Welcome

Welcome to our blog about all kind of topics that are related to software development. We blog about:

SOA, BPM, EDA, ECM and all the other buzz words. Beware some post might not be so common as you think. We are not scared to go against main stream thoughts.

Technologies like java, maven, springframework, OSGi and front end technologies and frameworks like jQuery, DWR, Flex.

Finally to make this happen we need tools and of course a Mac (well some of us do). So we blog about that as well.

Technorati

Add to Technorati Favorites

Linked in

We now have a linked in group, join the group if you are a regular reader and want to see who else reads this blog.

Integrate flex security in Mate using the spring BlazeDS integration project

By jettro, on May 24th, 2009

More than a year a go I started writing about flex. My first post was about the integration of BlazeDS with the springframework at the back-end using intellij. I moved on with a Datagrid component that had filtering included in my second post. Than I did two posts about integrating spring security. The first article was a nice start to understand the concepts. The second post improved the code a lot with more understanding of the flex principles.

With the next posts I moved on to use maven, which in the beginning was not easy, but thanks to the excellent flex-mojos plugin from velo. In the beginning of this year I started blogging about the springsource coming into the flex domain for real. Two projects, one for the spring style of programming in the ActionScript language. The other one for integrating BlazeDS and the spring framework. I wrote multiple posts about the new spring project. This post will probably not be the last. But if you are using Mate as well as the spring BlazeDS Integration project. This is a must read post. Maybe only to laugh at what I have done, but I hope to be amazed how simple a full flexed application can be when you combine all these technologies.

Kind of a long introduction, but what is this post really about? I have been using a sample application called books-overview that I have been using for flex based applications. I have been adding stuff to it once in while, but now I have completely refactored it. I am using a framework called Mate, have made it modular using the flex-mojos plugin and I have adopted the Spring BlazeDS integration project. Time to explain the way I handle security now, how I am using maven and show the extension to Mate for security.

Read on to find out how I did it and like always leave a comment if you like it or if you have improvements.

Continue reading Integrate flex security in Mate using the spring BlazeDS integration project

May 24th, 2009 | Tags: , , , , , | Category: Frontend Technology, Java, Technology | 39 comments

Integration spring security (Acegi) and flex 3 the sequel

By jettro, on July 14th, 2008

flexlogo.png

In my previous blog post : integrating flex 3 with spring security I made a good effort to create a nice flex 3 application and integrate authentication and authorization with spring security. A few days a go I received a trackback from sven. Curious as I am I started reading the material he provided and especially the other links he mentioned. That made me think about my own solution. To be honest I think I did not really do a good job. It works, but still not optimal for most of the flex situations.

In my previous post I already mentioned the problem of sessions that are closed and exception handling with respect to security. In this article I am looking at the available mechanisms for security in flex. In this post I explain why I am not really using the flex or better BlazeDS security mechanisms and what you probably should use them for.

If this made you curious enough, read on. If you have questions, remarks or improvements, do not hesitate to use the comments feature of this blog item.

Continue reading Integration spring security (Acegi) and flex 3 the sequel

July 14th, 2008 | Tags: , , , | Category: Frontend Technology, Java, Technology | 21 comments

Feeling secure with Web Services – Part 3 – Digital Signature

By Allard, on June 1st, 2008

There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?

In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.

In part 1 , I’ve dealt with Username Token authentication, an easy to use way to provide an authentication mechanism for your web service.

In part 2 , I have described Transport Layer Security (TLS) -formerly known as Secure Socket Layer- and message encryption.

In this part, the last one in this series, I will explain how the the digital signature can provide some form of security in web services.

Continue reading Feeling secure with Web Services – Part 3 – Digital Signature

June 1st, 2008 | Tags: , , , , | Category: Technology | Leave a comment

Feeling secure with Web Services – Part 2

By Allard, on May 26th, 2008

There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?

In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.

In part 1 , I’ve dealt with Username Token authentication.

In this article, I will describe Transport Level Security (TLS), formerly known as Secure Socket Layer and message encryption.

Continue reading Feeling secure with Web Services – Part 2

May 26th, 2008 | Tags: , , , , | Category: Technology | Leave a comment

Feeling secure with Web Services – Part 1 – The UsernameToken

By Allard, on May 20th, 2008

Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.

There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your services, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?

In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.

This article will go more in-depth in the Username Token authentication.

Continue reading Feeling secure with Web Services – Part 1 – The UsernameToken

May 20th, 2008 | Tags: , , , , | Category: Technology | 4 comments

Feeling secure with Web Services – Introduction

By Allard, on May 17th, 2008

Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.

There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?

In this article, I’ll explain the different methods of securing your Web Services, how each of the methods work and what you actually secure by applying each method.

Continue reading Feeling secure with Web Services – Introduction

May 17th, 2008 | Tags: , , , , | Category: Technology | 4 comments

Integrating flex 3 with spring security (formerly known as Acegi)

By jettro, on May 11th, 2008

flexlogo.pngThis blog item show a way of doing security, after some additional experience I consider this method as being non optimal. The server side does not change a lot (spring security configuration), but the client does. I explain my current solution is this blog post:Integration spring security and flex 3 the sequel/

This article is actually about two things. It explains the basic steps to use the new spring security version 2 library in a java (web) application. I am going to show the basic configuration as well as web resource authorization and bean methods authorization. The other part is the integration of flex with spring security. I am going to show how to use authentication from within flex 3 using the spring security back end. After that I’ll show a service used from within flex through blazeds to ask for the roles a logged in user has. Using these roles I am going to hide buttons to actions non admin users must not use. Like the create new book.springlogo.pngIn short this article shows the complete picture of an application using flex 3, blazeds, spring security to authenticate users and authorize actions.

Read on if you want to learn about the integration of these frameworks.

Continue reading Integrating flex 3 with spring security (formerly known as Acegi)

May 11th, 2008 | Tags: , , , , , , | Category: Frontend Technology, Java, Technology | 22 comments