The Future of Java EE May Be Bright After All

I don’t think anybody with the slightest interest in server-side Java™, and Java EE in particular, have missed the frustrations (and anger) in the community for the hiatus regarding the specification work of Java EE 8. The activity for most of the Java EE 8 targeted JSRs have more or less stagnated for almost a year, with only a few exceptions.

This has resulted in initiatives such as the Java EE Guardians and the Microprofile.io. Both emerging from a community eager to move Java EE forward to continue being the preferred platform for enterprise Java™.

The minutes from the August meeting in the JCP Executive Committee indicates that Oracle is finally beginning to move. At the meeting, Anil Gaur, Oracle Group Vice President with responsibility for Java EE and WebLogic Server, said:

“…We would like the future of Java EE to be viable to next generation of applications. These apps are composed and deployed differently in cloud and require flexibility, reliability and scale. The platform needs a new programming model that’s geared towards reactive style programming for building large-scale distributed applications that are loosely coupled…”

This year’s JavaOne will definitely be exciting in terms of Java EE. If you haven’t registered yet, do so!

I am carefully optimistic and think that Java EE has a bright future!

Java Champion

I am extremely proud and honored to be included in this exclusive group of Java dignitaries.

The Java Champions are an exclusive group of passionate Java technology and community leaders who are community-nominated and selected under a project sponsored by Oracle. Learn more about Java Champions.

MVC 1.0 Generator

The JPA Modeler plugin for NetBeans provides visual support for creating, designing and editing entity relationship models. It also provides Java code generation and new for version 1.5.5 is that it provides support for generating MVC 1.0 applications.

Check out MVC 1.0 Generator Tutorial to see how it works.

JSP

Kudos to Gaurav Gupta (@jGauravGupta) for this awesome tool! Another proof that NetBeans is the IDE for developing Java EE applications!

Follow @jpamodeler on Twitter!

Javaforum Malmö – a Fresh Start

I am pleased to announce that I will take over as JUG leader in the Malmö branch of Javaforum in Sweden. As a first step we will follow our friends from the other locations in Sweden and move to Meetup. The old site at http://jforum.se has been around for 10 years and time has come to try out some more modern options.

Make sure you register yourself to stay up-to-date on what’s going on in your local Java Community.

Javaforum Malmö
Thanks to Cybercom for sponsoring the Meetup subscription.

 

Java EE Security API Moving Forward

The Java EE Security API (JSR 375) is moving forward, as summarised by Arjan Tijms here: http://arjan-tijms.omnifaces.org/p/whats-new-in-java-ee-security-api-10.html.

One thing to note is that we now have a name for the reference implementation, namely Soteria. The name originates from Greek Mythology where Soteria was the goddess of safety and salvation [Wikipedia]. Our Soteria can be found on GitHub (https://github.com/javaee-security-spec/soteria) and also has a Twitter handle. Follow @Soteria_RI.

The Soteria GitHub repo contains a couple of samples that demonstrates the features implemented so far. I have created a couple of additional examples where I combine Soteria with other Java EE technologies, such as MVC and JSF. These can be found in https://github.com/ivargrimstad/security-samples.

As the following code shows, it is fairly straightforward to define an embedded identity store for an MVC 1.0 application.

@EmbeddedIdentityStoreDefinition({
    @Credentials(callerName = "hem", password = "cheese", groups = {"foo"}),
    @Credentials(callerName = "haw", password = "cheeze", groups = {"foo", "bar"})}
)
@DeclareRoles({"foo", "bar"})
@ApplicationPath("ui")
public class ApplicationConfig extends Application {

    @Override
    public Set<Class<?>> getClasses() {
        Set<Class<?>> classes = new HashSet<>();
        // add controllers
        return classes;
    }

The examples will be evolved as the specification and Soteria continues to evolve.

NetBeans Dream Team

It is great to start 2016 with the announcement that I have been included in the NetBeans Dream Team!

I always try to be as objective and unbiased as possible when writing and talking about tools and technologies, but I guess it has been pretty obvious that NetBeans is my favorite IDE and in my opinion the best IDE for Java EE development. Being a member of the Dream Team will enable me to contribute even more to make this great tool even greater.

More information about the NetBeans Dream Team can be found on the wiki.

Cool Security Feature in MVC 1.0

If you are developing web applications, sooner or later you will come across something called Cross Site Request Forgery. The most common way to prevent CSRF attacks is by embedding additional, difficult-to-guess data fields, or tokens, in requests containing sensitive data.

Support for CSRF protection has been added to the MVC 1.0 specification. It goes like this:

First, enable CSRF Protection in your application configuration by setting the javax.mvc.security.CsrfProtection to either CsrfOptions.EXPLICIT or CsrfOptions.IMPLICIT.

@ApplicationPath("mvc")
public class MyApplication extends Application {

    @Override
    public Map<String, Object> getProperties() {
        final Map<String, Object> map = new HashMap<>();
       
        // explicit CSRF Protection
        map.put(Csrf.CSRF_PROTECTION, Csrf.CsrfOptions.EXPLICIT);
        return map;
    }
}

Then add the CSRF token to your forms. The Csrf object is available in Expression Language as mvc.csrf .

<form name="form" action="" method="post">
   ...
   <input type="hidden" name="${mvc.csrf.name}" value="${mvc.csrf.token}"/>
</form>

If CsrfOptions.IMPLICIT is used, you’re done. All controller methods annotated with @POST and that consumes the media type x-www-form-urlencoded will be automatically checked for a valid CSRF token.

If CsrfOptions.EXPLICIT is used, then the  @CsrfValid annotation must be added exlicitly to the methods you want the CSRF token to be validated.

@CsrfValid
@POST
@Path("new")
public Response createReservation(@BeanParam FormBean form) {
   // your controller implementation
}

And that’s all you need!

JavaOne is all about Community

JavaOne 2015 is a wrap!

2015-10-30 10.10.00

Five days packed with technical sessions, discussions, community building…It is such a blast!

I have heard more than once that this conference is more about the people than the technology. And I totally agree with that.

Since I am pretty heavy involved in the Java Community Process (JCP), many of my activities this year (as last year) was connected to this. I was interviewed on NightHacking about the JCP in general as well as the JSRs I am on the expert group of (368, 371 and 375). I also managed to get in a word or two about Snoop with input from Arun Gupta.

In addition to my planned sessions, CON1615Meet Snoop – a Discovery Service for Java EE and BOF3666How would you like to improve the Java EE Security API, I was also on stage at the CON4176: Introduction to MVC 1.0 (JSR 371).

Thursday morning we had a very productive Face-to-Face meeting in the JMS 2.1 Expert Group (JSR 368). The minutes from this meeting can be found here.

Last, but not least, thanks to Tomitribe for gathering together the #usualsuspects and making sure everyone is having a good time.

Meet Snoop @ JavaOne

JavaOne in San Francisco is less than a month away. If you have not registered yet, do so now!

j1-468x60-2590159

So far so good! Then you will need to add sessions you want to attend to to your personal schedule. Make sure you don’t wait until the last moment. The most popular sessions tend to fill up pretty fast.

My presentation Meet Snoop – a Discovery Service for Java EE may be can be found in the Schedule Builder by searching for CON1615. Add it to your schedule so that you are sure to get a seat. It may fill up…