One of the nicer features added in Java 5 was the support of creating custom annotation processors. The use of custom annotation processing allows framework developers to set up a model that would generate additional code as part of the build.
This blog post discusses how to create and test an annotation processor in Maven. Continue reading
There’s many tutorials that show how to use AngularJS online, the AngularJS home page does a very good start. @blm849, one of the smarter people I know asked me if there was any site to ramp him up. I said the AngularJS home page followed by learning directives.
In this post I will expand on my suggestion and follow on with other things to look at.
One of the side projects I am working on is to develop yet another enterprise application framework. The purpose of this was to learn and try out some of the current features of Java EE and try to put a fresh eye from what I have seen from other frameworks. Specifically, I wanted to look at developing my framework to be a good enterprise architecture citizen.
The WebSocket API like HTTP is very open and allows a lot of flexibility to be able to work with many different types of applications. Like REST on top of HTTP, a WebSocket Service is an architectural style and has no defined standards making the need for a contract between UI developers and server side developers in order to keep things sane. This blog post defines a WebSocket Service API Contract that I use for my projects akin to the REST API Contract I use in my projects.
Developing RESTful services is more of an architectural style than a standard. This makes it flexible, yet difficult to implement as there is no proper contract like that of WS-*. In fact, the closest thing to a standard is the Hypertext Transfer Protocol which does not define how paths are to be defined and such.
In my JASPIC OAuth 2.0 implementation, a cookie is used to store the JWT payload. In the JWT, there’s an “exp” value that specifies when the token should expire. It would be nice if we can have the data expire when the “exp” value is hit or if the browser is closed, but unfortunately HTTP Cookies does not support that feature.
In a recent interview I had, the interviewer had told me about one of the technologies they use, namely Liquibase. One of the articles I found talked about how to do automatic DB migration for Java web apps with Liquibase. The article had a similar idea flow I wanted to implement. As I was trying to do my implementation of Liquibase DB migration, I found that the schema generation didn’t work as I expected, most likely because I was using Java EE 7 and JPA 2.1. So the search for a plug-in to do this has begun…
I’ve worked on several projects now and practically every one of enough scale of them had the login use case. In in almost all those cases, I tend to be the one working on it. Even with other tools I have used such as Sonar, Redmine and Jenkins I had to deal with the login because they each had developed their own systems and kept it with the application. It’s only Curam projects that I worked on and one web app of my entire career where I actually used container managed authentication. My preference … container managed authentication hands down.
However, container managed authentication is not really the most trivial thing to do. In the past every application server had its own way of doing things. Thankfully Java EE 6 had brought in JASPIC as part of the standard (even if it is quite out of date in implementation). Now if we mix it with OAuth 2.0, we can push the authentication out of the app and the app server itself and put it in an enterprise OAuth 2.0 server instead of having just a thin veil in the application using Form based login.
I had recently implemented HTTP Header based authentication with JASPIC; this post talks about using the OAuth 2.0 system on JASPIC.
When doing something as critical as authentication especially something that would get standardized like OAuth 2.0, security is something that shouldn’t be taken likely. This is true when dealing with messages.
SSL already provides us with relatively reliable transport level security, but what about the data? That’s where cryptographic signatures come in. In SSL we have trusted certificates already loaded into our browsers. However, outside of that it is dependent on the application.
In terms of OAuth 2.0, having a way of trusting the message that gets sent by the remote system needs a way of performing this key interchange. In which case we have the JSON Web Key standard that provides us with a simple exchange of keys. This post talks about how to parse those structures and using them to validate as a follow up of parsing the JSON Web Token in Java.