Chariot Tech Cast: Seam Interview Part 2
March 17, 2009
I didn't expect Ken Rimple for Chariot Solutions to be so quick in getting up part 2 of my Seam interview, which I introduced in a previous entry, so you get two posts in one day. If you had iTunes or your RSS feed reader working, you'd already be in the know.
In the second part of this two-part interview, we focus on the future of Java EE 6, including JSR-299, formerly known as Web Beans, and how Seam will change as the Java EE specification evolves. We also discuss varying front-end technologies such as Flex and AJAX, and a bit about workflow.
Resources we mentioned in the talk include:
- Granite DS - A Flex remoting framework that includes support for Seam as well as other platforms such as Guice, Spring and POJOs
- Flamingo - Another Flex (and JavaFX) remoting framework that exposes Seam and Spring services using a variety of protocols including AMF and Hessian.
- JSR-299. I emphasize that it is well worth your while to read it and something I think every Java EE developer needs to be aware of at some point in the near future.
- Web Beans - The namesake of the reference implementation (RI), which is being developed by Red Hat and its community as an open source project.
Thanks again to Ken for the hard work that I know went into publishing this interview.
Maturing Your Application's Security with Seam Security
March 17, 2009
I'll be speaking at two conferences back-to-back in March, which is about as much madness as I can handle. First I'll be traveling to Vegas to speak at TheServerSide Symposium at Caesar's Palace on my birthday (March 20th). It's interesting to note that just over 6 months ago I was near Caesar's real palace, or what's left of it. Then I'll be coming back home and speaking at Emerging Technologies for the Enterprise in nearby Philadelphia the following Friday. In both cities, I'll be speaking about Seam Security.
Always wanting to put on a good show (I mean, it is Vegas after all) I put together a fresh application that leverages Seam's new identity and permissions management API. It's a design comp manager that allows a designer to share designs with clients. The application showcases how Seam Security blends ACLs and rules in a truly unique and revolutionary way to provide a powerful and expressive security model.
While creating an application like that may sound difficult to achieve, my talk demonstrates that it's shockingly simple setup and start using. Like poker, though, it does take time to perfect. Authoring complex rules are not always easy. I spent nearly two days getting a feel for the API. But then again, I've got a killer app to show for my labor.
The full abstract of the talk is below.
Security is the cornerstone of your application's integrity and, consequently, you need to weave it throughout each layer, often in diverse ways. Seam Security allows you to evolve the security model of your application over time, keeping pace with the development cycle. You can start with a very simple configuration that applies an exclusive security blanket over the application to keep out guests and establish a basic identity for the user. You can then mature the security infrastructure gradually by adopting Seam's declarative approach to authentication or defining fine-grained authorization rules that enforce contextual restrictions at the level of database records, database fields, object fields and UI fragments.
Seam's security module, a central aspect of the Seam framework, offers a significantly simpler alternative to JAAS - the monolithic and cumbersome security model in Java EE. The talk begins with some definitions to sort out what we mean when we say "security". The talk then switches to a tutorial style, showing you first how to get your foot in the door by setting up a JSF form-based authentication routine in Seam using either a custom authentication method or a declarative approach where the authentication is handled by the framework. You are then presented with the numerous authorization styles that Seam supports ranging from binary, role-based, rule-based (Drools), and ACLs. Examples are presented to help you differentiate the four styles of authorization and when it is appropriate to use each one. In the process, you learn to appreciate that Seam's authorization is able to take the context (the target) of the restriction into account, a feature than many security frameworks overlook. Finally, the talk zooms out to show how to bring authentication under one roof using Seam's Open ID module.
See you at the tables...er, I mean conferences!
Chariot Tech Cast: Seam Interview Part 1
March 17, 2009
Ken Rimple from Chariot Solutions connected with me over Skype to discuss Seam (which in truth turned out to be a series of long monologues by me about Seam and web application development).
In this first part of a two-part interview, I introduce the Seam framework and how it represents departure from both J2EE of old and Spring. We discuss ways in which it marries JSF to POJOs and EJB components, provides a stateful view of the world and makes programming easier for APIs such as Java Persistence. The most intriguing point you'll learn from this first part is how Seam appealed to me as an application developer working out in the field, a testament to the fact that Seam is first and foremost a practical solution.
There are three ways you can track down the podcast:
- Search iTunes for Chariot TechCast (Look ma, I'm on iTunes!)
- Subscribe to the RSS feed
- Cheat and get the MP3 using a direct download
This Tech Cast promotes the upcoming Emerging Technologies for the Enterprise conference in Philadelphia, PA hosted by Chariot Solution, at which I will be speaking about Seam Security.
This entry is the 100th post I have made on this blog. Add that to the list of major milestones I've hit while being 30.
Fighting with Frameworks at Emerging Tech
March 17, 2009
I'm speaking again this year at the Emerging Technologies for the Enterprise conference in Philadelphia, PA hosted by Chariot Solutions. It's one of few enterprise development conferences held on the East Coast that attracts high caliber speakers (and lots of framework passion) with such a remarkably low price tag (which is music to our savings accounts these days). Last year I gave an introductory to Seam talk. This year, I'll be presenting on Seam Security, highlighting its ease of use and showcasing the new identity and permission management API that was added in Seam 2.
I got involved with the conference last year through Manning, who, as event sponsor, was rounding up a bunch of its authors to speak so that they could take part the Web Framework Shootout panel. If you missed it, the audio from that panel discussion is available online, divided into two Chariot TechCast episodes (part 1, part 2). It's worth checking out because there certainly was a lot of shooting...off at the mouth, that is.
You can listen to the whole discussion to get the context. But I've distilled my responses for you into three short segments. I realize this post is long overdue, but since it retains more than just historical value, I've decided to move forward with publishing it.
- Segment #1: (01:10) I define what exactly Seam is in response to Marjan's poignant question about it
- Segment #2: (02:35) I introduce myself and give a broad overview of what Seam provides
- Segment #3: (01:30) I identify the business value in adopting Seam and contrast that with how little Struts 1 provides
As you'll hear, I abstained from making incendiary comments and instead tried to emphasize the value Seam provides and how it really allows you to forget about much of this debate. First, because it makes the Java EE platform attractive and accessible and second, because it can plug into a wide variety of other UI frameworks, whether it be GWT, Wicket, Flex, or JSF and non-web frameworks, like JMS, Quartz, and jBPM.
Keep in mind that these excerpts are nearly a year old at the time of this post. However, it's interesting to hear what I had to say about Seam at the halfway point of writing Seam in Action. Seam's message hasn't changed all that much since then, even though the number and quality of the integrations has improved substantially. I wouldn't be surprised if I look back in a year and have the very same thing to say. Seam is all about trimming the fat (i.e., framework code) resident in the application so that what is left is core business logic. Some of the business logic may even get wrapped up in Seam's declarative programming model.