Security in your Software-as-a-Service (SAAS) Application

‘Credit Crunch’ might be the favourite buzzword of the moment, but ‘Security’ and ‘Software as a Service’ are not very far behind. Ok, they’re a long way behind ‘will I lose my house’ or ‘will I have a job tomorrow’, but you get the idea. So I’m proud to associated by this article by Max and Chicco, even in a very minor way (as a reviewer).

IBM Developer works logo

Here’s the 2 minute overview of Securing a multi-tenant SAAS Appliction, just published on IBM Developerworks.

  1. Software as a Service (SAAS) has a great pitch – let us host your software for you, cheaper and less hassle than managing it yourself.
  2. Most SAAS companies host multiple clients on one server = New security concerns.
  3. LDAP (Similar to Windows Directory) is a standard already in wide use for Authentication (making sure people who they say they are).
  4. Spring Security (aka Acegi) is a well used Authorisation toolkit – i.e. make sure those people only do things they are allowed to do.
  5. The article shows you how to bring SAAS , LDAP and Spring Security together to get secure, scalable , hosted applications using the very best in widely understood technologies.

Of course, I’m not going to spill the beans on how exactly they do it; for that you’re going to have to hotfoot it over to the IBM Developerworks website.

Advertisements

Collective Intelligence in Action

Don’t you hate it when you spend months (or years) working on a pet project / book / mad take over the world idea, then somebody comes out with something even better?

Yep, it’s just happened to me. Years working on the idea of the ‘Wisdom of Crowds’ (even prior to web 2.0 in the shape of Red-Piranha). Month’s working on a Masters Dissertation on applying Web 2 techniques to the Finance industry (pdf link). And somebody comes out and does it even better.

Not just better. But much much better.  The sort of better as in ‘If I had this earlier, I’d have just copied it and changed the words around a bit’. The book is available from Manning as ‘Collective Intelligence in Action‘. A free, first chapter (Understanding Collective Intelligence) is available here (pdf).

Collective Intelligence in Action

So what’s it about? We’ve all heard about the Wisdom of Crowds idea. But what if you need to actually implement it on your website? This book shows you how to (using both concepts and practical code, as well as the theory behind all of it that I was missing). It includes

  • Intelligent, learning search, using Lucene.
  • Extracting data from blogs using web-crawling.
  • Executing Real time feedback on facebook-like sites.
  • Scalable data-mining techniques to manage the torrent of information
  • Making personalised recommendations based on all of the information.

Disclaimer:Manning provided me with a free review copy of the book – but no strings attached. And , maybe if I’m nice enough to the Author (Satnam), I can persuade him to talk about making millions using JBoss Drools and Complex Event processing in the book.

How to combine Workflow and Business Rules – in 5 easy steps

Tom has a good post on the jBPM (JBoss workflow) community day held at the Guinness brewery in Dublin. Warning – slides may contain pictures of people drinking beer.

Drools jPBM Business rules presentation

How to combine (jBPM) Workflow and (Drools) Business Rules – here’s the summary. Slideset is available on this blogpost.

  • Workflow (e.g. JBoss jBPM) is great – it allows you to take spaghetti code and draw it as a workflow diagram (flowchart) so that it can be reviewed by the business (the nice people who pay our wages). You then attach standard (Java) actions to these steps.
  • Only problem is when you come to a decision node (the one circled in red below): How do you decide to go left or right (in the workflow)? Normally this is coded in Java – good for us, but hidden from those nice business people (which means that this is more room for errors-in-translation).
  • Business Rules allow you to keep those decision making rules in Plain English: When something is true , then do this. That’s it. The rule engine does most of the hard work.
  • Integrating Workflow and Rules is easy. Use JBoss Seam (link) or do it by hand (link). And it works on non-JBoss web / app servers such as Websphere, Oracle Application Server, Tomcat and Weblogic.
  • Repeat x6 : Use workflow and rules. Use workflow and rules …

Simple Workflow

In a maybe related development, Tom Baeyens is now using strangely Rules-y like examples over on his workflow blog ….

JBoss workflow invading Dublin (Free Community Conference)

I’m not going to explain what workflow is as I’ve probably blogged enough about it already. But the JBoss Workflow (jBPM) guys are coming to Dublin on June 6th. If you’re into workflow (and if you’re doing any sort of software for large business you should be) then this is a do not miss event and we’re privileged to have it in Ireland.

The JBoss workflow guys are dream guests. They just asked for a couple of venue suggestions and they finally went for the Guinness Hopstore where Barcamp ran last year. Next thing we got was an email saying that the JBoss Workflow event was go. So for the benefit of people flying into Dublin, here’s the information we gave on where to stay and things to do if you’re making a weekend of it.

(More information on the event on Tom Baeyens Blog)

Workflow

How to get there

Dublin is pretty well served by direct flights from Europe and the US. Aer Lingus and Ryanair are the two biggest airlines flying into Dublin – but there are plenty more (list at FlightMapping.com).

Things to do

  • Tour of Guinness brewery and visit the Gravity bar (one of the highest in Dublin)
  • Dublin Pub Tour and general social scene (it’s a coincidence that the first 2 items are drink related!)
  • Tour of Scenic Wicklow Mountains and Glendalough
  • Liffey River tour by boat
  • Dublin Bus tour – including it’s Georgian buildings and coastline
  • Newgrange – 2000 years older than the pyramids, in the stunning Boyne valley
  • Windsurfing , Kayaking or Rock climbing in Viking Carlingford Fjord.
  • Trinity College Dublin, 400 years old university , right in the city centre including the 1000 year old ‘Book of Kells’
  • For the more curious , Belfast is 2hrs away by express train in Northern Ireland.
  • Get lost in Phoneix Park, the worlds largest city centre park.

Places to Stay

I don’t tend to say in Dublin hotels too much (!) but the following I know are reasonably good value (and quiet / clean)

  • 3 of the Jury’s Inn (Christchurch is just down the road from the event location, but the IFSC and Parnell Street are also good)
  • Academy hotel is ok, if slightly more expensive , if you’re stuck.
  • If you want an airport location (about 20 mins / 20 Euro Taxi from the city centre) the Premier Inn chain are pretty good.
  • Hotel Isaacs is budget but decent , central and near the main bus / train stations.
  • Morgan hotel is where the presenters were put up for the Dublin Java conference. Central but Slightly more pricey.

For people from the community, there’s also plenty of ‘budget’ backpacker type accommodation.

Web2 with Java:Struts2, Spring MVC, Flex, JavaFX and Google Web Toolkit

Originally posted on the O’Reilly Books OnJava blog. 

My fellow Java Developers. Two years ago I wrote an article on ‘Web 2.0 and Enterprise Java – move over Struts‘ looking at what was likely to replace Struts 1 (then and now a de facto web standard). How did our predictions fare?

Remember that article (and this one) isn’t looking for technical best, but which is going to be a best investment of your time to learn (in a mercenary commercial sense). And if you’re deciding which to use in a project , which framework is going to be easiest to support in 5 or 10 years time?

Broadly speaking, the frameworks we talk about break into two types: those that treat the web as a set of pages, and those that treat the web as a set of components (think Visual Basic, Delphi or Oracle Forms act-a-likes).

So , what has changed in the last 2 years:

  1. The rise of Spring. Not only has it gone mainstream, but the Spring MVC, Spring Webflow and Spring-JavaServerFaces are very powerful and widely used web frameworks. A sign of how things have changed is that for Sruts 1 the Spring guys wrote the integration for the (then) bigger Struts framework. For Struts 2 , the integration was provided by the Struts community. With the forthcoming Spring 3 release the framework is increasing momentum; More annotations and less XML in Spring MVC; Rest Web Services out of the box, support for Dynamic languages like Groovy and Spring Webflow becoming a more ‘just use it where you need it’ solution.
  2. Adobe Flex and OpenLaszlo – Flash graphical interfaces on the Web, built using Java. I don’t think these will be *the* mainstream choice but I do think the will be more than a just a niche. And for design led companies, nothing else (not even Microsoft Silverlight) can come close in terms of a user ‘wow’ factor.
  3. JavaFX and Applets done right (Jim Weaver has a good article on this). More of a competitor to Adobe Flash as both are rich content in the browser using an easily obtainable plugin. JavaFX will appeal to developers because of it’s Java like syntax. I hope I’m wrong, but for rich web content, would you put your money on Sun (an Engineering led company) or Adobe (an almost apple-like design led one)?
  4. Frustration with JSF (Java Server Faces). For the last 3 years I’ve thought that ‘*this* is the year of JSF. I’m still waiting not because of lack of demand (as web apps become more complicated and use more Ajax they become more like the JSF component based model). It’s now uphill for JSF as I (and a lot of other Developers) have given up. I’m still waiting for the ‘EJB 3′ moment when JSF becomes more simple and more usable. Remember , we ‘re not talking about technically best, but which is going to be in widespread use.
  5. Google Web Toolkit (GWT). Looking at it one way , GWT is JSF done right – a component based web framework , but one that is fast and has a lot of community support. Even then it took me a long while to warm to GWT – I’ve bad memories of web-components that hide their internals (remember Microsoft Interdev 10 years ago?) . What got me over the hump was thinking of GWT as a compiler not to Assembly or bytecode , but to Javascript and HTML.

How has Struts 2 got on in the meantime? I’m not sure. Remember , Struts 2 is very different from Struts 1. Conceptually it’s very similar to Spring MVC (Simple Java Beans based with configuration); Slightly easier to learn and maybe slightly less powerful than Spring (although both are more than capable for most Enterprise web applications.

The ‘I’m not sure’ bit comes from two (non technical) factors:

  1. Struts 2 hasn’t achieved the massive Enterprise developer mind share that Struts 1 did. It’s a better framework, but it’s got more competition.
  2. If you’re using Spring in the middle tier, why not have one less framework and use Spring MVC (instead of Struts 2) in the presentation layer as well?

Back to the previous predictions , how did we get on?

Scenario 1: Adding Ajax to existing Struts Applications. Use AjaxAnywhere – closest to the approach taken in the article Sprinkle Some Ajax Magic into your Struts Web Application. Despite writing this article , I see the frameworks evolving rapidly to the point where you would only take such an approach for adding Ajax to ‘Legacy’ applications.

How did we do? I’d maybe widen the choice of Ajax Libraries (to include DWR , Dojo, Prototype and others) but the basic idea of evolving rather than replacing your Struts 1 app still holds true.

Scenario 2: Need Ajax Now for a new Java Application. Use Appfuse as it gives Struts, Ajax (with DWR) and the possiblity of JSF integration now, all ‘out of the box’.

How did we do? I still recommend AppFuse, as it combines (name-your-web-framework) with Spring Hibernate(and other ORM) and Maven. However I’d now tend towards choosing Spring MVC (unless you’ve a reason to use Spring 2), given that you’re probably already using Spring in the mid tier.

Scenario 3: Medium Term. Use an implementation of JSF (either MyFaces or whatever Appfuse promotes – probably Struts Shale). Struts Shale (JSF) has so far released only ‘overnight’ builds. Apache MyFaces (JSF) tool support and Ajax capabilities are likely to improve over time. Both Struts-Shale and MyFaces are likely to play well with AppFuse , making it a safe bet for investing your time checking it out.

How did we do? Struts2 and Spring both still give you migration route to JSF. But do you want it?

So out of the creative ajax-induced chaos of 2 years ago, I see 4 or 5 clear choices in Enterprise web frameworks: Struts 2 (as a follow on from Struts 1). Spring MVC, due to the huge mindshare Spring has on the mid-tier. Google Web Toolkit , both as a natural home of frustrated JSF developers , and because who’s going to argue with the people who gave us maps and mail? Flex, because Flash apps done well just look so good. And JavaFX, because Applets-haven’t-gone-away-you-know.

In my view, we would have been delighted to have any of these framworks 5 years ago. And each (for different reasons) is likely still to be popular in 5 years time. Your missions now is to pick the one that suits your project needs.

Spring Belfast and Spring Dublin – two of the biggest Java events of the year

No apologies for over simplifying this :

  1. If you’re in business you need computer systems to support your team. Systems to find previous dealings with a customer, systems to allow your team to work together, systems to stop people finding out things that they shouldn’t.
  2. Once your business passes the 100 employee mark and is heading for ‘Enterprise’ scale, chances are you need custom software written just for you, in addition to he ‘shrink wrap’ stuff you’ve been able to get away with until now.
  3. Most custom Enterprise software is written in (or uses a large element of) Enterprise Java.
  4. Enterprise Java is hard to get started with – it’s a big and complex framework because it solves big and complex problems. The Spring framework makes it easy.

spring logo

OK, so we’re Spring nuts. But nuts only because it’s solved problems for FirstPartners over the last 4 years. What we like:

  • Spring allows you to use just enough Enterprise Java to solve your problem
  • Spring complements Enterprise Java, not replaces it.
  • Spring gives you a gentle slope to using Enterprise technologies.
  • Spring works well with Java, Oracle, .Net , (J)Ruby and pretty much any mainstream technology – including most of the widespread Java Frameworks like Struts and Hibernate.

So you wait ages for one Spring Event in Ireland, then two come along at once. We’ve written about Rod Johnson speaking in Dublin on Tue March 11th. Now there is a full day Spring Event in Belfast the day before (March 10th). And it’s sponsored by Momentum NI, so it’s free. And the Hilton Hotel is right beside Belfast Central train station, so it’s easy to get to from Dublin.

The full agenda is here (more details below), but given the importance of Spring to the Enterprise world, and the fact that the top four Spring guys are speaking, we reckon that it the Enterprise event of the year. The booking form is here.

Spring Ireland 2008

10th March 08:30 10th March 17:30
Hilton Belfast, 4 Lanyon Place, Belfast (Beside Central Train station)
SpringSource is proud to announce Spring Ireland 2008. Join us for a free one-day conference with presentations from the SpringSource team including a keynote from Rod Johnson.

Keynote: Spring into the Future – Rod Johnson

The Spring Framework began in 2002 with Rod’s best-selling Expert One-on-One J2EE Design and Development; one of the most influential books ever published on J2EE, Rod is recognised as one of the world’s leading authorities on Java and J2EE development.With the rapid expansion of SpringSource and move to new corporate HQ in Silicon Valley, this is a rare UK opportunity to hear Rod provide his views and explore the future of J2EE application development.

What’s New in Spring 2.5 – Sam Brannen

Sam is a lead architect at SpringSource and one of the most experienced developers within the organisation.This session provides delegates with an overview of the new features available in Spring 2.5. Specifically, highlighting the simplified and extensible configuration support provided via configuration annotations and new XML configuration namespaces, new Java 6 support, updates to Spring AOP, improved JDBC and JPA support, annotation-driven web MVC controllers, the new annotation-based TestContext framework for unit and integration tests and more!

SpringSource Professional Services – Greg Southey

Greg has built SpringSource’s UK Professional Services organisation into the leading Spring consultancy business in the world.

This is a brief resume of some of the 97 major projects completed by the UK Professional Services team in 2007. Delegates will hear about the business drivers behind some major development projects, the business issues faced and how they were resolved in partnership with the client.

Spring as a Full Stack Web Framework – David Syer

As Principal Consultant at SpringSource, Dave leads the way in the understanding of satisfying business requirements using the Spring Portfolio. His easy manner cloaks a prodigious knowledge of application development.

This session explores the “full stack” web framework trend and answers the question: how does Spring stack up? This session defines what a full-stack web framework is, then provides a fair technical comparison between a Spring-centric web development stack and the alternatives. Delegates will head about the feature-set of modern “full stack” web frameworks, and what Spring has that differentiates itself from the pack.

Spring in Ireland – Ian Graham

Ian Graham, Momentum, will explore the use of Spring in Ireland and introduce case studies from companies who are using the Spring family of products.

Round Table Discussion – Rod Johnson, Rob Harrop, Dave Syer, Sam Brannen & Greg Southey

Your chance to ask Rod and his team anything that’s on your mind regarding Spring!

Mr Spring, Rod Johnson, Speaking in Dublin March 11th

I’ve been lucky enough to have been using Spring for just over 4 years. If you don’t know what Spring is, it solves a lot of problems in complex Enterprise Java Systems. And it makes those systems more configurable; Spring makes your code like Lego blocks. Blocks that you can take apart and use again and again (no matter what the underlying technology is). And because you can take it apart, it makes your code easier to test. And testing is a good thing – the earlier you find bugs , the cheaper they are to fix.

spring.PNG

Get the feeling that I’m a bit of a Spring fanatic? Wasn’t always that way. It took me two projects where other people had choosen Spring to convince me. And did I mention that it’s one of the most in demand skills in the Java world?

Rod Johnson (aka ‘Mr Spring’) is speaking in Dublin at the Westin hotel Dublin on the 11st March. It’s fairly central, and it’s a breakfast briefing, so you don’t even to have to arrange the day off work. More details on the event are on the Kainos Website.

Update: The registration form to sign up for the event is here.