Security | FirstPartners

Security in your Software-as-a-Service (SAAS) Application

Posted on October 12, 2008 by paulbrowne

‘Credit Crunch’ might be the favourite buzzword of the moment, but ‘Security’ and ‘Software as a Service’ are not very far behind. Ok, they’re a long way behind ‘will I lose my house’ or ‘will I have a job tomorrow’, but you get the idea. So I’m proud to associated by this article by Max and Chicco, even in a very minor way (as a reviewer).

Here’s the 2 minute overview of Securing a multi-tenant SAAS Appliction, just published on IBM Developerworks.

Software as a Service (SAAS) has a great pitch – let us host your software for you, cheaper and less hassle than managing it yourself.
Most SAAS companies host multiple clients on one server = New security concerns.
LDAP (Similar to Windows Directory) is a standard already in wide use for Authentication (making sure people who they say they are).
Spring Security (aka Acegi) is a well used Authorisation toolkit – i.e. make sure those people only do things they are allowed to do.
The article shows you how to bring SAAS , LDAP and Spring Security together to get secure, scalable , hosted applications using the very best in widely understood technologies.

Of course, I’m not going to spill the beans on how exactly they do it; for that you’re going to have to hotfoot it over to the IBM Developerworks website.

Agile Projects Using the Spring Framework – Training

Posted on April 29, 2008 by paulbrowne

Lots of things going on behind the scenes at FirstPartners. One of which is the Spring Framework training course that we’re giving on Wed 30th May in Bewley’s Hotel, Ballsbridge, Dublin. Interested in going? – you can book here (via Trigraph). Can’t make it? We’ll probably do a follow up.

What are you missing? Apart from the crash test dummies (below), there’s loads of lego blocks, Swiss mountains, trains crashing through walls and a Kangaroo. (Spring, Geddit?). You might even learn something about Java along the way.

Agile Projects using the Spring Framework
Executive Briefing
Delivery: Public or In-house
Course Length: 0.5 days. Optional mentoring / follow up session if required by Client
Course Approach: Lecture, discussions
Level: Beginner / Intermediate

Dummies

Course Description:

Spring, with good reason, is the most actively used framework in the Enterprise Java world today. The half- day briefing shows the problems that Spring can solve for your projects, core Spring concepts such as Inversion of Control and integration with existing Enterprise Java technologies for database access, messaging and web deployment. The briefing also shows how to use Spring to make your projects more agile, improving quality and reducing deployment time.

Course Objectives:

Following completion of this course, students will be able to:
Understand why Enterprise Java is the mostly widely used corporate technology, and how Spring both simplifies and improves this technology.
Understand core Spring concepts such as Inversion of Control (IOC), configuration , deployment and testing.
Describe how to integrate Spring with Enterprise Technologies such as Databases, Messaging and Web 2 frameworks.
Understand how Spring can make your projects more agile and the benefits it brings to your organization
Map out a plan of how to introduce the Spring framework to existing systems.

Course Syllabus:

Section 1: The Problems That Spring Solves

Introduction
Who are you? Who are we?
What is Spring?
What is (Enterprise) Java?
The problems with Enterprise Java
Why Enterprise Java is costing you money.
The Deployment Scale
Java Classes and Objects
Just enough XML to get by
Core Spring – Inversion of Control pattern
Spring Configuration and my First Spring App
Deployment via Web, Enterprise Java and Command line
Spring on other platforms (.Net , Ruby and Groovy)
Alternatives to Spring
Spring and Java 5 – easier development
Starting out – just a little Spring in your Step.

Section 2: Core Spring and Enterprise Spring Integration

Spring Web Framework (MVC)
Spring Web with Struts , JSF , XSLT , Tiles and GWT (Google Web Toolkit)
Spring and Ajax in Web 2 Applications.
Spring Webflow
Spring and Databases (Hibernate and JDBC)
Spring and Messaging (MQ and JMS)
Spring Remoting and Web Services
Aspect Orientated Programming (AOP)
Transactions in Spring
Appfuse – ready to roll Spring projects with Maven
Administration of your Application using Spring and JMX
Scheduling using Spring and Quartz
Spring and Acegi Security

Section 3: Practical Spring – make your project more Agile

The problems with IT Projects
What is Agile
Spectrum of Agility
How Spring makes your project more agile (and your customer happy)
Key Agile Practices
Unit Testing with Spring
Integration Testing
Mock Objects
Spring IDE
Spring and Business Rules
Spring and Workflow
Alternative Spring configuration.
Extending Spring to meet you (obscure) needs.
What’s new in Spring 2.5 (and coming up for Spring 3)

Audience:

Managers and Project Managers wishing to understand the benefits of adding Spring to their projects.
Software developers needing an introduction to Java and the Spring Framework and integration with key Enterprise technologies.
Support, Database , Web Designers and other IT professionals needing to interface with Spring and Enterprise Java systems.
.Net developers wishing to understand the concepts behind the Spring.Net framework.

Related Courses:
Enterprise Java (Trigraph) and Agile Project Management (Trigraph)

Prerequisites:
Some high level exposure to the Java, .Net or other Object Orientated language would be beneficial but
not necessary.

Google Spreadsheets Mean the end of Java

Posted on January 18, 2007 by paulbrowne

Or to be more accurate ‘Google Spreadsheets mean the end of Java as we know it’.

Think about this. Who pays your wages Mr Java-Developer-who-has-just-had-a-couple-of-years-at-the-top-of-the-pile? Clients, or if you’re in a larger organisation , the business folks (i.e.’internal’ clients). Do you think any of them care about Java? Do any of them know what Java is? All they want is to get things done, quickly , and with as few mistakes as possible.

These business people would be happy to run their organisations on Spreadsheets. Do you remember the cartoon where Dilbert convinced the pointy haired boss that he could fly the plane using Excel? There’s more than a element of truth to this. I know of at least one US Fortune 100 company that (until recently) conducted most of it’s operations on little more than Microsoft Office and duct-tape. It worked, not very well, but it worked.

Until now , the next line would be ‘Excel (or any other type of Spreadsheet) is not secure / scalable / sharable / not web friendly’. That was until Google launched their Docs and Speadsheets. It’s an online version of Office with some spreadsheet functionality. Play with it a bit and you’ll see that there’s plenty missing. But this being Google , I’m willing to put good money on

(a) new features rolled out (think steamroller) and
(b) These Spreadsheets being massivly scalable / secure / sharable.

This being Google, there is also an API (developer page here). It’s got massive holes in it (e.g. you can’t yet use it to create a new spreadsheet). But when Microsoft bring out their version of online spreadsheets (and they will) not only will they clone the Google API (to get market share), they’ll need to go one further and introduce new features / remove the usage restrictions in order to compete.

So, secure, scalable, sharble online spreadsheets are here to stay. So lets take a look at Mr. (or Ms.) Pointy haired boss thinking about their new project:

Hmm, I think we need to be able to gather which health plans our employees are enrolled in.
OK, I’ll throw together a spreadsheet to show people what I want
Before I’ll give to our friendly Java developer and let him ‘do’ a website from it.
Soon I’ll just share this on Google.
Great , Loads of people are now using it, I’ll just the (Ruby / PHP / Insert other language here) guy to add one or two extra features.
Most Excellent. Why don’t we spin this off as a Web 2 company and sell it to EBay??

There you have it, Massively scalable , Highly secure websites (see Google Authentication API), without needing to know anything about EJB, JMX , JBoss, JDBC or any of the hard won knowledge that us Enterprise Java Developers have built up over the last 7-8 years. I’m exaggerating, but not much.

What do you think? Is Enterprise Java dead, or is Web 2 just another boost and a slightly different way of doing things for us Java people?

Other Java Posts from Technology in Plain English

Some other notes:

Java is read once , run almost anywhere. The ‘Almost’ is because (for various technical reasons) the difficulty in getting reasonably priced web hosting. Have your tried getting some recently – impossible to find , or at least impossible to find at the prices PHP and Ruby guys can get theirs?
Tim O’Reilly with was right with the notion of Web 2.0 and the network as a computer. We’ve also written about the notion of online software being at a tipping point.

This article was originally published on the O’Reilly books OnJava Website.

Upgrade your PDF reader (don't say we didn't warn you).

Posted on January 4, 2007 by paulbrowne

News is just out that this is a major security hole in Acrobat reader (what you normally use to open PDF Files). Most people are currently using version 7 or earlier (the version affected). Upgrading to version 8 appears to solve the problem.

Brian Honan has more details with a full writeup at Symantec.

And if you ever need to guess a password …

Posted on December 17, 2006 by paulbrowne

… try these , as suggested by the Health Tech Blog.

Brian Honan's Security Watch Blog

Posted on November 27, 2006 by paulbrowne

If you already subscribe to Brian’s monthly Security Newsletter, you’ll already know how good / critical the information Brian has.

[Link to BHConsulting.ie]

Now , Brian Honan has started blogging and the content is well worth checking out. Brian is a Dublin based Enterprise Security Consultant whose writing will make you suitably paranoid.

Enterprise Java Presentation at DCU

Posted on October 30, 2006 by paulbrowne

On Wednesday, I’m presenting on the topic of Enterprise Java at DCU (Dublin City University) , in conjunction with Trigraph.

I’ll blog later about bits and pieces of the slides (for commercial reasons I can’t publish the full set here), but the overview is below.

Description:

Success or failure in your business depends on dealing with information faster and better than your competitors. This briefing shows you how Enterprise Java tools can do this and how to apply them to your organisation. Crucially, the briefing shows you when not to use Enterprise Java and details the alternative approaches.The briefing will give delegates an overview of the Java Web development environment, how to architect and distribute multi-tier applications and how to link these components with existing sources of information using Enterprise Application Integration (EAI). Most business have substantial investments in existing and legacy IT systems and the briefing will show how to integrate these with techniques such as JMS Messaging/ MQ Series, SOAP / XML or using the Java Connector Architecture (JCA).

As well as examining the main Java Application Server vendors (including Sun , IBM , Oracle , BEA and JBoss) the briefing will detail the technology stack that they offer. This stack includes Web presentation frameworks and SOA – Service Orientated Architecture at the Front end. In the middle (Business) layer this covers the capture of Business knowledge using Business Rule Engines and workflow (BPEL). At the back (Service) layer, this includes database integration using JDBC, and the Enterprise Service Bus (ESB).

What Problem are we trying to solve?Where Java Fits in Enterprise Computing.
Enterprise Application Integration (EAI).
A Componentised & Connected Enterprise.
Enterprise Java Architecture Overview.
Enterprise Java Platform Roles.
Benefits to the Enterprise.
Alternatives (.Net , PHP , Oracle , Lightweight Java Frameworks , scripting)
Scripting Languages and Enterprise Java (Ruby, Python, Groovy)
Vendors (IBM, Oracle, Sun , Bea , JBoss and SAP)
Vendor Specific Solutions (e.g. Oracle Fusion / ADF , IBM MQ )
Market Trends – Resource availability (can we get the people to do this?)

Foundation Technologies & Techniques.

Enterprise Web 2.0 and Service Orientated Aritecture (SOA).
Integrating with other Systems ( Legacy Systems, Oracle etc)
Enterprise Java Beans 3
Middleware (MOM, Rule Engines, Workflow)
Java on the (Enterprise) Desktop
Web Services / Enterprise Service Bus
Best practices (Code standards, Build standards, Version Control / Iterative Development / Junit)
UI Layer: HTML, Servlets, JSP, XML/XSLT.
XML’s Role in the Enterprise.
Application Tier: EJB, JNDI, JDBC, JDO.
Integration Technologies.
Java Connector Architecture- JCA
RMI, CORBA/IIOP, SOAP.
Security – Application and Server Level
Java Access & Authorization Service (JAAS).
Object-Orientation & UML.
Design Patterns.
Frameworks (Struts , JSF, ADF, DWR, Spring, Hibernate)
.Net interoperability

Enterprise Java Application Architectures.

Overview of Enterprise Application Servers.
Commercial Application Servers.
Distributed Application Models with Enterprise Java.
Enterprise Java Application Server Basics.
How to Choose a Enterprise Java Application Server.
Enterprise Java Application Architecture.
Building a Enterprise Java Application.
Deploying the Application.

Enterprise Java & Your Business.

Planning for Migration.
First Steps.
The Implementation Plan.
Organisational Challenges.
What’s next for Enterprise Java?

Close.