Java EE 8 Overview (Sept 2015). A lot of work is already done by the Expert Groups so lets have a brief look for what we can expect in the some areas.
- Servlet 4 will embrace the new HTTP/2 protocol.
- JSON-B will bring the same high level features of JAXB to the JSON data format.
- Server-Sent Events(SSE) is the WebSocket variant where you only send data from the server to the client.
- MVC will be the Action based MVC complement of the Component based MVC of JSF.
- Some major restructuring of CDI so that we can use it standardised in Java SE to mention one thing.
The Java EE security API will be covered in more detail. Security related things became old and dusty and needs to move away from proprietary configuration to be able to make the transition to the cloud. An introduction to JSR 375 is given, which promotes self-contained application portability across Java EE servers, and promotes the use of modern programming concepts such as Expression Language, and CDI. It will holistically attempt to simplify, standardize, and modernize the Security API across the platform in areas identified by the community.
This document discusses attacking GraphQL APIs. It begins with an overview of GraphQL, how it differs from REST APIs, and key GraphQL concepts like queries, mutations, and introspection. It then explains how introspection can be dangerous by revealing an API's schema. Various vulnerabilities are covered like information disclosure, IDOR, injections, and authorization bypass. Tools for analyzing GraphQL APIs are also listed. The document concludes with examples of exploiting common vulnerabilities like stored XSS, authorization bypass, and OS command injection.
Spring Boot is a framework for creating stand-alone, production-grade Spring-based applications that can be started using java -jar without requiring any traditional application servers. It is designed to get developers up and running as quickly as possible with minimal configuration. Some key features of Spring Boot include automatic configuration, starter dependencies to simplify dependency management, embedded HTTP servers, security, metrics, health checks and externalized configuration. The document then provides examples of building a basic RESTful web service with Spring Boot using common HTTP methods like GET, POST, PUT, DELETE and handling requests and responses.
This document provides an introduction and overview of using SoapUI for testing web services. It begins with background on XML, SOAP, REST, and WSDL. It then demonstrates how to create a SoapUI project from a WSDL, view and submit sample requests and responses, validate requests, and create multiple test cases. The document provides guidance on project structure, endpoints, properties, and navigating the SoapUI interface. Finally, it includes an exercise to create test cases for a weather web service.
The Spring Framework has always embraced testing as a first class citizen. Spring-based components should be modular, easy to wire together via dependency injection, and therefore easy to test. In fact, when well designed following a POJO programming model, a component in a Spring application can be unit tested without using Spring at all. And when you take the step toward developing integration tests, Spring's testing support is there to make your job easy.
Join Spring Test component lead Sam Brannen in this talk to learn about the basics for Spring's unit and integration testing support. This talk will provide attendees an overview of the following topics: unit testing without Spring, integration testing with Spring, loading application contexts (with and without context hierarchies), injecting dependencies into tests, transaction management for tests, SQL script execution, testing Spring MVC and REST web applications, and more.
Attacking and defending GraphQL applications: a hands-on approachDavide Cioccia
DevSecCon Seatlle 2019 - Workshop
The workshop is meant for developers, architects and security folks. During the workshop we will learn how to setup a GraphQL project, define a schema, create Query, Mutation and Subscription for a "fake" social network. We will learn what are the main security issues to consider when developing a GraphQL application:
Introspection: information disclosure
/graphql as a single point of failure (DoS attacks)
IDOR
Broken Access control
Injections
Once we get familiar with the issues, we will explain how to avoid it and/or fix it.
The document provides tips and best practices for configuring multiple farms in AEM Dispatcher. Key points include:
- Splitting the Dispatcher configuration into multiple farms based on different caching needs, such as separate farms for DAM assets and pages.
- Configuring different caching parameters and cache folders for each farm to optimize caching behavior.
- Handling cache invalidation requests and vanity URLs across multiple farms.
- Different approaches for flushing caches from Author and multiple Publishers to Dispatchers, and avoiding race conditions.
- Bypassing the Dispatcher cache for select clients by rewriting URLs to include parameters checked by the Dispatcher configuration.
Swagger is a simple yet powerful representation of your RESTful API. With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment. With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability.
This document discusses attacking GraphQL APIs. It begins with an overview of GraphQL, how it differs from REST APIs, and key GraphQL concepts like queries, mutations, and introspection. It then explains how introspection can be dangerous by revealing an API's schema. Various vulnerabilities are covered like information disclosure, IDOR, injections, and authorization bypass. Tools for analyzing GraphQL APIs are also listed. The document concludes with examples of exploiting common vulnerabilities like stored XSS, authorization bypass, and OS command injection.
Spring Boot is a framework for creating stand-alone, production-grade Spring-based applications that can be started using java -jar without requiring any traditional application servers. It is designed to get developers up and running as quickly as possible with minimal configuration. Some key features of Spring Boot include automatic configuration, starter dependencies to simplify dependency management, embedded HTTP servers, security, metrics, health checks and externalized configuration. The document then provides examples of building a basic RESTful web service with Spring Boot using common HTTP methods like GET, POST, PUT, DELETE and handling requests and responses.
This document provides an introduction and overview of using SoapUI for testing web services. It begins with background on XML, SOAP, REST, and WSDL. It then demonstrates how to create a SoapUI project from a WSDL, view and submit sample requests and responses, validate requests, and create multiple test cases. The document provides guidance on project structure, endpoints, properties, and navigating the SoapUI interface. Finally, it includes an exercise to create test cases for a weather web service.
The Spring Framework has always embraced testing as a first class citizen. Spring-based components should be modular, easy to wire together via dependency injection, and therefore easy to test. In fact, when well designed following a POJO programming model, a component in a Spring application can be unit tested without using Spring at all. And when you take the step toward developing integration tests, Spring's testing support is there to make your job easy.
Join Spring Test component lead Sam Brannen in this talk to learn about the basics for Spring's unit and integration testing support. This talk will provide attendees an overview of the following topics: unit testing without Spring, integration testing with Spring, loading application contexts (with and without context hierarchies), injecting dependencies into tests, transaction management for tests, SQL script execution, testing Spring MVC and REST web applications, and more.
Attacking and defending GraphQL applications: a hands-on approachDavide Cioccia
DevSecCon Seatlle 2019 - Workshop
The workshop is meant for developers, architects and security folks. During the workshop we will learn how to setup a GraphQL project, define a schema, create Query, Mutation and Subscription for a "fake" social network. We will learn what are the main security issues to consider when developing a GraphQL application:
Introspection: information disclosure
/graphql as a single point of failure (DoS attacks)
IDOR
Broken Access control
Injections
Once we get familiar with the issues, we will explain how to avoid it and/or fix it.
The document provides tips and best practices for configuring multiple farms in AEM Dispatcher. Key points include:
- Splitting the Dispatcher configuration into multiple farms based on different caching needs, such as separate farms for DAM assets and pages.
- Configuring different caching parameters and cache folders for each farm to optimize caching behavior.
- Handling cache invalidation requests and vanity URLs across multiple farms.
- Different approaches for flushing caches from Author and multiple Publishers to Dispatchers, and avoiding race conditions.
- Bypassing the Dispatcher cache for select clients by rewriting URLs to include parameters checked by the Dispatcher configuration.
Swagger is a simple yet powerful representation of your RESTful API. With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment. With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability.
Rasheed Amir presents on Spring Boot. He discusses how Spring Boot aims to help developers build production-grade Spring applications quickly with minimal configuration. It provides default functionality for tasks like embedding servers and externalizing configuration. Spring Boot favors convention over configuration and aims to get developers started quickly with a single focus. It also exposes auto-configuration for common Spring and related technologies so that applications can take advantage of them without needing to explicitly configure them.
Spring Boot is a framework that makes it easy to create stand-alone, production-grade Spring based Applications that can be "just run". It takes an opinionated view of the Spring platform and third-party libraries so that new and existing Spring developers can quickly get started with minimal configuration. Key features include automatic configuration of Spring, embedded HTTP servers, starters for common dependencies, and monitoring endpoints.
Securing Java EE apps using WildFly ElytronJan Kalina
1) Elytron is WildFly's new security subsystem that replaces legacy security configurations.
2) Elytron provides authentication mechanisms like BASIC and DIGEST and security realms like LDAP and JDBC to verify credentials.
3) Security domains in Elytron integrate authentication, authorization, and principal transformation using concepts like authentication factories, permission mappers, and realm mappers.
The document discusses installing the Groovy engine in Apache Jmeter to enable scripting capabilities. It is a 4 step process: 1) Download the latest Groovy version, 2) Extract and copy Groovy jar files to the Jmeter lib/ext folder, 3) Restart Jmeter, 4) Add a JSR223 sampler where Groovy will be available as a scripting option to write and execute Groovy scripts.
The document discusses Spring Boot, a framework from the Spring Team that aims to ease the bootstrapping and development of new Spring applications. Spring Boot allows applications to start quickly with very little Spring configuration. It provides some sensible defaults to help developers get started quickly on new projects.
At the Devoxx 2015 conference in Belgium, Guillaume Laforge, Product Ninja & Advocate at Restlet, presented about the never-ending REST API design debate, covering many topics like HTTP status codes, Hypermedia APIs, pagination/searching/filtering, and more.
This document provides an overview of LambdaTest, a new Scala testing framework designed for functional programming. It discusses LambdaTest's core concepts like immutable states and transformations, different types of actions, and support for ScalaCheck. Examples are provided to demonstrate testing mutable and immutable code, exceptions, tags, timing tests, and extending LambdaTest. Upcoming features like asynchronous testing with LambdaTestExpect are also previewed. The document aims to introduce developers to LambdaTest's philosophy and capabilities for writing concise, readable tests in a functional style.
This document provides an introduction to Spring Boot, including its objectives, key principles, and features. It discusses how Spring Boot enables building standalone, production-grade Spring applications with minimal configuration. It demonstrates creating a "Hello World" REST app with one Java class. It also covers auto-configuration, application configuration, testing, supported technologies, case studies, and other features like production readiness and remote shell access.
Spring Boot is a framework for creating stand-alone, production-grade Spring based Applications that can be "just run". It provides starters for auto-configuration of common Spring and third-party libraries providing features like Thymeleaf, Spring Data JPA, Spring Security, and testing. It aims to remove boilerplate configuration and promote "convention over configuration" for quick development. The document then covers how to run a basic Spring Boot application, use Rest Controllers, Spring Data JPA, Spring Security, and testing. It also discusses deploying the application on a web server and customizing through properties files.
Using HttpWatch Plug-in with Selenium Automation in JavaSandeep Tol
This article will give the developers and testers to use Java programming for capturing IE browser HTTP logs using HTTP Watch Plug-in (V10) , in Selenium scripts
HTTP Watch comes with inbuilt API support to integrate with selenium scripts written in C# or PHP scripts . Refer http://apihelp.httpwatch.com/#Automation%20Overview.html
But unfortunately they don’t have API written for JAVA. There are no samples or articles available to use Httpwtach with Java interface.
Using this article you would learn how HttpWatch plug-in which component can be easily interfaced with Java code and then executed via selenium script.
The solution is to use Java COM bridge and invoke HTTP Watch plugin API from Java based selenium scripts.
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP
This document summarizes Frans Rosén's presentation on attacking modern web technologies. It discusses vulnerabilities in AppCache that allowed files to be cached and executed across domains. It also describes issues with upload policies for cloud storage services like AWS S3 and Google Cloud that could allow overwriting or reading arbitrary files if not properly configured. Finally, it presents examples of how cross-site scripting could occur through improper validation of user-supplied data sent via postMessage between domains.
A Hacker's perspective on AEM applications securityMikhail Egorov
Mikhail Egorov gave a presentation on security vulnerabilities in Adobe Experience Manager (AEM) applications. He discussed three vulnerabilities - CVE-2019-8086, CVE-2019-8087, and CVE-2019-8088 - which involved XML external entity injection, JavaScript code injection, and ways to exploit them. He explained the technical details of each vulnerability and provided examples of payloads and steps required for exploitation. Egorov concluded by recommending keeping AEM updated, blocking anonymous write access to certain paths, and removing demo content to help prevent security issues.
This document discusses API testing and tools for API test automation. It begins with an overview of APIs and their history, then defines API testing and discusses considerations for API testing today and in the future. Top concerns for API testing are listed as functionality, performance, security, and availability. RESTful web services and their use of HTTP requests and JSON format are covered. Finally, the document introduces Postman, SoapUI, and Robot Framework as examples of tools for API test automation and provides brief descriptions of each tool.
This document discusses Spring Boot, an open source framework for building microservices and web applications. It provides scaffolding to help build Spring-based services more quickly. The author chose Spring Boot for a project because it integrates well with other frameworks like Jersey and allows building services quickly. Key Spring Boot components discussed include REST frameworks, embedded servers, logging frameworks, security, and metrics. The author outlines their Spring Boot stack and package structure. They discuss using Spring Data for persistence, Swagger for API documentation, and helper libraries like Lombok. The document also covers testing approaches using REST Assured and Spring Integration.
Debugging in JavaScript
It is common to have errors while writing codes and the errors can be due to syntax or logical. These errors create a lot of ambiguity in the logic and understanding of both users and programmers. There can also be errors in the code which can remain invisible to the programmer’s eye and can create havoc. To identify these errors we need Debuggers that can go through the entire code or program, identify the errors and also fix them.
-Debugger
The debugger keyword is used in the code to force stop the execution of the code at a breaking point and calls the debugging function. The debugger function is executed if any debugging is needed at all else no action is performed.
Making The Move To Java 17 (JConf 2022)Alex Motley
Are your applications still running on Java 8 or even older, unsupported versions? Or maybe you've already made the move to Java 11? Thinking about switching your application to run on Java 17 and not sure where to start? There is a lot to think about when it comes to planning a Java migration, but there are tools and strategies that can help! Come to this session to learn about the significant changes in Java that might impact your application. Topics include the removal of APIs (such as Java EE packages) and behavior changes resulting from moving an application running previous Java versions to Java 17. Learn about tools to use that help you identify potential issues within your application and how to resolve them! The discussion is informative to developers and system administrations who are interested in evaluating applications before they are migrated and while making the code changes.
This document provides an overview of Spring Boot, including:
- Comparisons between Spring Boot, Spring, and Spring MVC.
- The advantages of Spring Boot like auto-configuration and ease of use.
- How to get started with Spring Boot using start.spring.io and key annotations.
- How Spring Boot handles dependencies, logging, exceptions, and databases.
- References additional resources on Spring Boot.
This presentation introduces the new Java EE 8 Security API JSR 375. Originally presented at Devoxx France 2015, the slides present the motivation behind the new JSR, some history, the expert group, and a summary of ideas.
The slides were created after the expert group had been meeting for about a month, so the ideas are raw and undeveloped. However, the ideas in the slides do indicate the general direction the JSR is headed, with respect to modernizing, simplifying, and standardizing the Java EE Security API.
What is tackled in the Java EE Security API (Java EE 8)Rudy De Busscher
The Java EE Security API (JSR-375) wants to simplify the implementation of security-related features in your Java EE application. Application server specific configuration changes will be no longer needed and things will be much more app developer friendly. Aligning security with the ease of development we saw in the recent version of Java EE. We will show you the basic goals and concepts behind Java EE Security API. And of course, demos with the current version of the RI, named Soteria, how you can do Authentication and Authorization.
Rasheed Amir presents on Spring Boot. He discusses how Spring Boot aims to help developers build production-grade Spring applications quickly with minimal configuration. It provides default functionality for tasks like embedding servers and externalizing configuration. Spring Boot favors convention over configuration and aims to get developers started quickly with a single focus. It also exposes auto-configuration for common Spring and related technologies so that applications can take advantage of them without needing to explicitly configure them.
Spring Boot is a framework that makes it easy to create stand-alone, production-grade Spring based Applications that can be "just run". It takes an opinionated view of the Spring platform and third-party libraries so that new and existing Spring developers can quickly get started with minimal configuration. Key features include automatic configuration of Spring, embedded HTTP servers, starters for common dependencies, and monitoring endpoints.
Securing Java EE apps using WildFly ElytronJan Kalina
1) Elytron is WildFly's new security subsystem that replaces legacy security configurations.
2) Elytron provides authentication mechanisms like BASIC and DIGEST and security realms like LDAP and JDBC to verify credentials.
3) Security domains in Elytron integrate authentication, authorization, and principal transformation using concepts like authentication factories, permission mappers, and realm mappers.
The document discusses installing the Groovy engine in Apache Jmeter to enable scripting capabilities. It is a 4 step process: 1) Download the latest Groovy version, 2) Extract and copy Groovy jar files to the Jmeter lib/ext folder, 3) Restart Jmeter, 4) Add a JSR223 sampler where Groovy will be available as a scripting option to write and execute Groovy scripts.
The document discusses Spring Boot, a framework from the Spring Team that aims to ease the bootstrapping and development of new Spring applications. Spring Boot allows applications to start quickly with very little Spring configuration. It provides some sensible defaults to help developers get started quickly on new projects.
At the Devoxx 2015 conference in Belgium, Guillaume Laforge, Product Ninja & Advocate at Restlet, presented about the never-ending REST API design debate, covering many topics like HTTP status codes, Hypermedia APIs, pagination/searching/filtering, and more.
This document provides an overview of LambdaTest, a new Scala testing framework designed for functional programming. It discusses LambdaTest's core concepts like immutable states and transformations, different types of actions, and support for ScalaCheck. Examples are provided to demonstrate testing mutable and immutable code, exceptions, tags, timing tests, and extending LambdaTest. Upcoming features like asynchronous testing with LambdaTestExpect are also previewed. The document aims to introduce developers to LambdaTest's philosophy and capabilities for writing concise, readable tests in a functional style.
This document provides an introduction to Spring Boot, including its objectives, key principles, and features. It discusses how Spring Boot enables building standalone, production-grade Spring applications with minimal configuration. It demonstrates creating a "Hello World" REST app with one Java class. It also covers auto-configuration, application configuration, testing, supported technologies, case studies, and other features like production readiness and remote shell access.
Spring Boot is a framework for creating stand-alone, production-grade Spring based Applications that can be "just run". It provides starters for auto-configuration of common Spring and third-party libraries providing features like Thymeleaf, Spring Data JPA, Spring Security, and testing. It aims to remove boilerplate configuration and promote "convention over configuration" for quick development. The document then covers how to run a basic Spring Boot application, use Rest Controllers, Spring Data JPA, Spring Security, and testing. It also discusses deploying the application on a web server and customizing through properties files.
Using HttpWatch Plug-in with Selenium Automation in JavaSandeep Tol
This article will give the developers and testers to use Java programming for capturing IE browser HTTP logs using HTTP Watch Plug-in (V10) , in Selenium scripts
HTTP Watch comes with inbuilt API support to integrate with selenium scripts written in C# or PHP scripts . Refer http://apihelp.httpwatch.com/#Automation%20Overview.html
But unfortunately they don’t have API written for JAVA. There are no samples or articles available to use Httpwtach with Java interface.
Using this article you would learn how HttpWatch plug-in which component can be easily interfaced with Java code and then executed via selenium script.
The solution is to use Java COM bridge and invoke HTTP Watch plugin API from Java based selenium scripts.
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP
This document summarizes Frans Rosén's presentation on attacking modern web technologies. It discusses vulnerabilities in AppCache that allowed files to be cached and executed across domains. It also describes issues with upload policies for cloud storage services like AWS S3 and Google Cloud that could allow overwriting or reading arbitrary files if not properly configured. Finally, it presents examples of how cross-site scripting could occur through improper validation of user-supplied data sent via postMessage between domains.
A Hacker's perspective on AEM applications securityMikhail Egorov
Mikhail Egorov gave a presentation on security vulnerabilities in Adobe Experience Manager (AEM) applications. He discussed three vulnerabilities - CVE-2019-8086, CVE-2019-8087, and CVE-2019-8088 - which involved XML external entity injection, JavaScript code injection, and ways to exploit them. He explained the technical details of each vulnerability and provided examples of payloads and steps required for exploitation. Egorov concluded by recommending keeping AEM updated, blocking anonymous write access to certain paths, and removing demo content to help prevent security issues.
This document discusses API testing and tools for API test automation. It begins with an overview of APIs and their history, then defines API testing and discusses considerations for API testing today and in the future. Top concerns for API testing are listed as functionality, performance, security, and availability. RESTful web services and their use of HTTP requests and JSON format are covered. Finally, the document introduces Postman, SoapUI, and Robot Framework as examples of tools for API test automation and provides brief descriptions of each tool.
This document discusses Spring Boot, an open source framework for building microservices and web applications. It provides scaffolding to help build Spring-based services more quickly. The author chose Spring Boot for a project because it integrates well with other frameworks like Jersey and allows building services quickly. Key Spring Boot components discussed include REST frameworks, embedded servers, logging frameworks, security, and metrics. The author outlines their Spring Boot stack and package structure. They discuss using Spring Data for persistence, Swagger for API documentation, and helper libraries like Lombok. The document also covers testing approaches using REST Assured and Spring Integration.
Debugging in JavaScript
It is common to have errors while writing codes and the errors can be due to syntax or logical. These errors create a lot of ambiguity in the logic and understanding of both users and programmers. There can also be errors in the code which can remain invisible to the programmer’s eye and can create havoc. To identify these errors we need Debuggers that can go through the entire code or program, identify the errors and also fix them.
-Debugger
The debugger keyword is used in the code to force stop the execution of the code at a breaking point and calls the debugging function. The debugger function is executed if any debugging is needed at all else no action is performed.
Making The Move To Java 17 (JConf 2022)Alex Motley
Are your applications still running on Java 8 or even older, unsupported versions? Or maybe you've already made the move to Java 11? Thinking about switching your application to run on Java 17 and not sure where to start? There is a lot to think about when it comes to planning a Java migration, but there are tools and strategies that can help! Come to this session to learn about the significant changes in Java that might impact your application. Topics include the removal of APIs (such as Java EE packages) and behavior changes resulting from moving an application running previous Java versions to Java 17. Learn about tools to use that help you identify potential issues within your application and how to resolve them! The discussion is informative to developers and system administrations who are interested in evaluating applications before they are migrated and while making the code changes.
This document provides an overview of Spring Boot, including:
- Comparisons between Spring Boot, Spring, and Spring MVC.
- The advantages of Spring Boot like auto-configuration and ease of use.
- How to get started with Spring Boot using start.spring.io and key annotations.
- How Spring Boot handles dependencies, logging, exceptions, and databases.
- References additional resources on Spring Boot.
This presentation introduces the new Java EE 8 Security API JSR 375. Originally presented at Devoxx France 2015, the slides present the motivation behind the new JSR, some history, the expert group, and a summary of ideas.
The slides were created after the expert group had been meeting for about a month, so the ideas are raw and undeveloped. However, the ideas in the slides do indicate the general direction the JSR is headed, with respect to modernizing, simplifying, and standardizing the Java EE Security API.
What is tackled in the Java EE Security API (Java EE 8)Rudy De Busscher
The Java EE Security API (JSR-375) wants to simplify the implementation of security-related features in your Java EE application. Application server specific configuration changes will be no longer needed and things will be much more app developer friendly. Aligning security with the ease of development we saw in the recent version of Java EE. We will show you the basic goals and concepts behind Java EE Security API. And of course, demos with the current version of the RI, named Soteria, how you can do Authentication and Authorization.
This document discusses upcoming features in Java EE 8, including enhancements to JAX-RS 2.1, JSON-P 1.1, and server-sent events. Some key changes are the addition of reactive client APIs and non-blocking I/O in JAX-RS providers, support for JSON pointer and patch operations in JSON-P, and new classes for server-sent events on both the client and server sides.
The document discusses plans for Java EE Next and Java EE 8. Key areas of focus for Java EE Next include improving the programming model for cloud and microservices, packaging for simplicity, resiliency, serverless computing, security, and support for key value/document stores. For Java EE 8, specifications will be updated including JAX-RS 2.1, Servlet 4.0, CDI 2.0, Bean Validation 2.0, JSF 2.3 and the new JSON-B 1.0 API. The goal is to deliver Java EE 8 in 2016 with initial microservices support and lay the groundwork for Java EE 9.
HTTP/2 Comes to Java - What Servlet 4.0 Means to YouDavid Delabassee
This document discusses the new features of HTTP/2 and how it will be supported in Java technologies. It provides an overview of HTTP/2, including its key features like request/response multiplexing and server push. It describes how Servlet 4.0 may expose these HTTP/2 features. It also discusses planned support for HTTP/2 in Java SE 9 and the current status. The overall agenda covers HTTP/2 capabilities, how Servlet could leverage them, Java SE 9 integration, and a summary.
Java EE 8: What Servlet 4.0 and HTTP/2 mean to youAlex Theedom
The goal of HTTP/2 is to increase the perceived performance of the web browsing experience. This is achieved by multiplexing over TCP and Server Push among other techniques. What implications does this have for developers? How does Servlet 4.0 embrace HTTP/2 and what support is there in JDK 9? We will see, with code examples, what the future of developing with HTTP/2 might look like.
The document discusses the basic steps for configuring Spring Security:
1. Set dependencies and create a WebSecurityConfigurerAdapter configuration class
2. Configure authentication using in-memory, JDBC, or LDAP
3. Ensure the security configuration is loaded by registering WebSecurityConfiguration
4. Configure the springSecurityFilterChain by extending AbstractSecurityWebApplicationInitializer
It provides code examples for configuring different authentication types and securing different URL patterns.
Sharing our experiences at GeeCON Prague on implementing Continuous delivery, moving from a release per month to multiple releases a day and full automation of all configuration, tests, environments and quality checks.
See also http://statelessprime.blogspot.co.at/2015/04/extending-arquillian-graphene.html
With Arquillian Graphene, you can write tests which inspect the GUI of your web application (HTML based ones) right from within your familiar Unit Test code structure.
And there are already many nice features available, but sometimes, you want to extend the concepts of Arquillian Graphene. So that you can write cleaner code in some use cases.
The good thing is that you can achieve this quite easily due to the internal structure of the framework which uses 'Enricher's and Service extensions.
10 Tips for Java EE 7 with PrimeFaces - JavaOne 2013Martin Fousek
This document provides an overview of 10 tips for using Java EE 7 with PrimeFaces. It begins with introductions to Java EE 7, JavaServer Faces 2.2, PrimeFaces, and NetBeans IDE. It then covers individual tips including HTML5 friendly markup, resource libraries contracts, ExpressionLanguage 3.0, using PrimeFaces components, themes, PrimePush/PrimeUI/PrimeMobile, JSF scaffolding with PrimeFaces, Faces Flows, annotation-based component registration, and file upload. Code samples demonstrating each tip are provided in a GitHub repository.
Octopus framework; Permission based security framework for Java EERudy De Busscher
Octopus framework for using permission based security in your Java EE app capable of securing URL, JSF components and CDI and EJB methods with the same security voters.
What’s new in JSR 367 Java API for JSON BindingDmitry Kornilov
The document discusses the JSR 367 Java API for JSON Binding specification. It provides an overview of the status and progress of the JSR, including the formation of an expert group and publication of an early draft. It also summarizes the key aspects of the specification, including the JSONB runtime API for converting Java objects to and from JSON, the default mapping for basic types and classes, and the reference implementation.
WS-Security is a standard for adding security to web service messages. It provides mechanisms for authentication, integrity, confidentiality and security tokens. It is based on XML Encryption and XML Signature standards and allows profiles to support different crypto technologies like SAML tokens, X.509 tokens and username tokens. WS-Security defines how to include security headers in SOAP messages and reference security tokens and signed/encrypted parts of messages.
The document discusses plans for Java EE 8 based on feedback from the Java EE community survey. Key areas of focus for Java EE 8 include improved support for HTML5/web technologies like JSON binding and processing, easier development through CDI alignment, and enhanced capabilities for cloud deployment. The Java EE 8 release will be driven by priorities set in the community survey, addressing needs like JSON processing updates, JSON binding through JSR 367, and support for new standards.
The document discusses how the Servlet 4.0 specification could expose features of HTTP/2 to Java applications. It describes key HTTP/2 features like request/response multiplexing, stream prioritization, and server push. It proposes ways these could be exposed in the Servlet API, such as new methods on HttpServletRequest and HttpServletResponse. It also provides examples of how server push could be used from JavaServer Faces and model-view-controller applications. The presentation concludes with a summary of the current status of JSR-369 to standardize Servlet 4.0 and bring HTTP/2 support to Java EE.
The document discusses the Servlet 4.0 specification led by Ed Burns and Dr. Shing-Wai Chan. It provides an overview of the major new features of HTTP/2 including request/response multiplexing, binary framing, stream prioritization, server push, and header compression. It then outlines how features like server push could potentially be exposed through the Servlet API in Servlet 4.0. It concludes with an invitation for the community to contribute to the JSR-369 page by providing a list of JIRA components, use cases for sessionless applications, and references to async and thread safety in the specification and documentation.
The document discusses proposed changes to Java EE 8 and beyond. It proposes adding support for reactive programming, a unified event model, eventual consistency, NoSQL persistence and querying, and security enhancements like OAuth2 and secret management. It also discusses packaging improvements and making Java EE more suitable for cloud and microservices development. Feedback is sought from the Java EE community on the proposals.
What’s new in Java SE, EE, ME, Embedded world & new StrategyMohamed Taman
The document provides an introduction and biography of Mohamed Taman. It states that he is a Systems Architect and Design Supervisor at "e-finance" and is involved with the JCP Executive Committee. It lists his other roles including being a board member of the "Oracle Egypt Architect Club" and being a frequent speaker at various conferences. It provides contact details and links to his blog and social media profiles.
The document provides an overview of the Java EE 8 specification update including proposed enhancements and changes. Key points include:
- Servlet 4.0 will add support for HTTP/2 to improve performance. Other specifications like JAX-RS 2.1 and JSF 2.3 will be enhanced.
- Some originally planned specifications like JMS 2.1 and Java EE Management 2.0 may be dropped from Java EE 8.
- A "reboot" was conducted and the scope of some specs like Security 1.0 was expanded. New specifications around areas like health checking and configuration may be added.
- Specification groups are actively working on drafts and milestones for specs like CDI
Overview of Java EE 6 by Roberto Chinnici at SFJUGMarakana Inc.
The document provides an overview of the new features in the Java EE 6 platform, including new APIs, the Web Profile specification, improved extensibility, and highlights of APIs like JAX-RS and EJB 3.1. It summarizes the key components and extension points included in the Web Profile and describes how the platform focuses on pluggability, modular web applications, and common design patterns across APIs.
This document discusses Java EE 6 and GlassFish. It provides an overview of the new features in Java EE 6 including new APIs, the web profile, pluggability, dependency injection, and improvements to existing APIs. It also summarizes the key components of GlassFish including its support for OSGi, dynamic deployment, web session retention, and integration with tools like Eclipse and Maven.
Java EE 7 will focus on enabling Java EE applications and services to easily operate in public and private cloud environments. Key areas of focus include improved packaging for cloud deployment, tighter resource management, and potential new APIs for cloud services. Modularity enhancements based on Java SE 8 modules will allow applications to be composed of independent, versioned modules. The first Java EE 7 specifications have already been approved.
The document discusses Java EE 8 and proposes enhancements and new features for several Java EE specifications. It provides an overview of the original plan for Java EE 8, including continued web standard alignment, cloud enhancements, and smaller features. It also discusses updating the specifications for Servlet 4.0, JMS 2.1, JAX-RS 2.1, JSF 2.3, CDI 2.0, JSON-P 1.1, the Java EE Management API 2.0, and a new MVC specification.
Contextual Dependency Injection for Apachecon 2010Rohit Kelapure
The document discusses the history and evolution of Java EE and its specifications such as EJB and JSF. It introduces key concepts in Java EE 6 including Contexts and Dependency Injection (CDI), which provides a standard way to inject dependencies into Java objects without hardcoding them. CDI allows for loose coupling through contextual lifecycles and scopes, interceptors, and producers that control bean instantiation.
Java EE 6 and GlassFish v3 aim to make Java EE more flexible, lightweight, and easier to develop on. Key features of Java EE 6 include profiles, extensibility through frameworks and web fragments, and annotations that reduce the need for deployment descriptors. GlassFish v3 is the open source reference implementation of Java EE 6 and includes new capabilities like monitoring, administration via REST, and deployment-on-save for increased productivity. Oracle plans to continue GlassFish as the Java EE reference implementation and add it to their WebLogic offerings.
Java EE 8 will include updates to several existing specifications as well as new specifications. Key updates include JMS 2.1, JAX-RS 2.1, JSF 2.3, CDI 2.0, and JSON-P 1.1. New specifications include JCache 1.0, JSON-B 1.0, MVC 1.0, and Java EE Security API 1.0. Java EE 8 is currently in development, with early drafts of specifications and milestones available to provide feedback on. A final release is planned for Q3 2016.
This document discusses the Java EE Web Profile, which is a subset of the full Java EE specification focused on web applications. The Web Profile includes technologies like JSF, JAX-RS, JPA and CDI, but omits features like EJB, JMS and JavaMail. It is designed to provide a lighter weight alternative to full Java EE servers for web applications. Examples are given showing how the Web Profile could be used for migrating from Tomcat, building real-time apps with WebSocket, RESTful web services, and microservices.
The Java EE Security API (JSR-375) wants to simplify the implementation of security-related features in your Java EE application. Application server specific configuration changes will be no longer needed and things will be much more app developer friendly. Aligning security with the ease of development we saw in the recent version of Java EE. We will show you the basic goals and concepts behind Java EE Security API. And of course, demos with the current version of the RI, named Soteria, how you can do Authentication and Authorization.
Deep Dive Hands-on in Java EE 6 - Oredev 2010Arun Gupta
Arun Gupta presents an overview of the key features and specifications of Java EE 6, including:
1) Lightweight profiles like the Web Profile 1.0 make Java EE easier to use for web applications. Core specifications like EJB 3.1, JSF 2.0, and JPA 2.0 saw major updates.
2) New specifications include Contexts and Dependency Injection and Bean Validation which make developing Java EE applications simpler.
3) Servlets 3.0 brings annotations-based configuration and extensibility through web fragments, making it easier for frameworks to integrate with Java EE containers.
Java EE 6 introduces several new specifications and updates to existing ones to improve ease of development. Key additions include Contexts and Dependency Injection (JSR 299), Bean Validation (JSR 303), and a RESTful Web Services API (JSR 311). Many specifications were updated, including major overhauls to Java Server Faces 2.0 (JSR 314) and Java Persistence 2.0 (JSR 317). The reference implementation is GlassFish v3, which supports all Java EE 6 features and provides both open source and commercial distributions.
Jakarta EE is an open source Java platform that provides a wide range of APIs for building enterprise applications. It is made up of specifications covering areas like web services, security, and object-relational mapping. The document discusses the history and evolution of Jakarta EE, its relationship to other technologies like Spring and MicroProfile, and its importance for businesses, careers, and the Java ecosystem. It also outlines proposals for future versions like Jakarta EE 10 that aim to improve areas like security, messaging, and NoSQL support.
InterConnect 2016 Java EE 7 Overview (PEJ-5296)Kevin Sutter
Java EE 7 is an update to the Java Platform, Enterprise Edition that includes new APIs and functionality for batch processing, JSON processing, WebSocket, RESTful web services, and more. Key features include batch applications, JSON processing improvements, WebSocket support, simplified JMS API, and more annotated POJOs with less boilerplate code. WebSphere Application Server and IBM WebSphere Liberty support Java EE 7.
Java EE 6 workshop at Dallas Tech Fest 2011Arun Gupta
The document outlines the key features and capabilities of Java EE 6, which aims to provide more power to developers with less code. It discusses various Java EE 6 technologies like EJB 3.1, CDI, JPA 2.0, JSF 2.0, JAX-RS and how they simplify development. It also previews GlassFish 3.1, the reference implementation of Java EE 6 and talks about the next steps in the evolution of Java EE.
Java EE 6 & GlassFish = Less Code + More Power @ DevIgnitionArun Gupta
The document summarizes new features in Java EE 6 and GlassFish v3 that aim to provide developers with more powerful capabilities while requiring less code. Key highlights include annotations to simplify configuration and development, support for RESTful web services and dependency injection, and improvements to Java Server Faces, EJBs, and the Java Persistence API to enhance developer productivity.
The document is a presentation about Java EE 6 and GlassFish. It discusses how Java EE 6 and GlassFish aim to provide developers with less code and more power through features like annotations, simplified configurations, and support for newer Java technologies. It also summarizes some of the new Java EE 6 specifications and how they improve areas like web development, EJBs, JSF, JPA and more.
Java EE 6 & GlassFish = Less Code + More Power at CEJUGArun Gupta
The document discusses Java EE 6 and GlassFish, which provide developers with more power and flexibility while requiring less code. Key features of Java EE 6 like EJB 3.1, CDI, and JSF 2.0 incorporate more annotations and reduce the need for deployment descriptors. GlassFish is the open source reference implementation of Java EE 6 and offers benefits like modularity, embeddability, and support for cloud computing. Future versions of Java EE and GlassFish will focus on continued standards-based innovation.
This document provides an overview of the proposed Java EE 8 specifications and technologies, including summaries of the key features and goals of each specification. Some of the major specifications covered include CDI 2.0, JSON Binding 1.0, JAX-RS 2.1, JMS 2.1, Servlet 4.0, JSF 2.3, and others. It also discusses the Java EE 8 roadmap and opportunities for community participation.
Integration testing is difficult as you need additional systems, like a database, with a predefined set of data to have repeatable tests.
With the availability of the Testcontainers framework, developers can test the real application by deploying it in a container using the runtime that will be used in production and dependencies available in other containers.
In this session, we explore a few scenarios of how you can use the Testcontainers framework to test your Jakarta EE application, including a remote debug session of your code.
The document discusses the new Jakarta EE Core Profile, including CDI Lite, JAX-RS SE Bootstrap API, modularity, and compatible runtimes like WildFly and OpenLiberty. It explains goals of the Core Profile like supporting modern cloud applications and microservices with ahead-of-time compilation and modularity. Key aspects covered include CDI Lite's reduced scope and faster startup compared to full CDI, and how runtimes like Helidon, Quarkus, Micronaut, and Piranha Cloud are exploring Core Profile support.
Faster data access can be achieved with MicroStream by using the Java virtual machine's memory as the primary data source. MicroStream allows querying and retrieving data directly from Java objects without impedance mismatch issues and conversions to and from a database. Benchmark tests showed MicroStream was much faster than traditional Java persistence solutions like JDBC and Hibernate for both writing and retrieving data. MicroStream is also useful for local caching within microservices, serverless applications, and offline mobile storage.
JDK 17, the next LTS version of Java, is available and it contains not only new language constructs but also there are many operational improvements like higher performance. We have a look at what a Jakarta EE developer will find interesting, even if you are using Jakarta EE 8.
Learn about these features and improvements including Records, Text blocks, Garbage collection improvements, and monitoring through Flight Recorder in several live demos with Payara Micro. After this session you will be able to use all new shiny features of JDK 17 in your next Java Enterprise application.
How Class Data Sharing Can Speed up Your Jakarta EE Application StartupRudy De Busscher
Java Byte code is OS independent, which means that your application's startup takes more time than a native image. Using the Class Data Sharing functionality introduced in more recent versions of the JVM, you can prepare your application so that it will load very fast.
In this presentation, I'll go into more detail what Class Data Sharing is and the differences between the OpenJDK and OpenJ9 versions. With some Jakarta EE demo applications, you will see gains that you can achieve and reduce memory footprint a lot in Docker containers by sharing memory.
Kubernetes is much more than a runtime platform for Docker containers. Through its API not only can you create custom clients, but you can also extend Kubernetes. Those custom Controllers are called Operators and work with application-specific custom resource definitions.
Not only can you write those Kubernetes operators in Go, but you can also do this in Java. Within this talk, you will be guided through setting up and your first explorations of the Kubernetes API within a plain Java program. We explore the concepts of resource listeners, programmatic creation of deployments and services and how this can be used for your custom requirements.
Finally, easy integration testing with TestcontainersRudy De Busscher
Integration testing is always a difficult area. You need to make sure that all system are connected, data is correctly initialised for each run and test runs do not interfere with each other.
You can do integration testing today, but sometimes these tests are flaky for various reasons or they cannot cover all the cases that you would like to test.
With the Testcontainers project, this issue can be a thing of the past. It allows you to create reliable integration tests covering a wide range of scenarios like database usages, micro services interaction and GUI testing. One of the important factors for the success of this framework is the usage of Docker containers to create a reproducible environment for the test.
Control and monitor_microservices_with_microprofileRudy De Busscher
Microservices architecture has many benefits. But it comes at a cost. Running microservices and monitoring what’s going on is tedious. That’s why MicroProfile adopts monitoring as a first-class concept. In this session, learn how MicroProfile runtimes collect metrics and how to seamlessly collect them with tools like Prometheus and Grafana. Learn how MicroProfile makes it easy to connect information about interrelated service calls, how to gather the information and analyze system bottlenecks, how to deploy and scale MicroProfile applications with Kubernetes and how to react to their health status to detect and automatically recover from failures.
How can you make different pieces of your unit of work consistent in the distributed setup of your micro-service application?
You associate the term transaction probably with a database, but the data source can be anything including a database in the micro-service world.
The MicroProfile Long Running Actions specification is based on sagas and the OASIS LRA transaction model specification. It defines the framework to guarantee the eventual consistency requirement using compensating actions for example.
This session will explain you the challenges and concepts of the MP LRA framework.
How can you make different pieces of your unit of work consistent in the distributed setup of your micro-service application?
You associate the term transaction probably with a database, but the data source can be anything including a database in the micro-service world.
The MicroProfile Long Running Actions specification is based on sagas and the OASIS LRA transaction model specification. It defines the framework to guarantee the eventual consistency requirement using compensating actions for example.
This session will explain you the challenges and concepts of the MP LRA framework.
Microservices architecture has many benefits. But it comes at a cost. Running microservices and monitoring what’s going on is tedious. That’s why MicroProfile adopts monitoring as a first-class concept. In this session, learn how MicroProfile runtimes collect metrics and how to seamlessly collect them with tools like Prometheus and Grafana. Learn how MicroProfile makes it easy to connect information about interrelated service calls, how to gather the information and analyze system bottlenecks, how to deploy and scale MicroProfile applications with Kubernetes and how to react to their health status to detect and automatically recover from failures.
This document discusses gradually migrating Java EE applications to use MicroProfile features. It presents two options for the migration: 1) Adding MicroProfile implementations to an existing Java EE server or 2) Using a Java EE server that integrates MicroProfile implementations. The document demonstrates migrating a sample mortgage application first using Thorntail and then Payara Micro. It highlights some issues that may occur and advantages of each approach.
With the rise of micro-services, REST communication is more popular than ever. But the communication between the different parts must also be performed in a secure way.
First, we need to know if the user or system is allowed to call the JAX-RS endpoint. For this authentication part, self-contained tokens are the best option to not overload any of our services in the system. JWT which contains the authentication but also can contain the authorization info is ideal for this use-case.
And secondly, we need guarantees that the message isn't altered, that we can have message integrity. For that part, we can use signatures like specified in the HTTP signature draft specification.
From Monolith to micro-services and back : The Self Contained SystemsRudy De Busscher
Monoliths aren't bad in all situations, but in larger projects, it is desirable to work in a more modular way.
But microservices bring a lot of complexity which is maybe not always desired or needed.
Self-contained Systems, which are autonomous web applications, are an ideal way to make your large application manageable by multiple teams.
This session will make a comparison between the 3 architectural styles, monoliths, micro-services and Self-Contained Systems highlighting their strengths and their weaknesses.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
What is Master Data Management by PiLog Groupaymanquadri279
PiLog Group's Master Data Record Manager (MDRM) is a sophisticated enterprise solution designed to ensure data accuracy, consistency, and governance across various business functions. MDRM integrates advanced data management technologies to cleanse, classify, and standardize master data, thereby enhancing data quality and operational efficiency.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfUndress Baby
The quest for the best AI face swap solution is marked by an amalgamation of technological prowess and artistic finesse, where cutting-edge algorithms seamlessly replace faces in images or videos with striking realism. Leveraging advanced deep learning techniques, the best AI face swap tools meticulously analyze facial features, lighting conditions, and expressions to execute flawless transformations, ensuring natural-looking results that blur the line between reality and illusion, captivating users with their ingenuity and sophistication.
Web:- https://undressbaby.com/
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Odoo ERP software
Odoo ERP software, a leading open-source software for Enterprise Resource Planning (ERP) and business management, has recently launched its latest version, Odoo 17 Community Edition. This update introduces a range of new features and enhancements designed to streamline business operations and support growth.
The Odoo Community serves as a cost-free edition within the Odoo suite of ERP systems. Tailored to accommodate the standard needs of business operations, it provides a robust platform suitable for organisations of different sizes and business sectors. Within the Odoo Community Edition, users can access a variety of essential features and services essential for managing day-to-day tasks efficiently.
This blog presents a detailed overview of the features available within the Odoo 17 Community edition, and the differences between Odoo 17 community and enterprise editions, aiming to equip you with the necessary information to make an informed decision about its suitability for your business.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Oracle Database 19c New Features for DBAs and Developers.pptx
Java ee 8 + security overview
1. What can we expect in
Java EE 8
and in particular for Java EE Security?
2. Who Am I
Rudy De Busscher
C4J: Senior Java Web Developer, Java Coach
JSR375: Java EE Security API Expert group member
Java EE believer
@rdebusscher
http://jsfcorner.blogspot.be
http://javaeesquad.blogspot.be
3. Agenda
▪ Java EE
▪ How We Got Here
▪ Where We Are Going
▪ Servlet 4
▪ JSON-B
▪ Server sent Events
▪ MVC
▪ CDI
▪ Java EE Security API
▪ Why
▪ Terminology
▪ API for Authentication Mechanism
▪ API for Identity Store
▪ API for Role/Permission Assignment
▪ API for Security Context
▪ API for Authorization Interceptors
4. J2EE 1.3
CMP,
JCA
J2EE 1.4
Web
Services,
Mgmt,
Deplymnt
Java EE 5
Ease of Use,
EJB 3, JPA,
JSF, JAXB,
JAX-WS
Java EE 6
Pruning,
Ease of Use,
JAX-RS,
CDI,
Bean-
Validation
Web Profile
Servlet 3,
EJB 3.1 Lite
Java EE 7
JMS 2,
Batch, TX,
Concurr,
Web-
Sockets,
JSON
Web Profile
JAX-RS 2
J2EE 1.2
Servlet,
JSP, EJB,
JMS, RMI
Java EE Past, Present, &
Future
5. J2EE 1.3
CMP,
JCA
J2EE 1.4
Web
Services,
Mgmt,
Deplymnt
Java EE 5
Ease of Use,
EJB 3, JPA,
JSF, JAXB,
JAX-WS
Java EE 6
Pruning,
Ease of Use,
JAX-RS,
CDI,
Bean-
Validation
Web Profile
Servlet 3,
EJB 3.1 Lite
Java EE 7
JMS 2,
Batch, TX,
Concurr,
Web-
Sockets,
JSON
Web Profile
JAX-RS 2
J2EE 1.2
Servlet,
JSP, EJB,
JMS, RMI
Java EE Past, Present, &
Future
6. J2EE 1.3
CMP,
JCA
J2EE 1.4
Web
Services,
Mgmt,
Deplymnt
Java EE 5
Ease of Use,
EJB 3, JPA,
JSF, JAXB,
JAX-WS
Java EE 6
Pruning,
Ease of Use,
JAX-RS,
CDI,
Bean-
Validation
Web Profile
Servlet 3,
EJB 3.1 Lite
Java EE 7
JMS 2,
Batch, TX,
Concurr,
Web-
Sockets,
JSON
Web Profile
JAX-RS 2
J2EE 1.2
Servlet,
JSP, EJB,
JMS, RMI
Java EE Past, Present, &
Future
7. J2EE 1.3
CMP,
JCA
J2EE 1.4
Web
Services,
Mgmt,
Deplymnt
Java EE 5
Ease of Use,
EJB 3, JPA,
JSF, JAXB,
JAX-WS
Java EE 6
Pruning,
Ease of Use,
JAX-RS,
CDI,
Bean-
Validation
Web Profile
Servlet 3,
EJB 3.1 Lite
Java EE 7
JMS 2,
Batch, TX,
Concurr,
Web-
Sockets,
JSON
Web Profile
JAX-RS 2
J2EE 1.2
Servlet,
JSP, EJB,
JMS, RMI
Java EE Past, Present, &
Future
8. J2EE 1.3
CMP,
JCA
J2EE 1.4
Web
Services,
Mgmt,
Deplymnt
Java EE 5
Ease of Use,
EJB 3, JPA,
JSF, JAXB,
JAX-WS
Java EE 6
Pruning,
Ease of Use,
JAX-RS,
CDI,
Bean-
Validation
Web Profile
Servlet 3,
EJB 3.1 Lite
Java EE 7
JMS 2,
Batch, TX,
Concurr,
Web-
Sockets,
JSON
Web Profile
JAX-RS 2
J2EE 1.2
Servlet,
JSP, EJB,
JMS, RMI
Java EE Past, Present, &
Future
9. Connector
1.7
Managed Beans 1.0 EJB 3.2
Servlet 3.1
Eco-
system
JSF 2.2
JAX-RS
2
JMS 2JPA 2.1
EL 3
JTA 1.2
JSP 2.3
Interceptors 1.2 CDI 1.1
Common
Annotations 1.2
UpdatedMajor
Release
New
Concurrency
Utilities
Batch
Applications
Java API for JSON
Java API for
WebSocket
Bean
Validati
on 1.1
Java EE 7
13. ▪ Principal goal to support HTTP/2
• Request/response multiplexing over single connection
• Multiple streams
• Stream Prioritisation
• Server Push
• Binary Framing
• Header Compression
Servlet 4
15. Java API for JSON Binding
JSON-B
▪ API to marshal/unmarshal POJOs to/from JSON
• Very similar to JAXB in the XML world
▪ Default mapping of classes to JSON
• Annotations to customise the default mappings
• @JsonProperty, @JsonTransient, @JsonValue
▪ Draw from best of breed ideas in existing JSON binding solutions
• MOXy, Jackson, GSON, Genson, Xstream, …
• Allow switching providers
▪ Provide JAX-RS a standard way to support “application/json” for POJOs
• JAX-RS currently supports JSON-P
16. Server-Sent Events
(SSE)
▪ Lesser known part of HTML 5
• Standard JavaScript API on the browser
▪ Server-to-client streaming
• “Stock tickers”, monitoring applications
▪ Just plain long-lived HTTP
• Between the extremes of vanilla request/response and WebSocket
• Content-type ‘text/event-stream’
▪ Support via JAX-RS.next()
• Already supported in Jersey JAX-RS reference implementation
17. MVC
▪ Standard action-based web framework for Java EE
• JSF to continue on it’s evolution path, but not restricted too.
▪ Model
• CDI, Bean Validation, JPA
▪ View
• (Standard) Facelets, JSP (Other) Freemarker, …
▪ Controller
• Majority of work here
• Based on JAX-RS
18. • Component-based MVC
• like JSF, Wicket, …
• Action-based MVC
• like Struts 2, Spring MVC
MVC types
22. CDI 2
▪ Java SE Bootstrap
▪ XML configuration
▪ Asynchronous events
▪ @Startup for CDI beans
▪ Portable Extension SPI simplification
▪ Small features and enhancements
23. Adopting Java SE 8
▪ Most of Java SE 8 can already be used with Java EE
• GlassFish, WildFly and WebLogic support JDK 8
▪ Some APIs could adopt features
• Repeatable Annotations
• Date-Time API/JDBC 4.2
• Completable Future
• Lambda expressions, streams
• Default methods
24. • Expert Group nominations:
EE API veterans: many JSRs, many years struggling with
Security API
3rd party security framework creators/developers
EE platform security implementers
• March 2015: Expert Group started discussions
Java EE Security API
JSR-375
25. What’s wrong with Java EE
Security?
• Java EE Security viewed as not portable,
abstract/confusing, antiquated
• Doesn’t fit cloud app developer paradigm: requires
app server configuration
• "The ultimate goal is to have basic security working
without the need of any kind of vendor specific
configuration, deployment descriptors, or whatever. ”
– Arjan Tijms
26.
27. What to do?
• Plug the portability holes
• Modernize
Context Dependency Injection (CDI)
• Intercept at Access Enforcement Points: POJO methods
Expression Language (EL)
• Enable Access Enforcement Points with complex rules
• App Developer Friendly
• Common security configurations not requiring server changes
• Annotation defaults not requiring XML
28. Ideas
• Terminology
• API for Authentication Mechanism
• API for Identity Store
• API for Password Aliasing
• API for Role/Permission Assignment
• API for Security Context
• API for Authorization Interceptors
To modernize, standardise, simplify
29. Ideas - Terminology
• EG discussions revealed inconsistency in security API terms
• Different EE containers have different names for the same concepts
• When “something” gets authenticated, is that something a...
A User? (e.g. HttpServletRequest.getUserPrincipal)
A Caller? (e.g. EJBContext.getCallerPrincipal)
• What is a group?
A group of users?
A permission
Vs Role?
30. Ideas - Terminology
• What is that “something” where identities are stored?
security provider (WebLogic)
realm (Tomcat, some hints in Servlet spec)
(auth) repository
(auth) store
login module (JAAS)
identity manager (Undertow)
authenticator (Resin, OmniSecurity, Seam Security)
authentication provider (Spring Security)
identity provider
31. API for Authentication
Mechanism
• Application manages its own users and groups
• Application needs to authenticate users in order to assign
Roles
• Application authenticates based on application-domain
models
• Application needs to use an authentication method not
supported on the server, like OpenID Connect or OAuth2
• Developer wants to use portable EE Authentication standard
32. • Java Authentication Service Provider
Interface for Containers
• JSR 196, Maintenance Release 1.1,
in 2013
• Standardised, portable, thin, low-
level authentication framework
• JAAS (LoginModule) is Java SE and
thus not standard within Java EE
JASPIC
33. Authentication Events
• Throw standardised CDI events at important moments
PreAuthenticate Event
PostAuthenticate Event
PreLogout Event
PostLogout Event
• Possible uses:
Tracking number of logged-in users
Tracking failed login attempts per account
Side effects, like creating a new local user after initial successful authentication via a remote
authentication provider
Loading application-specific user preferences
34. • Where is the “user” info stored?
API for Identity Store
• Custom stores by annotated POJO’s
35. API for Role/Permission
Assignment
• After user/Caller is authenticated:
• Need to retrieve the roles/permissions/grants
• API to manage these assignments
• Dynamic role/permission assignment
36. Why role to group?
• Application; similar users are grouped in a Role
• Identity store
Used for more then 1 application
Probably has already some kind of grouping of users
(department, …)
• Map application Role to Identity store Group
• Today supported
Support in Deployment Descriptors, e.g. web.xml
37. Role vs Permission
• Role
Grouping of users
When “allowed actions” for a Role changes
Application needs to be changed an redeployed
• Permission
• “Key” to unlock some functionality. Permission is linked in code.
• User/Caller or even role has some permissions
• Changes -> only external where permissions are linked to users.
38. API for Security Context
• Application needs to access the security API
To get the authenticated user
To check roles
To invoke runAs.
• Application needs the same API to access security
context, regardless of container
39. API for Authorisation
Interceptors
• Application needs to restrict specific methods to
authorised users
• Application-model rules are used to make access
decisions
• Annotation based
• My requirements
Screen parts (like on JSF Component) needs certain permission
URL’s are protected based on permissions/roles/…
40. EL Authorization Rules
• To be used in security annotations
• Refer to any object, system or application defined
• Security rules tailored to the application.
• @EvaluateSecured("security.hasRoles('MANAGER')
&& schedule.nowIsOfficeHrs")
void transferFunds() {..};
41. Complex rules
• AccessDecisionVoter
• Concept from DeltaSpike / Octopus
• Complex logic written out in Java code (CDI bean)
• @Secured(AccountAccessDecisionVoter.class)
void transferFunds() {..};
• public void checkPermission
(AccessDecisionVoterContext ctx,
Set<SecurityViolation> violations) {
42. Get Involved
• Project Page: The starting point to all resources
https://java.net/projects/javaee-security-spec
• Users List: Subscribe and contribute users@javaee-
security-spec.java.net
• Github Playground: Fork and Play!
https://github.com/javaee-security-spec/javaee-
security-proposals
43. • What’s Coming in Java EE 8? - Reza Rahman
• http://www.slideshare.net/reza_rahman/javaee8
• Finally, EE Security API JSR 375 - Alex Kosowski
• http://www.slideshare.net/a_kosowski/devoxx-fr-ee8jsr375securityapiv1
• MVC in JavaEE 8 - Manfred Riem
• https://java.net/projects/ozark/downloads/download/Presentations/2014-javaone-
mvc-in-javaee8.pptx
Acknowledgements
For many folks that have not kept up-to-date with the evolution of Java EE, historical context is very important.
The J2EE period (prior to Java EE 5) is marked with a successful effort to establish the server-side Java standards based ecosystem.
Though widely criticized for complexity J2EE remains one of the most influential and groundbreaking technologies in the enterprise.
The Java community stepped in to meet the programming model challenges in J2EE with projects like Spring and Hibernate.
Java EE 5 absorbed many of the programming model changes from the community and included it’s own set of key innovations. The key changes in Java EE 5 were POJO programming, annotations over XML, intelligent defaults and zero-configuration systems. As a result of the changes in Java EE 5, Java EE remains one of the easiest to use platforms available today.
The key change in Java EE 6 was to introduce first-class generic dependency injection as a built-in part of the platform through CDI. The industry reception of Java EE 6 has been great resulting in the growing adoption of Java EE. Java EE 6 also introduced the Web Profile and a pruning process to make the platform as lightweight as possible.
Java EE 7 is an opportunity to build upon the success of Java EE 6 to make sure enterprise developers are ready for emerging challenges.
Some new APIs were added in Java EE 7, some have gone through major changes and others are point releases.
Almost every Java EE API has gone through a change. The point releases have important changes and taken together outweigh the new APIs and major updates.
The Java API for JSON, the Java API for WebSocket, JAX-RS 2, JSF 2.2, Servlet 3.1, Bean Validation 1.1, etc all contribute towards the HTML 5 theme.
JMS 2, CDI 1.1, JPA 2.1 and JTA 1.2 are examples of a laser focus on productivity while Java Batch and Java EE Concurrency Utilities are clearly geared towards meeting enterprise needs.
It is always important to remember Java EE forms the stable core of a vibrant ecosystem. Things like Arquillian, DeltaSpike, Forge, PrimeFaces continually move the ecosystem forward by building on the standard.
Java EE 7 has seen significantly increased community involvement as compared with previous releases like Java EE 6 and Java EE 5. We want to significantly improve upon that towards making Java EE 8 one of the most community driven technologies ever developed.
Towards this goal we started off Java EE 8 with a series of public surveys asking developers for feedback into what should go into the next revision of the platform. The first two parts asked about specific features we thought were important. We also allowed for any open ended feedback anyone may have. The last part of the survey asked the community to prioritize features. The survey was run for about three months and we received about 4,500 inputs. The data represented all sorts of folks from around the globe and many kinds of organizations.
The results of the survey are available for anyone to see. They have important insights into what the community thinks. The graphic depicts the final prioritization of features for Java EE 8.
Based largely on the survey we have drawn some possible themes for Java EE 8 – further web standards alignment, cloud features, CDI alignment, enterprise features as well as Java SE 8 alignment. In the next part of the presentation we will take a high level look at these features.
The web standards/HTML 5 alignment will consist of support for HTTP 2 via Servlet 4, JSON binding, updates to the lower level JSON processing API added in Java EE 7, a new action-oriented framework for Java EE and building upon the hypermedia support in JAX-RS 2 added in Java EE 7.
A number of possible Java EE 8 features are geared towards making it easier for applications to be deployed to the cloud. These include simplifications to the way Java EE application security is handled as well as being able to administer Java EE containers using a standard RESTful API.
We have been gradually aligning as many Java EE APIs as possible with CDI in Java EE 6 and Java EE 7. The eventual goal as desired by the community is to make CDI the central programming model in Java EE. One of the most important goals in Java EE 8 is to have a significant release of the CDI specification itself. Other possibilities include making more EJB services available to all Java EE managed components through CDI as well as pruning older EJB features such as CORBA interoperability.
There are a smaller number of important features on the enterprise front. JCache 1.0, the Java Caching standard, was originally planned to be included in Java EE 7 but was delayed. JCache is now finalized and could be used on top of Java EE 7 applications. The goal in Java EE 8 is to include JCache 1.1 into the platform. JCache 1.1 could make it a lot easier to use the API in Java EE applications. One of the goals the community thought was important was to make it easier to configure Java EE applications so this is something we will take a closer look at. JMS 2.1 will explore how to make messaging even easier in Java EE applications by utilizing CDI.
Finally we always try to make sure that Java EE is aligned with Java SE. Java SE 8 brings a number of useful features and we want to make sure Java EE developers can take maximum advantage of those features.
Java EE 8 is already in full swing. Many key JSRs including the Java EE 8 platform JSR were launched in the JavaOne 2014 time frame. Those expert groups are now fully active.
A second smaller batch of key JSRs including Java EE Security, Java EE Management and JSON-P 1.1 were launched more recently and are now solidifying their progress.
Many other JSRs like minor releases of WebSocket, Java EE Concurrency Utilities and JPA are yet to come.
There is still plenty of opportunities to participate and help shape Java EE 8.
Servlet 4 is easily one of the most important changes in Java EE 8. The principal goal of Servlet 4 is to bring HTTP 2 support to Java EE developers.
HTTP 2 is a very fundamental modernization of the protocol that keeps the internet together.
HTTP was designed with a very simple web in mind – a request is expected to produce just one artifact, likely a plain HTML page with some hyperlinks. The web today is a far more complex beast. A single page contains many possible dependent resources – images, style-sheets, scripts, videos and so on. As a result we currently lose a lot of performance as each dependent resource is retrieved through a separate HTTP request. HTTP 2 is aimed to boost web performance manifolds by fixing this impedance mismatch.
HTTP 2 accomplishes this by allowing the transfer of a number of resources from the server in a given request over a single initial TCP connection. Given a request from the client the server can send down as many related resources as needed by multiplexing the connection into streams. These streams can be assigned priorities such that the client browser can first retrieve what is absolutely needed for rendering such as the main page and some images while retrieving less important resources in the background. In addition HTTP 2 uses binary framing for significantly improved bandwidth usage as well as header sharing/compression across related resources.
We hope that a majority of these changes can be completely transparent to developers and simply be handled by Servlet runtime. However some of these changes will inevitably result in changes to the Servlet API. A majority of these changes can definitely be handled very transparently by higher level APIs such as JSF and JAX-RS.
Java EE 7 includes a low-level JSON parsing API akin to JAXP in the XML world.
On of the most popular features the community has asked for in Java EE 8 is a higher level binding API similar to JAXB in the XML world.
The API should be highly transparent and mostly just work with POJOs as is. There will likely be a small number of annotations to override default mappings such as renaming fields or marking fields transient.
The API will draw from existing non-standard JSON binding solutions like MOXy, Jackson, GSON and Genson as well as allow switching providers at runtime.
For the most part, developers do not even need to be aware of the actual API as it will be seamlessly integrated into higher level Java EE APIs such as JAX-RS. The idea is that the binding will simply take effect on POJOs when the runtime encounters the ‘application/json’ content-type. JSON-P is currently integrated with JAX-RS in a similar fashion. Note that JSON binding has long been supported in GlassFish and WebLogic through the non-standard MOXy project.
Java EE has had strong support for REST as of Java EE 6. In Java EE 7, we added support for WebSocket.
REST is intended for traditional HTTP based stateless request-response style communication. In this model the client initiates a single request, the server furnishes a response and the connection is closed. The vast majority of communication on the web is based on this model.
WebSocket is almost the opposite of plain HTTP and REST. It is a stateful, fully bi-directional, asynchronous communication model. Once a connection is established, either the client or the server can send messages whenever they need to. The connection is kept open as long as necessary. WebSocket is ideal for situations like chat, real-time online collaboration, online multiplayer games and the like.
SSE or Server-Sent Events are something between the extremes of plain HTTP and WebSocket. Using SSE once the client connects to the server, the server can send messages down over a period of time, in theory for as long as needed. SSE is good for use cases like stock tickers, monitoring applications, live maps and the like.
Like WebSocket, SSE was introduced as part of HTML 5. It is really just a very long lived HTTP connection with a specialized content-type – ‘text/event-stream’. Just like WebSocket, there is a standard JavaScript API for it on the browser.
SSE was one of the items that there was very strong support for in the Java EE 8 survey. SSE will be supported in Java EE 8 through JAX-RS 2.1.
Note that the Jersey JAX-RS reference implementation included in both GlassFish and WebLogic has long had non-standard support for SSE.
The oldest web framework in the Java space – Struts – was action based. Struts creator Craig McClanahan helped create JSF and supported the more abstract component based approach closer to the original Smalltalk MVC pattern. While JSF clearly continues to have a very strong following, action based frameworks continue to move forward even after Craig’s recommendation to move to JSF. More recently some developers feel that the action based approach is particularly well suited to the HTML 5 ecosystem, among other benefits long touted by proponents. We wanted to utilize the Java EE 8 survey as an opportunity to gage developer sentiment on the debate. What we found is that there is fairly strong developer interest in having a standard action-based web framework in Java EE.
To meet these community desires Java EE 8 will include an action-based alternative alongside JSF. JSF will still continue it’s evolutionary path with JSF 2.3.
The model portion of this framework will be centered around CDI, JPA and Bean Validation. The view portion will have built-in support for Facelets and JSP.
The majority of the work in this new specification is in defining the controller portion. The expert group has decided to base this work on JAX-RS.
The code illustrates the basics of how the controller portion may look like and should be fairly familiar to action based web framework developers as well as experienced Java EE/JAX-RS developers.
While the @Path and @GET annotations would come from JAX-RS, @View annotation would be defined in the new specification. If omitted the view could default to something like bookstore.jsp. The idea is that the view would be populated from the model generated by the GET method handler – in this case a list of bookstore items.
After Java EE 6 there has been two minor point releases of CDI – CDI 1.1 and CDI 1.2. The goal in Java EE 8 is to include a major CDI 2 revision. The goals for CDI 2 are quite ambitious.
Thus far CDI has been a Java EE centric technology. Major CDI implementations also support Java SE runtimes, but such support is currently non-standard. The goal in CDI 2 is to support a feature subset in Java SE environments including a standard bootstrap API.
Much like newer Java EE APIs such as JAX-RS and WebSocket, CDI so far does not provide any support for XML based configuration. However some in the community have long felt that there are important use cases in CDI that cannot be met without XML configuration support such as incorporating CDI into non-Java EE products like enterprise integration frameworks and ESBs. CDI 2 will explore adding XML configuration support alongside annotations.
CDI has a very elegant and type-safe event mechanism. While CDI events are synchronous today CDI 2 will explore making them asynchronous. CDI will also likely be the primary vehicle for making EJB annotations like @Startup, @Asynchronous and @Schedule available to all managed beans.
The portable extension SPI is an extremely important part of CDI. It is intended to create a plug-in ecosystem for CDI. CDI 2 will look for ways to simplify the SPI as much as possible.
Java SE 8 brings about a very useful set of changes that has been extremely well received by the community.
We have ensured that developers can take maximal advantage of Java SE 8 by certifying both GlassFish 4.1 and WebLogic 12.1.3 against it. Similarly WildFly 8 is also certified against Java SE 8.
The vast majority of Java SE 8 features like the new Date-Time API, lambdas, streams and CompletableFuture should be readily usable with Java EE 7, Java EE 6 and Java EE 5 APIs.
In Java EE 8 we will make sure all APIs align with Java SE 8 as much as possible. Some features that such alignment could utilize include repeatable annotations, the Date-Time API, JDBC 4.2, CompletableFuture, the fork/join common pool, lambdas, streams and default methods.
Standard corporate legal disclaimer essentially stating that any forward looking features may change in the future ☺.