Security in your Software-as-a-Service (SAAS) Application

‘Credit Crunch’ might be the favourite buzzword of the moment, but ‘Security’ and ‘Software as a Service’ are not very far behind. Ok, they’re a long way behind ‘will I lose my house’ or ‘will I have a job tomorrow’, but you get the idea. So I’m proud to associated by this article by Max and Chicco, even in a very minor way (as a reviewer).

IBM Developer works logo

Here’s the 2 minute overview of Securing a multi-tenant SAAS Appliction, just published on IBM Developerworks.

  1. Software as a Service (SAAS) has a great pitch – let us host your software for you, cheaper and less hassle than managing it yourself.
  2. Most SAAS companies host multiple clients on one server = New security concerns.
  3. LDAP (Similar to Windows Directory) is a standard already in wide use for Authentication (making sure people who they say they are).
  4. Spring Security (aka Acegi) is a well used Authorisation toolkit – i.e. make sure those people only do things they are allowed to do.
  5. The article shows you how to bring SAAS , LDAP and Spring Security together to get secure, scalable , hosted applications using the very best in widely understood technologies.

Of course, I’m not going to spill the beans on how exactly they do it; for that you’re going to have to hotfoot it over to the IBM Developerworks website.

Red Hat Developer Studio – Office for Java People

I’m not going to cross post my O’Reilly Blog entry on Red Hat Developer Studio.

I’ll just give the 2 minute summary. An IDE (integrated Development Environment) is like Microsoft Office for Developers – you could use notepad instead, but an IDE makes the overall writing experience easier. Microsoft Visual Studio is the main non-Java IDE. For Java , you have the choice of Eclipse (and other tools built on it such as JBoss IDE, JBuilder ,Websphere and Weblogic studio), IntelliJ or Sun’s Netbeans. Very much a personal preference as to which is best of the three of these.

For me, I tend to use Eclipse (1) because I can install it on any client site (2) If an IDE preference is stated on a project, it tends to be Eclipse and (3) There are plugins available for almost anything – including non-Java languages such as Ruby.

Or rather , I download a version of Eclipse with all the plugins pre-packaged – which is what Red Hat Developer Studio does.

Full Install Notes on / Getting started with Red Hat Dev Studio are here.
Red hat Splash Screen

Microsoft Silverlight – Web 2 IDE – Event

Fergal Breen asked to blog about the Dublin Silverlight event, but Stephen Downey beat me to it. (Update: Ken McGuire is also writing about the event)
Microsoft silverlight logo

Microsoft Silverlight is a flash competitor; It looks good and is well worth checking out, but I’ve got my reservations if it is truely as portable as Flash (see comments on Tom Raftery’s Silverlight launch post). All the same, Silverlight is going to be big (it’s backed by Microsoft), and the IDE / Editor is setting a good standard.
Not sure? Go to the Event and make your own mind up.

Enterprise Java Developer Wanted

A good friend of mine needs an Enterprise Java Developer, to be based in Dublin Ireland (sorry , no Teleworking). It’s a contract position and the project is high profile and sounds quite interesting. The main reason I’m passing on it as the exact location is the only place where I cannot get to easily from Drogheda! One man’s poison is another man’s meat (or something like that).

With that information (i.e. next to none at all) I’m going to ask you if you’re interested. Yes , I could put all the buzzwords (the usual Spring , Ajax, JSF, EJB , Hibernate), but to be honest I don’t know where the technology road will take this project.

One small catch. We need to weed out all the muppets that are out there. So, you need to have been blogging about Java for the last couple of months. If you’re interested , leave a comment and I’ll pass on your details.

Irish Blogger lynched on O'Reilly site for comparing Google Spreadsheets with Java

There are times when Web2, blogging , feedback from readers and the wisdom of crowds is great. And there are times that it’s extremely painful.

OnJava Logo
Like this Blogpost I wrote over on the O’Reilly site. Do Google Spreadsheets mean the end of Java?

I expected some people to disagree with me , but at least disagree for good reasons. The key point, that Web 2, it’s applications (of which Google spreadsheets is only ) and their API’s will fundamentally change the way we solve business problems using IT has been lost in the knee-jerk reaction.
Copy of the blog post here.

Google Spreadsheets Mean the end of Java

Or to be more accurate ‘Google Spreadsheets mean the end of Java as we know it’.
Google Spreadsheets Logo
Think about this. Who pays your wages Mr Java-Developer-who-has-just-had-a-couple-of-years-at-the-top-of-the-pile? Clients, or if you’re in a larger organisation , the business folks (i.e.’internal’ clients). Do you think any of them care about Java? Do any of them know what Java is? All they want is to get things done, quickly , and with as few mistakes as possible.

These business people would be happy to run their organisations on Spreadsheets. Do you remember the cartoon where Dilbert convinced the pointy haired boss that he could fly the plane using Excel? There’s more than a element of truth to this. I know of at least one US Fortune 100 company that (until recently) conducted most of it’s operations on little more than Microsoft Office and duct-tape. It worked, not very well, but it worked.

Until now , the next line would be ‘Excel (or any other type of Spreadsheet) is not secure / scalable / sharable / not web friendly’. That was until Google launched their Docs and Speadsheets. It’s an online version of Office with some spreadsheet functionality. Play with it a bit and you’ll see that there’s plenty missing. But this being Google , I’m willing to put good money on

  • (a) new features rolled out (think steamroller) and
  • (b) These Spreadsheets being massivly scalable / secure / sharable.

This being Google, there is also an API (developer page here). It’s got massive holes in it (e.g. you can’t yet use it to create a new spreadsheet). But when Microsoft bring out their version of online spreadsheets (and they will) not only will they clone the Google API (to get market share), they’ll need to go one further and introduce new features / remove the usage restrictions in order to compete.

So, secure, scalable, sharble online spreadsheets are here to stay. So lets take a look at Mr. (or Ms.) Pointy haired boss thinking about their new project:

  1. Hmm, I think we need to be able to gather which health plans our employees are enrolled in.
  2. OK, I’ll throw together a spreadsheet to show people what I want
  3. Before I’ll give to our friendly Java developer and let him ‘do’ a website from it.
    Soon I’ll just share this on Google.
  4. Great , Loads of people are now using it, I’ll just the (Ruby / PHP / Insert other language here) guy to add one or two extra features.
  5. Most Excellent. Why don’t we spin this off as a Web 2 company and sell it to EBay??

There you have it, Massively scalable , Highly secure websites (see Google Authentication API), without needing to know anything about EJB, JMX , JBoss, JDBC or any of the hard won knowledge that us Enterprise Java Developers have built up over the last 7-8 years. I’m exaggerating, but not much.

What do you think? Is Enterprise Java dead, or is Web 2 just another boost and a slightly different way of doing things for us Java people?

Other Java Posts from Technology in Plain English

Some other notes:

This article was originally published on the O’Reilly books OnJava Website.