Archive for the ‘JAVA development’ Category

Java EE 7 work focusing on the cloud

Monday, February 28th, 2011

Work on the next enterprise edition of Java is proceeding at Oracle, with the company eyeing improvements for cloud computing, REST Web services, and other capabilities, an Oracle representative confirmed on Friday.

Java EE (Java Platform, Enterprise Edition) 7 is due in 2012. Capabilities for deploying cloud computing applications and infrastructures will be key to the upgrade. "[Version 7] will be the basis for how to make Java EE relevant for the cloud," said Oracle’s Ajay Patel, vice president of product management, in a webcast last week.

The upgrade also will feature significant developments geared to JavaServer Faces, for building server-side user interfaces; the Web tier, Java persistence; and JAX-RS (Java API for RESTful Web Services), according to an Oracle Java team blog post. Java EE builds on Java SE (Java Platform, Standard Edition) and is geared to enterprise-level Java computing. The Glassfish application server has served as a reference implementation of Java EE. Modularity was cited as a goal for Java EE 7 at last fall’s JavaOne conference in San Francisco.

Initial Java Specification Requests pertaining to Java EE 7 were approved by the Java Community Process in January, including JSR 338, for Java Persistence API 2.1, and JSR 339, for JAX-RS 2.0. JPA is designed for use with Java EE and SE and deals with the way relational data is mapped to Java objects and the way the objects are stored in a relational database for access at a later time. Capabilities like multitenancy and additional mapping for metadata are being considered for JPA 2.1. JAX-RS provides an API for building Web services using the REST architecture. Key features of the new JSR include a Client API, improved support for URIs, and a Model-View-Controller architecture.

Final release of the two JSRs is planned for 2012. Other JSRs pertaining to Java EE 7 will be submitted soon. Aside from Java EE, version 2.0 of JavaFX, a rich-media platform based on Java, is due this summer with such capabilities as a high-performance graphics engine and dynamic language capabilities, Patel said.

source: http://www.infoworld.com/d/application-development/java-ee-7-work-focusing-the-cloud-819?source=footer

Did you like this? Share it:

Tags: , , , , ,
Posted in JAVA development | 1 Comment »

How to Secure Java Web Applications ?

Saturday, January 29th, 2011

 

It’s a common belief that most of Java web applications developed are insecure. As per one of the reports published by WASC, almost 84% of applications developed are susceptible to XSS attack. If we probe deep into this issue, we would find that there are a number of factors, which account for the vulnerabilities of Java web applications to potential threats.

One of the major factors that attributes for insecure Java applications is risk unawareness. A good number of engineers involved in java software programming are ignorant of the way the HTTP protocol functions and are thus unable to identify the main causes of vulnerabilities.

Some other prime reasons, which account for the vulnerability of Java applications are:

XSS attack

Unsuccessful attempt of restricting URL access

Unshielded Chrytographic storage

Disrupted Authentication and Session Management

Erroneous error handling

Information leakage

Insecure Communications

Insecure Direct Object Reference

Improper file execution

Any many more!

Now that we know the reasons why Java web applications are insecure, it’s time for us to find out the ways to secure the same.

[...]

Read More:

http://technology.ezinemark.com/how-to-secure-java-web-applications-16ecbcab827.html

Did you like this? Share it:

Tags: , , , , ,
Posted in JAVA development | Comments Off

Java 7 and 8 Begin to Take Shape: What’s In, What’s out

Tuesday, November 30th, 2010

Source: http://bit.ly/aC69nm

The next two major versions of Java are beginning to take shape. Oracle has submitted the release content for both Java SE 7 and 8 to the Java Community Process (JCP) for approval before the end of the month.

JSR (Java Specification Request) 336 details the components and features that will become JDK 7, while JSR 337 details JDK 8. The final Java 7 release is being targeted for mid-2011, while Java 8’s release is set for 2012.

"These JSRs have been a long time coming," Mark Reinhold, Chief Architect of the Java Platform Group at Oracle, blogged. "They’re now finally on the JCP Executive Committee ballot for approval; results should be available in two weeks."

The JDK 7 and 8 JSRs represent Oracle’s "Plan B" approach for separating JDK 7 into two separate releases, splitting up features that were all originally intended for the Java 7 release. This approach is intended to help expedite new Java releases.

Among the key components of the original Java 7 plan that are now set for inclusion in Java 8 are the Lambda and Jigsaw efforts. At JavaOne this year, Thomas Kurian, executive vice president, Oracle Product Development, explained that Lambda is all about bringing closures to the Java language. Kurian noted at the time that Lambda is intended to provide a more concise replacement for inner classes, as well as support automatically parallel operations on collections.

Jigsaw is all about building modularity into the Java Virtual Machine (JVM).

"The goal of this Project is to design and implement a simple, low-level module system focused narrowly upon the goal of modularizing the JDK, and to apply that system to the JDK itself," the Project Jigsaw project page states.

What JDK 7 Has in Store
JSR-336 defines a number of key areas where Java 7 will improve on previous versions of the language, including productivity and performance enhancements.

On the productivity front, a goal of Java 7 is to reduce boilerplate code while promoting best coding practices.

"These features will increase the abstraction level of most applications in a pragmatic way, with no significant impact on existing code and a minimal learning curve for all developers," JSR-336 states. "We propose to enable, among other improvements, the automatic management of I/O resources, simpler use of generics and more-concise exception handling."

In terms of performance, Java 7 is looking to expand the multi-threaded and multi-core capabilities of Java with new concurrency APIs. "These include, in particular, a Fork/Join Framework, which can adaptively scale some types of application code to the available number of processors," JSR-336 states. "Java SE 7 will further enable I/O-intensive applications by introducing a true asynchronous I/O API as part of JSR 203."

At this point, the Eclipse Foundation, Ericsson, IBM, Red Hat and SAP are already supporting JSR-336 and JSR-337 for Java 7 and 8. JCP balloting on the JSRs finishes on November 29th.

Did you like this? Share it:

Tags: , ,
Posted in JAVA development | Comments Off

10 Best Java Web Development Framework

Thursday, November 25th, 2010

 

By Partho, Gaea News Network, tech.gaeatimes.com

There are a majority of enterprises running Java applications and working on Java web development framework. What remains to be seen is that a number of companies are tied to the conventional web development framework and  haven’t actually started to anticipate what could be the best Java web development framework. Even the JavaOne might hold no unified voice for what web framework is best. There are several easy to use Java web frameworks that are out now a days, and they are too many. Essentially choosing the best web development framework has become more intricate, specifically due to three reasons. On a broader perspective, the web technology landscape has undergone a sea change; far more choice of technology; and changing requirements for modern web applications. After an extensive research we assorted the 10 best Java web development framework that we would like to share with you.

 

1. Struts 2

Apache Struts 2 is an enterprise-ready web framework for Java application. It has been designed to streamline the entire development cycle starting from building to deploying. Struts 2 is a combined effort of WebWork and Struts communities.  Unlike conventional web applications, it can create dynamic responses. Struts 2 comes with an improved design with clean code for HTTP-independent framework interfaces. Added interactivity and flexibility with AJAX tags gives the look and feel just like standard Struts tags. It doesn’t use Action forms, instead Struts 2 uses JavaBean to capture form input or put properties directly on an Action class. POJO Actions enables class to used as an action class with optional interface.  Plugin APIs for the framework include config browser, JasperReports, JavaServer Faces, Pell Multipart, Plexus, sitegraph, sitemesh, tiles and Struts 1. The framework essentially requires Servlet API 2.4, JSP API 2.0 and Java 5.

Struts 2 could be a great option for small teams looking to learn about the open source tools they use. It’s not for armchair programmers looking for drag and drop development.

2. JSF

JavaServer Faces (JSF) is a java web application framework established the standard for development of server-side user interfaces for Java EE application. The JSF APIs are designed to leverage tools that would make we application development increasingly easier. It uses a component based approach. JSF uses JavaServer Pages JSP as its display technology, but it can also support other technologies such as XUL and Facelets . The UI is saved on clients request for new page and restored when the response is returned.

JSF has a set of API for representing user interface components and manages their state, converting values, input validation and event handling, defining page navigation and support for accessibility and internationalization. It has two JavaServer Pages (JSP) custom tag libraries for expressing a JavaServer Faces interface within a JSP page. Some of its key features include server-side event model, state management, JavaBeans with dependency injection and Unified Expression Language for both JSP 2.0 and JSF 1.2. JSF 2.0 offers improved support for Ajax by allowing UI logic to run partly on the client and not on the server.

For the latest,  in the public draft for JEE6, Facelets would be adopted as the official view technology for JSF 2.0. This would resolve the life-cycle conflicts with JSP that forced developers to go for workarounds.

Pros

    * Java EE standard with lots of demand and jobs
    * Initially was fast and easy to develop
    * Loads of component libraries

Cons

    * Tag soup for JSPs
    * Lacks unified source for implementation
    * Doesn’t support REST or Security well

 

3. Spring MVC

It is a layered Java/J2EE framework integrating a number of different technologies and is applicable to wide range of projects. Spring is based on code published in Expert One-on-One J2EE Design and Development. Spring clearly separates business, navigation and presentation logic. It is a proven web mechanism constructed with a clean web tier. Spring MVC allows users to use any object as a command or form object – there is no need to implement a framework-specific interface or base class.  Spring’s features a highly flexible data binding. MVC Model and VIew is based on the map interface that is highly configurable, either via bean names, via a properties file, or via your own ViewResolver implementation. Spring supports controller as an optional command or form object. It has an extremely flexible view resolution that can even write a view directly to the response.

It should be considered a strategic base platform for web application development.

 

4. Wicket

Apache Wicket is a lightweight component based web application framework for the Java programming language. Wicket is patterned after stateful GUI frameworks. It features trees of components that use listener delegates to react to HTTP requests against links and forms. With XHTML for templates it separate presentation and business logic and allows templates to be edited with conventional WYSIWYG design tools. Within the framework each component is backed by its own model that represents the state of the components. Wicket might be the best framework for making use of your developers resources.

5. Stripes

The web framework offers a lot of complex data interactions. It offers powerful type conversion, binding and validation. Stripes has been designed to manage large, complex forms and maps them directly to objects etc.  Stripes requires zero external configuration beyond the registration of one servlet and one filter.  Most importantly, Stripes provides simple and effective solution to common problems such as indexed properties, multi-event forms, localization and use of domain objects in the web tier. It is a compact web development framework with just few dependencies.

6. Tapestry

It is an object oriented powerful, open-source, all-Java framework for creating leading edge web applications in Java. The framework allows implementation of applications according to the model-view-controller design pattern. Tapestry offers an innovative web application development concept in terms of objects, methods and properties instead of URLs and query parameters. It adopts a modular approach to web development by combining user interface components (objects) on the web page and their corresponding Java classes.

It could be a rescue for those looking to avoid scripting environments such as JavaServer Pages or Velocity. It provides a complete framework for creating extremely dynamic applications with minimal amounts of coding. The web development framework focuses on simplicity, ease of use, and relieves programmers from creating enormous block codes.

For the latest Tapestry offers a new approach with an entirely new code base, centered on Plain Old Java Objects, annotations and naming conventions, and runtime bytecode enhancement.

7 . RIFE

This is a unique framework for web development and design with tools and APIs to implement commonly used web features. It has been designed for separating tasks during a development cycle, ensuring that each developer or designer focuses on his own tasks.  If needed the any work can be effortlessly integrated with the work of the rest of the team. RIFE’s has a number of independently usable toolkits, which can be integrated to boost productivity. All the declaration and definitions in RIFE is handled in one place in the code. This makes it easy for the developers to reduce code replication, enforce consistency, and ease the maintenance. This results in a loosely coupled and very robust system.

It combines the best of request based and component approach to offer consistent component based object model. RIFE’s design provides the best of request-based and component-based approaches and blends them together in a consistent component object model. The web engine provides a solution that values maintainability without compromising on productivity. Through a centralized site structure, an application can be split up into easily reusable binary modules that can be seamlessly integrated into other projects. There is a wide scope for incremental improvements with little or no risk of unwanted anomalies in the system.

 

8. Seam

It’s a powerful open source web application framework developed by JBoss. Seam offers a perfect platform for building rich Internet applications in Java. It is a unified full-stack solution that integrates technologies such as Ajax,  JavaServer Faces (JSF), Java Persistence (JPA), Enterprise Java Beans (EJB 3.0) and Business Process Management (BPM) into tooling. Seam also expands the concept of contexts. All the Seam component are enclosed within a context. The default Seam context is conversation which can span multiple pages and usually spans the whole business flow, from start to finish.  All the actions in a session context is captured until the user logs out or closes the browser. WYSIWYG development in Seam is facilitated through the use of JBoss Tools.

Seam overcomes design issues by eliminating both eliminate complexity at both architecture and API levels. It enables developers to assemble complex web applications using simple annotated Java classes, a rich set of UI components, and XML in parts. Above all, it offers outstanding support for conversations and declarative state management that can introduce a more sophisticated user experience. At the same time it eliminates the common bugs found in traditional web applications.

Exceptionally, Seam features a PDF document creator, e-mailing, graph creation and creation of Microsoft Excel worksheets.

9. Google Web Toolkit (GWT)

GWT is a Java software development framework that allows web developers to build and maintain complex Javascript front-end applications in Java. The web development framework makes it easy for developers to write AJAX applications like Google Maps and Gmail. Other than a few native libraries, everything is Java source that can be built on any supported platform with the included GWT Ant build files. GWT focuses on reusable, efficient solutions for asynchronous remote procedure calls, Internationalization, history management, bookmarking and cross-browser portability. It allows developers to develop and debug AJAX applications in the Java language with any Java development tools of their choice.  However, due to lack of modularity in JavaScript, sharing, testing, and reusing AJAX components becomes a hassle.

10 . OpenXava

It is a web development framework for creating Ajax Enterprise applications with Java. OpenXava has been designed by Java developers looking for a productive Java Enterprise applications.  In OpenXava developers have to provide only the JPA classes to obtain a full featured application ready for production. It requires no code generation. It allows rapid and easy generation of CRUD modules and report generation. It also allows the flexibility to develop complex real life business applications as customer relationship, invoicing, accounting packages, warehouse management, etc. It The web framework offers full Ajax support and can be used on application server (Tomcat, JBoss, WebSphere, etc).

It is a faster framework than Ruby On Rails, Spring MVC, or any other MVC framework.

Did you like this? Share it:

Tags: , , ,
Posted in JAVA development | Comments Off

Google shuns Oracle, joins VMware to offer Java development tools for cloud

Tuesday, November 2nd, 2010

by Carl Bagh

Google and VMware have rolled out a host of collaborative enterprise-level Java development tools to help interoperability of applications in the cloud at the SpringOne 2GX development conference.

Google shunned Oracle’s Enterprise Java Beans platform for building and deploying enterprise Java applications but chose VMware’s Spring Java development platform instead.

One of the primary reasons of Google siding with VMware could be Oracle’s lawsuit against Google over the use of Java in its Android’s Dalvik virtual machine.

The collaboration aims to make creation, deployment and monitoring of enterprise applications across various devices and cloud systems efficient.

Vic Gundotra, Google vice president of developer platforms said: "By making deployments of Spring Java applications on Google App Engine using Google Web Toolkit generally available, developers can deploy Java applications in production environments of their choice while leveraging rich web front-end across multiple devices."

The collaboration will result in the launch of three projects in the next two weeks. The projects include merging the rich application development features of Spring Roo with browser-based app development tools of Google Web Toolkit (GWT) to assist developers to create enterprise apps for desktops and mobiles.

It also integrates Spring Insight, an application performance monitor with Google’s Speed Tracer, a performance analyzer with Chrome, to offer a more comprehensive tool to monitor web application performance in the cloud.

Also the companies will integrate SpringSource Tool Suite version 2.5 and Google Plugin for Eclipse which allows developers to create web-based enterprise applications by allowing access to tools used for desktop and server applications, thus enriching Google App Engine APIs.

The major difference between Enterprise Java Beans (EJB) and Spring framework is that EJB is open standard and is designed for vendor independence while Spring is a non-standard technology. Also, Spring apps are locked into Spring itself and to the specific services one chooses to integrate in Spring.

Also Spring framework sits above the application servers and service libraries unlike EJB which is well integrated with app server and service libraries. Thus it is cumbersome to make interaction between the service and the grid while EJB can optimize on the underlying servers and service libraries more effectively.

Since the Spring’s service integration code is exposed via APIs developers can assemble services as needed while EJB allows a predefined set of services, thus limiting flexibility.

Did you like this? Share it:

Tags:
Posted in JAVA development | Comments Off

More thoughts on junking Java

Friday, October 22nd, 2010

By Rob Pegoraro

Last week, I asked if Oracle’s Java software was worth keeping around on home computers, given its numerous security issues, unpleasant updates and general irrelevance.

Your comments pointed out a few ongoing uses of Java–one right on this site. But since then, I’ve seen other reasons to doubt this software’s utility.

One is further evidence of the attention malware authors are paying to Java–a Microsoft security study that shows Java exploits now massively outnumber attacks on Adobe’s PDF software.

(Yes, Microsoft tried to sabotage Java in the ’90s, back when it showed actual promise as an alternative software-development platform. That doesn’t invalidate its work a decade later.)

The other is Apple’s decision–"announced" in a document on its developer site that went largely unnoticed until today–to back away from Java. The release notes updated yesterday declare Java "deprecated" and state that Apple’s Java software "will not be maintained at the same level, and may be removed from future versions of Mac OS X."

Translation: Apple may take longer than it already does to ship Java security updates previously released on other platforms.

So why keep Java around? Well–this is awkward–the Post’s online crossword puzzles require it. So do those at other sites, such as Merl Reagle’s Sunday Crosswords.

Post managing editor Raju Narisetti e-mailed that the paper had no plans to revise its crosswords software until after completing a major update to its publishing system, sometime in the second quarter of 2011.

Reagle wrote in an e-mail that "the day that someone comes along with a better online interface, we’ll jump to it — java or not — but there doesn’t seem to be one out there."

The New York Times doesn’t employ Java. But its subscription-required crosswords site instead requires members to install a separate, proprietary plug-in, an equally obsolete solution.

I don’t know why there’s this industry-wide hangup when it comes to online crosswords. It’s possible to write a crossword puzzle using just JavaScript, as this simple example on a developer’s site shows. (JavaScript, if anybody’s confused by that ill-chosen name, has nothing to do with Java.) Adobe’s Flash can do the job too, as seen on such sites as the Los Angeles Times.

Like many of you, I like crossword puzzles. But I also like having a secure computer that requires updates to as few Web-facing software components as possible. To me, that makes Java expendable. So I am going to disable it on the machines I use–while continuing to do battle with crosswords on paper–and I think you should too.

In Windows, uninstalling Java through the Control Panel ("Add or Remove Programs" in Windows XP, "Uninstall a program" in Windows Vista and 7) will suffice. In Mac OS X, you can’t uninstall Java but you can disable it in your browser–which eliminates your risk of drive-by-download attacks. To do that in Safari, open its Preferences window, click the "Security" header, and click to clear the checkbox next to "Enable Java." In Firefox, go to its Tools menu, select Add-Ons, click the Plug-Ins header and right-click on each Java item listed there and select "Disable."

You can also use that Firefox workaround to turn Java on and off at will in Windows, in case there’s one Java site that you can’t avoid.

Let me know if those directions work for you–or if there are other reasons to keep Java that I’ve missed.

Did you like this? Share it:

Tags:
Posted in JAVA development | Comments Off

VMware Angles Spring as Premier Java Development Tool

Friday, October 22nd, 2010

By Joab Jackson, IDG News

Oracle may own the Java trademark, but VMware is touting its own Spring framework as the best programming model for enterprise Java developers.

"In the innovation of the Java programming model, I think Spring really plays a leading role there," said Rod Johnson, who is senior vice president and general manager of VMware’s SpringSource product division, as well as the creator of the first version of Spring.

At least one other company seems to share VMware’s enthusiasm — Google has chosen Spring as the preferred programming model for Google App Engine. And at the SpringOne G2X developer conference in Chicago this week, the two companies announced that they have completed a number of integrations between Spring and the Google App Engine and the Google Web Toolkit. Johnson noted that while Google pulled out of the Oracle-controlled JavaOne, it was a major sponsor for the SpringOne conference.

"We talked to our customers — we wanted to learn where the new growth is, where a lot of the new apps are being written, because that is probably where the growth will be for App Engine. And we felt like Spring is a really good platform for those applications," said Brad Abrams, product manager for Google’s developer tools division.

Not everyone is so certain that Spring is the future of enterprise Java development. Red Hat, for instance, has questioned the need for the Spring framework at all.

"The latest iteration of Java can offer a simple, standard architecture that can cut development time while offering an open and standard platform making the need for frameworks like Spring unnecessary," wrote Red Hat Senior Director of JBoss Enterprise Middleware Ashesh Badani, in a blog posting last week.

An open-source project, the Spring framework was designed to help developers quickly structure Java programs, especially Web applications, in an architecturally coherent manner. Since its introduction in 2002, it quickly grew to be one of the most widely used Java frameworks. VMware purchased Johnson’s company, SpringSource, in 2009.

At the conference this week, VMware and Google, who started working together earlier this year, displayed the first fruits of their partnership.

Within the next two weeks, a plug-in for the SpringSource Tool Suite will be available that will allow developers to deploy their applications to the Google App Engine. The App Engine only uses a subset of the full range of Java APIs (application programming interfaces), and so Google worked to ensure that all those APIs used by Spring are available in the Google App Engine, Abrams said.

Also, the Google Web Toolkit has been integrated with Spring Roo, a tool that generates Spring code that conforms to preset requirements in performance security or other aspects. "Now Roo can generate a rich Internet client application using the Google Web Toolkit," Abrams said. Lastly the, Google Speed Tracer, a performance analyzer found in the Chrome browser, has been bundled into Spring Insight, which is SpringSource Tool Suite’s own performance analyzer.

While VMware touts Spring chiefly as a development component for cloud-based applications, Johnson noted that it has achieved popularity as an alternative to Java Enterprise Edition’s EJB (Enterprise Java Beans) for enterprise application development. The company claims that 2.5 million developers use the Spring framework.

"The open-source community in general has taken the baton from the Oracle technologists. Spring overtook EJB several years ago and continues to pull ahead," Johnson said.

Red Hat engineers, however, have argued that the latest version of Java Enterprise Edition, JEE 6, eliminates the need for frameworks such as Spring. In particular, it features the inclusion of JSR (Java Specification Requests) 299, a specification that covers how to handle dependency injection, a set of much-needed procedures that allow software components to interact. One of Spring’s chief features is that it handles context and dependency injection.

To boost his argument in his blog post, Badani pointed to a write-up from fellow Red Hat employee, and JBoss core developer, Lincoln Baxter, which discussed the process of migrating an application from Spring to Java EE 6.

"It’s no secret that the Spring Framework cropped up as a lightweight alternative and abstraction to programming for Java EE because the perception was that Java EE had become cumbersome and overly complex," Baxter wrote. "When it comes right down to it, using Java EE can be even simpler than using Spring, and take much less time. You just have to find the right guides and the right documentation."

Johnson admitted that Java EE 6 has borrowed some ideas from Spring, and, in general, is easier to use than the previous versions, whose complexities may have driven developers to Spring. But Java EE 6 still doesn’t have the full range of features that Spring does, such as a full-fledged Web framework and productivity boosters like Roo.

Nor is it widely implemented across application servers, Johnson argued. While the next version of the Red Hat JBoss application server will support Java EE 6, IBM’s Websphere does not support it, and the open-source Tomcat server only supports a subset of Java EE 6 functionality.

"I don’t think comparing Java EE and the Spring programming models is an apples-to-apples comparison, and, secondly, Java EE as an alternative to Spring is just not viable in the vast majority of production deployments today," Johnson said.

Did you like this? Share it:

Tags: ,
Posted in JAVA development | Comments Off