Welcome Welcome to our blog about all kind of topics that are related to software development. We blog about:
SOA, BPM, EDA, ECM and all the other buzz words. Beware some post might not be so common as you think. We are not scared to go against main stream thoughts.
Technologies like java, maven, springframework, OSGi and front end technologies and frameworks like jQuery, DWR, Flex.
Finally to make this happen we need tools and of course a Mac (well some of us do). So we blog about that as well.
Linked in We now have a linked in group, join the group if you are a regular reader and want to see who else reads this blog.
 |
By Allard, on May 26th, 2008
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
In part 1 , I’ve dealt with Username Token authentication.
In this article, I will describe Transport Level Security (TLS), formerly known as Secure Socket Layer and message encryption.
Continue reading Feeling secure with Web Services – Part 2
By Allard, on May 20th, 2008
Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your services, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
This article will go more in-depth in the Username Token authentication.
Continue reading Feeling secure with Web Services – Part 1 – The UsernameToken
By Allard, on May 17th, 2008
Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In this article, I’ll explain the different methods of securing your Web Services, how each of the methods work and what you actually secure by applying each method.
Continue reading Feeling secure with Web Services – Introduction
By Ben, on May 13th, 2008
The Spring classpath:-notation
As most of you probably know, the Spring Framework can load all sorts of resources into its application context from all sorts of sources. Especially it can do this from the classpath and the people over at SpringSource have even introduced their own URI “protocol” to make this easy: you can identify resources using the classpath-URIs, like so:
classpath:<relative path to resource here>
Most of you are probably familiar with this notation, because it is often used when loading the application context files themselves using the ContextLoaderListener.
What many people don’t realize, is that the classpath:-notation is far more versatile than just for use as a standard URI, because you can use wildcards. In fact I only recently learned this myself from a colleague (at least in part) — which is kind of dumb, because it’s mentioned quite clearly in the documentation.
Continue reading Spring application context loading tricks
By Ben, on May 12th, 2008
Picture yourself at a social gettogether of some general nature (i.e. not after work drinks with colleagues). For instance a friend’s birthday party. Now picture yourself in a conversation with some people you don’t know (other friends of your friend, say). And you’ve just introduced yourself as a software engineer (or a developer, or a programmer). Here’s the conversation as it proceeds from that point onwards:
Ted: So, what’s your line of work?
You: I’m a software engineer.
Fred: That means you work with computers, right?
You: That’s right.
Ted: So what do you do, exactly?
You: I built the (web) application that does <really important, well known functionality> for <really big, immensely well-known company>.
Ted: Oh. So, Fred…..
Continue reading Why it’s difficult to be a software engineer at parties….
By jettro, on May 12th, 2008
 Some months ago I wrote an article with my favorite mac osx tools. I am using my mac more and more, with my current employer I can use it for almost everything I want. I do not have ms office, so sometimes I need to use my other laptop. I also use my other laptop to run databases etc. Just because 2 Gb ram is not always enough.
Telling you about what I do with my other laptop is not the reason to write this post. I want to share a very cool application that can help you to become a lot more effective during all your tasks. It is an application to help you find and then remember all you shortcuts. It integrates with all the applications I use to show possible shortcuts. It is not a free program, but the value you get for only 20 euro’s (excluding vat) is very good. Try it yourself, you’ll be supprised.
Here is the website where you can download a trial
http://www.ergonis.com/products/keycue/
Continue reading Mac osx killer apps (part 2)
By jettro, on May 11th, 2008
 This blog item show a way of doing security, after some additional experience I consider this method as being non optimal. The server side does not change a lot (spring security configuration), but the client does. I explain my current solution is this blog post:Integration spring security and flex 3 the sequel/
This article is actually about two things. It explains the basic steps to use the new spring security version 2 library in a java (web) application. I am going to show the basic configuration as well as web resource authorization and bean methods authorization. The other part is the integration of flex with spring security. I am going to show how to use authentication from within flex 3 using the spring security back end. After that I’ll show a service used from within flex through blazeds to ask for the roles a logged in user has. Using these roles I am going to hide buttons to actions non admin users must not use. Like the create new book. In short this article shows the complete picture of an application using flex 3, blazeds, spring security to authenticate users and authorize actions.
Read on if you want to learn about the integration of these frameworks.
Continue reading Integrating flex 3 with spring security (formerly known as Acegi)
By jettro, on May 1st, 2008
A month a so a go I wrote this item about java 6 on the mac. It was a beta release an I had some issues with it, but it was workable. Now the real deal is ready to be installed. You can download it form the following url. http://www.apple.com/downloads/macosx/apple/application_updates/javaformacosx105update1.html
Running the [...]
|
|
