Security in your Software-as-a-Service (SAAS) Application

‘Credit Crunch’ might be the favourite buzzword of the moment, but ‘Security’ and ‘Software as a Service’ are not very far behind. Ok, they’re a long way behind ‘will I lose my house’ or ‘will I have a job tomorrow’, but you get the idea. So I’m proud to associated by this article by Max and Chicco, even in a very minor way (as a reviewer).

IBM Developer works logo

Here’s the 2 minute overview of Securing a multi-tenant SAAS Appliction, just published on IBM Developerworks.

  1. Software as a Service (SAAS) has a great pitch – let us host your software for you, cheaper and less hassle than managing it yourself.
  2. Most SAAS companies host multiple clients on one server = New security concerns.
  3. LDAP (Similar to Windows Directory) is a standard already in wide use for Authentication (making sure people who they say they are).
  4. Spring Security (aka Acegi) is a well used Authorisation toolkit – i.e. make sure those people only do things they are allowed to do.
  5. The article shows you how to bring SAAS , LDAP and Spring Security together to get secure, scalable , hosted applications using the very best in widely understood technologies.

Of course, I’m not going to spill the beans on how exactly they do it; for that you’re going to have to hotfoot it over to the IBM Developerworks website.

Red Hat Developer Studio – Office for Java People

I’m not going to cross post my O’Reilly Blog entry on Red Hat Developer Studio.

I’ll just give the 2 minute summary. An IDE (integrated Development Environment) is like Microsoft Office for Developers – you could use notepad instead, but an IDE makes the overall writing experience easier. Microsoft Visual Studio is the main non-Java IDE. For Java , you have the choice of Eclipse (and other tools built on it such as JBoss IDE, JBuilder ,Websphere and Weblogic studio), IntelliJ or Sun’s Netbeans. Very much a personal preference as to which is best of the three of these.

For me, I tend to use Eclipse (1) because I can install it on any client site (2) If an IDE preference is stated on a project, it tends to be Eclipse and (3) There are plugins available for almost anything – including non-Java languages such as Ruby.

Or rather , I download a version of Eclipse with all the plugins pre-packaged – which is what Red Hat Developer Studio does.

Full Install Notes on / Getting started with Red Hat Dev Studio are here.
Red hat Splash Screen

Microsoft Silverlight – Web 2 IDE – Event

Fergal Breen asked to blog about the Dublin Silverlight event, but Stephen Downey beat me to it. (Update: Ken McGuire is also writing about the event)
Microsoft silverlight logo

Microsoft Silverlight is a flash competitor; It looks good and is well worth checking out, but I’ve got my reservations if it is truely as portable as Flash (see comments on Tom Raftery’s Silverlight launch post). All the same, Silverlight is going to be big (it’s backed by Microsoft), and the IDE / Editor is setting a good standard.
Not sure? Go to the Event and make your own mind up.

Enterprise Java Developer Wanted

A good friend of mine needs an Enterprise Java Developer, to be based in Dublin Ireland (sorry , no Teleworking). It’s a contract position and the project is high profile and sounds quite interesting. The main reason I’m passing on it as the exact location is the only place where I cannot get to easily from Drogheda! One man’s poison is another man’s meat (or something like that).

With that information (i.e. next to none at all) I’m going to ask you if you’re interested. Yes , I could put all the buzzwords (the usual Spring , Ajax, JSF, EJB , Hibernate), but to be honest I don’t know where the technology road will take this project.

One small catch. We need to weed out all the muppets that are out there. So, you need to have been blogging about Java for the last couple of months. If you’re interested , leave a comment and I’ll pass on your details.

Irish Blogger lynched on O'Reilly site for comparing Google Spreadsheets with Java

There are times when Web2, blogging , feedback from readers and the wisdom of crowds is great. And there are times that it’s extremely painful.

OnJava Logo
Like this Blogpost I wrote over on the O’Reilly site. Do Google Spreadsheets mean the end of Java?

I expected some people to disagree with me , but at least disagree for good reasons. The key point, that Web 2, it’s applications (of which Google spreadsheets is only ) and their API’s will fundamentally change the way we solve business problems using IT has been lost in the knee-jerk reaction.
Copy of the blog post here.

Google Spreadsheets Mean the end of Java

Or to be more accurate ‘Google Spreadsheets mean the end of Java as we know it’.
Google Spreadsheets Logo
Think about this. Who pays your wages Mr Java-Developer-who-has-just-had-a-couple-of-years-at-the-top-of-the-pile? Clients, or if you’re in a larger organisation , the business folks (i.e.’internal’ clients). Do you think any of them care about Java? Do any of them know what Java is? All they want is to get things done, quickly , and with as few mistakes as possible.

These business people would be happy to run their organisations on Spreadsheets. Do you remember the cartoon where Dilbert convinced the pointy haired boss that he could fly the plane using Excel? There’s more than a element of truth to this. I know of at least one US Fortune 100 company that (until recently) conducted most of it’s operations on little more than Microsoft Office and duct-tape. It worked, not very well, but it worked.

Until now , the next line would be ‘Excel (or any other type of Spreadsheet) is not secure / scalable / sharable / not web friendly’. That was until Google launched their Docs and Speadsheets. It’s an online version of Office with some spreadsheet functionality. Play with it a bit and you’ll see that there’s plenty missing. But this being Google , I’m willing to put good money on

  • (a) new features rolled out (think steamroller) and
  • (b) These Spreadsheets being massivly scalable / secure / sharable.

This being Google, there is also an API (developer page here). It’s got massive holes in it (e.g. you can’t yet use it to create a new spreadsheet). But when Microsoft bring out their version of online spreadsheets (and they will) not only will they clone the Google API (to get market share), they’ll need to go one further and introduce new features / remove the usage restrictions in order to compete.

So, secure, scalable, sharble online spreadsheets are here to stay. So lets take a look at Mr. (or Ms.) Pointy haired boss thinking about their new project:

  1. Hmm, I think we need to be able to gather which health plans our employees are enrolled in.
  2. OK, I’ll throw together a spreadsheet to show people what I want
  3. Before I’ll give to our friendly Java developer and let him ‘do’ a website from it.
    Soon I’ll just share this on Google.
  4. Great , Loads of people are now using it, I’ll just the (Ruby / PHP / Insert other language here) guy to add one or two extra features.
  5. Most Excellent. Why don’t we spin this off as a Web 2 company and sell it to EBay??

There you have it, Massively scalable , Highly secure websites (see Google Authentication API), without needing to know anything about EJB, JMX , JBoss, JDBC or any of the hard won knowledge that us Enterprise Java Developers have built up over the last 7-8 years. I’m exaggerating, but not much.

What do you think? Is Enterprise Java dead, or is Web 2 just another boost and a slightly different way of doing things for us Java people?

Other Java Posts from Technology in Plain English

Some other notes:

This article was originally published on the O’Reilly books OnJava Website.

Grabbing people's brains and shoving them into a PC

It didn’t go down too well when an elderly relative asked me over Christmas ‘what exactly do you do?’. After fobbing him off with the usual ‘something in computers’, he was shocked to find out that I spend most of my time ‘Grabbing people’s brains and shoving them into a PC’.

This kind of blog-related-violence is normally associated with Twenty-Major (Warning , Parential Guidance required , unless you’re over 80), so before you call the police , let me explain.

Look at your hands. Unless they’re scarred and calloused (from the weekend’s DIY) the chances are that you work in the knowledge economy. You could work for a Bank , Insurance company, Legal company or be a medical professional but most of your work consists of one thing:  You push pieces of paper around that have some magical value.
Or you would push pieces of paper around if it hadn’t all been computerised in the last 10 years. Now you swap files and emails to get things done.  And you swear on a regular basis when the computer can’t find the information you’re looking for, or someone doesn’t understand the email you sent them. But the important bit, the information processing,  still remains in your brain.
Red Piranha Logo

Which brings us to Red-Piranha (site update in progress) and the shoving of people’s brains into a computer. While we can copy an MP3 music file (with Adam’s and Bono’s imagination in it) and send it around the world, but we can’t photocopy your brain. We don’t want all of it, just the part that gets the magical value-added work done. The bits about drinking beer and playing volleyball on the beach we’ll quite happily leave with you.

So this is what Enterprise Web 2.0 is all about : getting the computer to take a load off your brain so that you’ll have more time to spend on the beach drinking beer. Chapter 3 (draft) of our Enerprise Web book has just been put online, which shows you exactly how to do this.

Struts 2 is the new Mini

No matter what car you drive , the chances are it was influenced by the Mini. Introduced in the UK in the 1960’s a whole generation of families was crammed into a car that popularized the notion of front wheel drive. While small , it was practical and drove so well it even starred in films such as The Italian Job. Recently, a more modern version was released with none of the parts but all of the spirit of the Original.

Mini

We’ll come back to the Mini, but if you build websites using Java, then at some point you have used Struts. The original Struts is proof that a framework / project / product doesn’t have to be the best to be the most widely accepted. It just has to be in the right place at the right time, and ‘do what is says on the tin’ – in this case a fairly useful implementation of the ‘Model-View-Controller’ design pattern.

So what’s the link? Seeing the original Mini from the outside may bring a smile to your face, but on the inside it’s cramped and unfortable. You may have happy memories of websites you built using the original Struts, but lately your thoughts have been straying to more modern frameworks, perhaps with Ajax and integration with Spring built in.

This is where Struts 2 comes in. Like the Mini, it has (almost) none of the parts , but all of the Spirit of the original. It’s based on Webwork which sounds scary, but most Struts Drivers will be able to climb in , find the Struts.xml file and get the engine running within minutes. Struts 2 is easier to drive (JavaBeans instead of Action Forms), more powerful (it can use Ajax and JSF) and comes with more optional extras (e.g. it’s integration with other frameworks like Webwork and Spring).

Best of all the Struts team have a clear migration path between the old and new Struts. You can use both side by side in your garage application, and change over the parts piece by piece. Spare parts for the original Struts will still be available for quite some time, both from the original team and the large dealer developer network that has built up around the framework.

What do you think? When Are you going to give Struts 2 a try?

Everything you wanted to know about Business rules

If you’ve reading this blog for a while , you’ll know that I’m into Business Rules. You know, the logic (formal and informal) that are unique to each company / organisation and govern how an insurance claim gets settled , the price you pay for an airline seat, or how your order from Amazon get’s shipped. Rule Engines are a way of getting this knowledge out of people’s heads and into a computer.

Artimis Alliance

Rules are a very simple idea (you just state what you know to be true), but rule engines are not. Ironically, the problem most people have is ‘this is to simple to work’. If you want to get find out more more, the ‘Down to Earth Business Rules blog’ from Artemis Alliance is a good place to start.
They also have a Squidoo Lens (a set of links to other resources) that is worth looking at.