Thursday morning we had a very productive Face-to-Face meeting in the JMS 2.1 Expert Group (JSR 368). The minutes from this meeting can be found here.
Last, but not least, thanks to Tomitribe for gathering together the #usualsuspects and making sure everyone is having a good time.
JavaOne in San Francisco is less than a month away. If you have not registered yet, do so now!
So far so good! Then you will need to add sessions you want to attend to to your personal schedule. Make sure you don’t wait until the last moment. The most popular sessions tend to fill up pretty fast.
My presentation Meet Snoop – a Discovery Service for Java EE may be can be found in the Schedule Builder by searching for CON1615. Add it to your schedule so that you are sure to get a seat. It may fill up…
Are you in possession of artistic and/or creative skills and want to contribute to an Open Source project?
Snoop is an open source service registry and discovery mechanism for Java EE based microservices that is in desperate need of a logo.
Have a look at https://github.com/ivargrimstad/snoop/issues/13 and see if you can help.
Check out Snoop@GitHub for more information about Snoop.
If you want to run a Snoop enabled microservice in WildFly Swarm, you will need to add some more dependencies to get it to work. This is because Snoop relies on being run in a Java EE 7 compliant application server. And you will need to tell Swarm what parts you need to be able to run it.
In addition to the Swarm modules your microservice depend on, you will also need to add the following dependencies that Snoop requires:
<dependencies>
<dependency>
<groupId>eu.agilejava</groupId>
<artifactId>snoop</artifactId>
<version>1.3.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>javax.json</artifactId>
<version>1.0.4</version>
</dependency>
<dependency>
<groupId>org.wildfly.swarm</groupId>
<artifactId>wildfly-swarm-jaxrs</artifactId>
<version>1.0.0.Alpha4</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wildfly.swarm</groupId>
<artifactId>wildfly-swarm-ejb</artifactId>
<version>1.0.0.Alpha4</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wildfly.swarm</groupId>
<artifactId>wildfly-swarm-weld</artifactId>
<version>1.0.0.Alpha4</version>
<scope>provided</scope>
</dependency>
</dependencies>
The build section may be just as any swarm application:
<build>
<plugins>
<plugin>
<groupId>org.wildfly.swarm</groupId>
<artifactId>wildfly-swarm-plugin</artifactId>
<version>1.0.0.Alpha4</version>
<executions>
<execution>
<goals>
<goal>package</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
Doing this will enable you to run your application as a JAR:
java -jar myservice-swarm.jar
A more complete example can be found here:
https://github.com/ivargrimstad/snoop/tree/master/snoop-examples/snoop-swarm