Creating an annotation based code generator in Maven

One of the nicer features added in Java 5 was the support of creating custom annotation processors.  The use of custom annotation processing allows framework developers to set up a model that would generate additional code as part of the build.

This blog post discusses how to create and test an annotation processor in Maven. Continue reading

Share Button

Learning AngularJS

There’s many tutorials that show how to use AngularJS online, the AngularJS home page does a very good start. @blm849, one of the smarter people I know asked me if there was any site to ramp him up. I said the AngularJS home page followed by learning directives.

In this post I will expand on my suggestion and follow on with other things to look at.
Continue reading

Share Button

AngularJS Template Servlet

When working with AngularJS, templates allow developers to separate their HTML from the JavaScript code.  Though this is preferable for development, this can be an issue at runtime as each template will incur a network cost.  To alleviate this issue AngularJS provides a $templateCache that reduces the cost of doing network handshakes by combining multiple template files into a single JavaScript file that populates a cache.

That’s all well and good, but building the file can get cumbersome and having it as part of the build process would slow developers down.  It would be nice if it can be done at runtime like WRO4J does for CSS and JavaScript; so I create a servlet that does it for me.

Continue reading

Share Button

Being a good enterprise architecture citizen

One of the side projects I am working on is to develop yet another enterprise application framework.  The purpose of this was to learn and try out some of the current features of Java EE and try to put a fresh eye from what I have seen from other frameworks. Specifically, I wanted to look at developing my framework to be a good enterprise architecture citizen.

Continue reading

Share Button

WebSocket Service API Contact

The WebSocket API like HTTP is very open and allows a lot of flexibility to be able to work with many different types of applications. Like REST on top of HTTP, a WebSocket Service is an architectural style and has no defined standards making the need for a contract between UI developers and server side developers in order to keep things sane. This blog post defines a WebSocket Service API Contract that I use for my projects akin to the REST API Contract I use in my projects.
Continue reading

Share Button

REST API Contract

Developing RESTful services is more of an architectural style than a standard. This makes it flexible, yet difficult to implement as there is no proper contract like that of WS-*. In fact, the closest thing to a standard is the Hypertext Transfer Protocol which does not define how paths are to be defined and such.

RESTful services act as a gateway between the UI team using HTML, JavaScript and CSS and the backend teams using some form of application server. In order to keep things sane, it is best that these two groups form a contract before they go too far into development. So here are some guidelines on the contract for my UI and server development using REST.
Continue reading

Share Button

Cookies that can expire but must be removed when the browser is closed

In my JASPIC OAuth 2.0 implementation, a cookie is used to store the JWT payload.  In the JWT, there’s an “exp” value that specifies when the token should expire.  It would be nice if we can have the data expire when the “exp” value is hit or if the browser is closed, but unfortunately HTTP Cookies does not support that feature.

Continue reading

Share Button

JPA 2.1 Schema Generator plugin for Maven

In a recent interview I had, the interviewer had told me about one of the technologies they use, namely Liquibase. One of the articles I found talked about how to do automatic DB migration for Java web apps with Liquibase. The article had a similar idea flow I wanted to implement. As I was trying to do my implementation of Liquibase DB migration, I found that the schema generation didn’t work as I expected, most likely because I was using Java EE 7 and JPA 2.1. So the search for a plug-in to do this has begun…
Continue reading

Share Button

OAuth 2.0 JASPIC implementation

I’ve worked on several projects now and practically every one of enough scale of them had the login use case. In in almost all those cases, I tend to be the one working on it. Even with other tools I have used such as Sonar, Redmine and Jenkins I had to deal with the login because they each had developed their own systems and kept it with the application. It’s only Curam projects that I worked on and one web app of my entire career where I actually used container managed authentication. My preference … container managed authentication hands down.

However, container managed authentication is not really the most trivial thing to do. In the past every application server had its own way of doing things. Thankfully Java EE 6 had brought in JASPIC as part of the standard (even if it is quite out of date in implementation). Now if we mix it with OAuth 2.0, we can push the authentication out of the app and the app server itself and put it in an enterprise OAuth 2.0 server instead of having just a thin veil in the application using Form based login.

I had recently implemented HTTP Header based authentication with JASPIC; this post talks about using the OAuth 2.0 system on JASPIC.
Continue reading

Share Button

Parsing JSON Web Key (JWK) in Java

When doing something as critical as authentication especially something that would get standardized like OAuth 2.0, security is something that shouldn’t be taken likely. This is true when dealing with messages.

SSL already provides us with relatively reliable transport level security, but what about the data? That’s where cryptographic signatures come in. In SSL we have trusted certificates already loaded into our browsers. However, outside of that it is dependent on the application.

In terms of OAuth 2.0, having a way of trusting the message that gets sent by the remote system needs a way of performing this key interchange. In which case we have the JSON Web Key standard that provides us with a simple exchange of keys. This post talks about how to parse those structures and using them to validate as a follow up of parsing the JSON Web Token in Java.
Continue reading

Share Button