Tuesday, September 21, 2010

JavaOne 2010 Presentation: Application Security Enhancements in Java EE 6

I spoke at JavaOne 2010 conference yesterday on the topic of Application Security Enhancements in Java EE 6.

Java EE 6, released earlier this year, includes several significant enhancements especially in the areas of annotation based authentication and authorization in the web tier. So, if you are developing lightweight web applications where you don't want to use EJB components for the application security requirements, you now have a choice of implementing the authentication (declaratively or programmatically) and authorization aspects in the Controller classes (Servlets).

Session abstract:
Java EE 6 includes some interesting security enhancements in the areas of Web container security as well as authentication and authorization aspects in Web application development. This session will give an overview of these new security features and discuss the details of how to use them, with help of a sample Java application, in real-world enterprise Java applications. The discussion will include how developers can take advantage of programmatic and declarative (@ServletSecurity, @DeclareRoles) security features. It will also include a discussion on Java EE security technologies such as Java Authentication Service Provider Interface for Containers (JSR 196) and Java Authorization Contract for Containers (JSR 115).

I did couple of demo's on how to use the new security features. This is my first time attending JavaOne conference as a speaker and it's been a great experience so far.

I also wrote on InfoQ website about the new security features provided by Java EE 6 release.

If you have been using other security frameworks like Spring Security, Java EE 6 is definitely you should look at. While there are some differences in what Spring Security 3 framework offers in terms of role based access, EL based authorization etc, the new web-tier security features in Java EE 6 make it easier to implement the security aspects without coupling the security logic with application or business logic.

Sunday, April 18, 2010

SATURN 2010 Conference

I will be speaking at the upcoming SATURN 2010 conference next month. My presentation title is "Agile Architect - Integrating Enterprise Architecture into Agile and Lean Software Development". I will discuss an agile architecture framework on how to integrate the architecture concerns into the Agile Software Development environments.

The discussion includes various organizational, team structure, and process changes we implemented to make Enterprise Architecture (EA) efforts an integral part of the software development and management processes. Some of these changes include "Architecture and Security Assessment" and "SOA Assessment" in those projects that have the architecture significance and potential for creating reusable Components and Services.

The other techniques we implemented to make architecture and design aspects blend with the Development, Unit Testing and Continuous Integration (CI) steps in the Agile Software Development Lifecycle (SDLC) are Domain-Driven Design (DDD), Model Driven Software Development (MDSD), and Automated Policy Enforcement. I will talk about these techniques in detail in the presentation.

SATURN is a great conference to attend. I attended the last year's conference which had speakers like John Zachman and Rebecca Wirfs-Brock give keynote presentations. There were several real-world project based presentations which is one of the things I look for in any conference. There were also very interesting BOF sessions on topics like Architecture Validation.

If you are currently working or looking to learn architecture skills to get into the Architecture area, checkout the SATURN 2010 conference and if you are interested register for the conference.

Monday, April 12, 2010

ITARC Denver 2010 Conference

I will be speaking at the upcoming ITARC conference in Denver. The title of my presentation is "Agile Architect: Integrating Enterprise Architecture into Agile and Lean Software Development".

In the presentation, I will discuss the details of an Agile Architecture framework we introduced in our projects to make Enterprise Architecture efforts an integral part of the software development and management processes. The discussion includes the changes we had to make in terms of Teams, Process, and Tools & Technologies. I will talk about the process changes we made to include new steps like Architecture and SOA Assessments in those projects that have the architecture significance and potential for creating reusable Components and Services.

I will also discuss other techniques to make architecture and design aspects blend with the Development, Unit Testing and Continuous Integration (CI) steps in the Agile Software Development Lifecycle (SDLC). These techniques include Domain-Driven Design (DDD), Model Driven Software Development (MDSD), and Automated Policy Enforcement.

If you are currently working on or looking to learn the architecture skills to get into Architecture space, check it out the speaker line-up and if you are interested in attending, register for the conference.

Sunday, April 11, 2010

OSGI In Action Book

Java language provides the modularity when designing and coding applications using the Object Oriented Design and Programming concepts. But it doesn't provide a mechanism to take the Java code designed and developed using modular concepts (OOP) to deploy in a modular fashion. This is where OSGi technology comes into picture. You can organize the Java classes using the packaging structure and the scope of the classes to control the visibility of a class to other classes, but when it comes to deploying the applications, you have to package them in a monolithic WAR file or an EAR file which don't provide too much flexibility in controlling what classes and libraries (JAR files) that you want to bundle in the application archive files. This limitation has led to the JEE container vendors come up with proprietary implementations of addressing the modularity aspect (e.g. You can deploy an EAR file as a common library, instead of an application, in WebLogic server).

This is the main focus of the book OSGi in Action by authors Richard S. Hall, Karl Pauls, Stuart McCulloch, and David Savage. It's a good addition to OSGi resources and for the Java developers who are currently using or considering using OSGi technology in their applications.

The book starts with the discussion on what is modularity, Java's modularity limitations related to classpath and limited modular deployment support in Java model and explains how OSGi technology addresses these limitations.

The authors talk about the two parts of OSGi Platform:

  • OSGi framework (this is the run-time environment that provides OSGi functionality) and
  • OSGi standard services framework (which defines the reusable APIs for tasks such as Logging and Preferences).
They also discuss the three layers of OSGi specification:
  • Module Layer: This layer covers the packaging and sharing the code. It defines the OSGi module concept, called a Bundle, which is a JAR file with extra meta-data.
  • Lifecycle Layer: This layer provides the run-time module management and access to the underlying OSGi framework. It defines the bundle lifecycle operations like install, update, start, stop, and uninstall.
  • Service Layer: This layer covers the interaction and communication among modules, specifically the components contained in them.
The authors discuss the Bundles concept in OSGi, how to define them with metadata and the benefits of modularizing the program. These benefits include:
  • Logical boundary enforcement
  • Reuse improvement
  • Configuration verification
  • Version verification
  • Configuration flexibility
The event model support in OSGi is also covered.

OSGi Event Model

The OSGi framework supports two types of events:
  • BundleEvents (these events report any changes in the lifecycle of bundles) and
  • FrameworkEvents (these events report the changes in the framework).
The authors also talk about the OSGi design patterns such as Listener and Whiteboard and some OSGi anti-patterns in the areas of updating a bundle. Best practices in managing the versioning of packages and bundles, how to run multiple versions in the same JVM with the example of a Preferences service.

The discussion in the book includes a sample Java application (paint program). The application build and package examples use Ant as the build tool. It would have been nice if they used Maven tool which is what I use at work for building and packaging the Java applications.

There is also discussion on how to test the OSGi applications using mock objects approach when calling the OSGi APIs and container testing to discover any potential class loading or visibility issues. The OSGi test tools listed are OPS4J's Pax-Exam, Spring DM's test support, and Dynamic Java's DA-Testing.

Topics like debugging Java applications and embedding the OSGi framework in applications are also covered. Security, another important aspect in enterprise application deployment, is also covered in detail.

To put OSGi in perspective, the authors also talk about how OSGI relates to other technologies like Java Enterprise Edition, Jini, NetBeans Platform, Java Management Extensions, Lightweight containers (PicoContainer, Spring, and Apache Avalon), Java Business Integration (JBI), JSR's 277 (module system for Java) and 294 (Improved Modularity Support in the Java Programming Language), Service Component Architecture (SCA) and .NET technology.

Overall, this book is an excellent resource for Java developers of all levels of expertise in OSGi technology.

Monday, February 1, 2010

ITARC Austin 2010 Conference

I will be speaking at the upcoming IT Architect Conference (ITARC) in Austin this week. My presentation sessions details are as follows:

Fundamentals Track:

  • Integrating Enterprise Architecture into Agile and Lean Software Development Environments
  • Security Architecture Policy Enforcement and EA Governance Using AspectJ and SpringAOP Techniques
It's a conference worth attending with a great line-up of speakers and sessions and the registration price is very affordable.

There are two keynote presentations.
  • Keynote: Gaining Operational Excellence and Agility Through Enterprise Architecture, Presented by Roy Hunter, Senior Director, Enterprise Architecture at Oracle
  • Afternoon Keynote: IT Complexity Crisis; Danger and Opportunity, Roger Sessions CTO, Object Watch
Check out the conference agenda for more details on other sessions. I am looking forward to the conference.

Friday, January 29, 2010

Austin Marathon 2010

I will be participating in the half-marathon event at the upcoming Austin Marathon.

I have also signed-up for volunteering at the Expo Packet Pick-Up on the day before the race. I did the same for the Decker Challenge Marathon relay last month and it was lot of fun.

I am participating in the marathon as part of a group called Run For India (RFI) Austin Chapter which is part of A.I.D (Association for India Development), a charity organization. If you like to donate to this group, please use this link.

I am looking forward to the marathon.