What are some good robust security frameworks for a Java EE application?
We are currently using a custom EJB solution that is lacking the authorization, permissions, rules aspect of a secure web application.
Ideally I would like to use Seam due to the features (we are using JBoss 5) however my first impression is that it does not integrate with jsp pages.
I was wondering if anyone had any suggestions for an alternative for Seam or any insight on how to create a custom framework utilizing other APIs.
Thank you in advance for your help.
I just love Spring Security, but just to let you know about one more option, there is apache shiro
I would recommend Spring-Security
I haven't used Seam, but you can use JAAS with EJBs. Have a look at the tutorial:
http://download.oracle.com/javaee/6/tutorial/doc/bnbyk.html
http://download.oracle.com/javaee/6/tutorial/doc/gijrp.html
Related
I'm working in a Java EE application with JSF and Primefaces Framework and I need to add some kind of CSRF attack protection. I read about OWASP CSRF Guard but I really don't understand how to implement it into my project and I saw lot of codes using Spring Framework too, but I would like to avoid the implementation of that framework in my project (besides I don't know anything about Spring).
If anyone can help me about how to proceed with this problem or maybe some documentation that I should read or anything to help I will be really thankful.
I am a traditional .NET developer... now I have to create a web application using JSP.
Is there some sort of framework that handles all the login stuff for me?
Register users (and securely store in database using best practices)
forgot password functionality
session tracking (aka make sure only a logged in user can see the page)
Like I said, I'm mostly familiar with .NET Membership. I'm researching Spring, Struts, and Hibernate but am not sure the pros/cons of each yet.
If you had to create this simple web application using JSP how would you go about it?
Thanks for your help :-)
-Josh
Take a look at Spring Security.
Spring Security is a powerful and highly customizable authentication and access-control framework.
Short answer? No.
There are however, very many security frameworks that you can customize to fit your needs. I would recommend looking at Spring Security as a good all-around tool that should fit your needs.
I am trying to find a good example of use of JSF and Spring with installation instruction,But haven't been able to find something more than basic.
Can anyone direct me to nice examples?
Thanks,
Sid
java Beat : integrating-spring-and-jsf
jsf-2-0-spring-hibernate-integration-example
You can also check out Appfuse, http://appfuse.org/display/APF/Home, it has the whole enchilada: maven, security (acegi), webservices, hibernate search (lucene), caching (ehcache), JPA, annotations in JSF Managed Beans, transactions, templating (sitemesh), email, and lots of other useful stuff. I find it a bit too complex, not so sure if it uses the best available components for JSF, but it's an application skeleton for the real world.
See the reference at http://appfuse.org/display/APF/Reference+Guide
Which is a good java REST framework?
I would like it to be deployed with Tomcat 6.
Also you can try Spring Framework 3.x.x.
You can try RESTEasy. It isn't application server dependent. (Doesn't require an AS at all).
You can also try an alternative, but you really should use a JAX-RS implementation :
Jersey
Restlet
Wink
See my answer on: RESTFul Web Development with Java EE 6:
I'd recommend you have a look at:
RESTLet
Play
Grails with the REST plugin for Grails
Jersey
RestEasy
(One question though: why specifically
do you need to be able to integrate
with Java EE?)
EDIT: In the case where you absolutely
want to use the Java EE APIs, then as
mentioned by BalusC, JAX-RS is
your solution of choice. Restlet and
Jersey both support it. I don't know
about RESTEasy, but the JAX-RS
Wikipedia page mentions it does.
AFAIK, Jersey is the JAX-RS reference implementation. I've used it several times for REST webservice servers.
Minimal configuration, wide use of Annotations
Runs in Tomcat, Grizzly, GlassFish and many others...
The best part, the Jersey Test Framework makes it really easy to completely test your service.
I've had a pretty good experience with Jersey. It's pretty easy to integrate it with Tomcat.
I have had good experiences with Restlet: http://www.restlet.org/
Here is a tutorial on running Restlet in Tomcat: http://danilogurovich.wordpress.com/2008/09/23/a-simple-restlet-demo-application/
Here's the best and easiest: http://sparkjava.com/, it works standalone. And here is how http://sparkjava.com/documentation.html#other-webserver to make it work within a server.
http://www.crnk.io/ might also be of interest. Unlike the other libraries here, it can be considered to be a native resource-oriented library and along the way offers various higher-level features like sorting, paging, inclusions, bulk-updates, etc. out-of-the-box.
Play! framework is very good, also more easier than Jersey. You can use with or without tomcat.
I want to develop a website with java but I'm absolute beginner in java web development.
I want to use a framework that uses the MVC pattern and Ajax.
I did some search and found that Spring or Struts are suitable but I'm not sure.
could you please recommend a framework?
Play Framework might be a good option because of its incredible simplicity.
I'd recommend Spring:
Developing a Spring Framework MVC application step-by-step
The Stripes Framework is also worth consideration and can be used along with Spring.
http://www.stripesframework.org
It's easy to use and easy to configure. Unlike Struts, which is fairly old hat these days.
There are a plethora of frameworks now and it's worth checking each one that will suit your needs. It's a personal thing and it's good that we're not all restricted to a few.
JRapid is very easy to use. You'll get a working application in minutes and it generates AJAX powered user interface.
I work with Spring Webflow - technology based on Spring MVC. Webflow is described in official help pretty well. Personally, it think Webflow is much more usable than bare Spring MVC, however there are always someone who disagrees.
Moreover Spring (not talking about MVC specifically) can be used outside of web projects, so it seems to me it is advantage of Spring.
Cannot say anything about Struts.
I would recommend GRAILS for fast rapid web application development, that includes scaffolding functionality and web page generation based on data models.
https://grails.org/learn
It is the fastest way for MVC developers.