Application security - the art of applications defending themselves -
represents an important line of defence in an overall in-depth security
strategy. Web applications that follow the Model-View-Controller (MVC)
architecture can, and should, have security implemented on all three layers.
Normally it's the controller component that handles page authorization in
MVC, the view layer that hides controls and information based on user
authorization, and the model that enforces the business rules and input
validation. However, it's up to the developer, based on an individual
security policy and the programming technology used, to decide where to put
security. Using pluggable validator components in JavaServer Faces (JSF), for
example, developers may decide to verify user input on the view layer as well
as on the model layer.
JavaServer Faces, the new J2EE standard for b... (more)
Community was a recurring theme at JavaOne, this year, and indeed at many of
the Java User Groups that I've participated in recently. The Java Community
(with a big C): a global tribe converging on programming nirvana where all is
open, free and yet somehow affords us all a decent living.
The community vision itself is not something I have a beef with, indeed I
like to belong, I like to contribute, and importantly I can afford to - so I
do. The community raised me, so to speak, nurturing me through technology
transitions, and delivering timely advice through the "Village Voice" of ... (more)
Where is application development going? What's the next cool thing? You may
have answers to these questions, your answers may be the same or different to
mine or anyone else's. The point is we just don't really know, and that's a
problem. Saying to the manager of enterprise development shops "Oh yes just
standardize on J2EE and everything will be fine" is not going to cut it.
These folks are savvy enough to know that J2EE is a minefield of choice in
standards and APIs. They need and deserve more direction than that.
So you can make a suggestion as to a good set of technologies to u... (more)
"With proper markup/logic separation, a POJO data model, and a refreshing
lack of XML..." So begins the introduction to one of the current crop of open
source Web application frameworks on its Web site. Sadly this seems to be a
common sentiment within the Java framework development community; the phrase
"XML Hell" is thrown around with the same vehemence once reserved for the
"DLL Hell" so characteristic of early versions of Microsoft Windows. Is this
wisdom genuine or apocryphal? In this article I will examine some of the
reasons why anti-XML sentiment is misguided.
The Roots o... (more)