During this presentation, I demonstrate how to implement authentication in your Java web applications using Spring Security, Apache Shiro and good ol' Java EE Container Managed Authentication. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.
After learning how to develop authentication, I'll introduce you to OWASP, the OWASP Top 10, its Testing Guide and its Code Review Guide.
Much of this talk is contained in demos and I plan on uploading those as screencasts throughout May and June. I'll also be delivering this talk at ÜberConf in July 2011.
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
This presentation shows you how to implement authentication in your Java web applications using Java EE 7 Security, Spring Security and Apache Shiro. It also touches on best practices for securing a REST API and using SSL.
This talk covers the history of Spring, as well as what's new in Spring 3.1.
Specific areas discussed:
- Environments and Profiles
- Servlet 3.0 Support
- Hibernate 4 Support
- Cache Abstraction
- Java Configuration
- Test Context Support for Configuration Classes and Profiles
Read more about this presentation at:
http://raibledesigns.com/rd/entry/my_what_s_new_in
Java Web Application Security - Jazoon 2011Matt Raible
During this presentation, I demonstrate how to implement authentication in your Java web applications using good ol' Java EE Container Managed Authentication, Spring Security and Apache Shiro. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.
After learning how to develop authentication, I'll introduce you to pentest your app, as well as OWASP, the OWASP Top 10, its Testing Guide and its Code Review Guide.
Much of this talk is contained in demos and tutorials, which are available on my blog at http://raibledesigns.com/rd/tags/security and http://youtube.com/mraible.
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
During this presentation, you'll learn how to implement authentication in your Java web applications using Java EE 7 Security, Spring Security and Apache Shiro. This session will also touch on best practices for securing a REST API and using SSL.
Java Web Application Security - UberConf 2011Matt Raible
During this presentation, I demonstrate how to implement authentication in your Java web applications using good ol' Java EE Container Managed Authentication, Spring Security and Apache Shiro. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.
After learning how to develop authentication, I'll introduce you to pentest your app, as well as OWASP, the OWASP Top 10, its Testing Guide and its Code Review Guide.
Much of this talk is contained in demos and tutorials, which are available on my blog at http://raibledesigns.com/rd/tags/security and http://youtube.com/mraible.
Web App Security for Java Developers - PWX 2021Matt Raible
Web app security is not just authentication and authorization. It's also the things you do to protect your web app from attackers with their XSS (cross-site scripting), SQL injection, DoS/DDoS attacks, and CSRF (cross-site request forgery), to name a few.
Web app security is a central component of any web-based business. The internet exposes web apps to attacks from different locations and various levels of scale and complexity. Web application security deals specifically with the security surrounding websites, web applications, and web services such as APIs.
In this presentation, you'll learn seven ways to better web app security, using Spring Security for code samples. You'll also see some quick demos of Spring Boot, Angular, and JHipster with Keycloak, Auth0, and Okta.
Apache Roller, Acegi Security and Single Sign-onMatt Raible
Acegi Security is quickly becoming a widely respected security framework for Java applications. Not only does this security framework solve many of the deficiencies of J2EE's security mechanisms, but it's also easy to implement and configure. This tutorial will help you learn more about Acegi Security, as well as how to integrate it into your web applications. The Roller Weblogger project (currently in Apache's incubator) uses Acegi Security for many of its features: authentication, password encryption, remember me and SSL switching. After learning about Roller and Acegi, you will see how to deploy Roller onto Tomcat and Geronimo. Following that, you will learn how to hook Roller/Acegi into Apache Directory Server for authentication. Finally, you will learn how to integrate Roller with a Single Sign-on System (Yale's Central Authentication Service).
Case Study: Migrating Hyperic from EJB to Spring from JBoss to Apache TomcatVMware Hyperic
Jennifer Hickey of SpringSource's Case Study of the results from Hyperic's recent migration from EJB to Spring. From the 2010 SpringOne 2GX conference.
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
This presentation shows you how to implement authentication in your Java web applications using Java EE 7 Security, Spring Security and Apache Shiro. It also touches on best practices for securing a REST API and using SSL.
This talk covers the history of Spring, as well as what's new in Spring 3.1.
Specific areas discussed:
- Environments and Profiles
- Servlet 3.0 Support
- Hibernate 4 Support
- Cache Abstraction
- Java Configuration
- Test Context Support for Configuration Classes and Profiles
Read more about this presentation at:
http://raibledesigns.com/rd/entry/my_what_s_new_in
Java Web Application Security - Jazoon 2011Matt Raible
During this presentation, I demonstrate how to implement authentication in your Java web applications using good ol' Java EE Container Managed Authentication, Spring Security and Apache Shiro. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.
After learning how to develop authentication, I'll introduce you to pentest your app, as well as OWASP, the OWASP Top 10, its Testing Guide and its Code Review Guide.
Much of this talk is contained in demos and tutorials, which are available on my blog at http://raibledesigns.com/rd/tags/security and http://youtube.com/mraible.
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
During this presentation, you'll learn how to implement authentication in your Java web applications using Java EE 7 Security, Spring Security and Apache Shiro. This session will also touch on best practices for securing a REST API and using SSL.
Java Web Application Security - UberConf 2011Matt Raible
During this presentation, I demonstrate how to implement authentication in your Java web applications using good ol' Java EE Container Managed Authentication, Spring Security and Apache Shiro. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.
After learning how to develop authentication, I'll introduce you to pentest your app, as well as OWASP, the OWASP Top 10, its Testing Guide and its Code Review Guide.
Much of this talk is contained in demos and tutorials, which are available on my blog at http://raibledesigns.com/rd/tags/security and http://youtube.com/mraible.
Web App Security for Java Developers - PWX 2021Matt Raible
Web app security is not just authentication and authorization. It's also the things you do to protect your web app from attackers with their XSS (cross-site scripting), SQL injection, DoS/DDoS attacks, and CSRF (cross-site request forgery), to name a few.
Web app security is a central component of any web-based business. The internet exposes web apps to attacks from different locations and various levels of scale and complexity. Web application security deals specifically with the security surrounding websites, web applications, and web services such as APIs.
In this presentation, you'll learn seven ways to better web app security, using Spring Security for code samples. You'll also see some quick demos of Spring Boot, Angular, and JHipster with Keycloak, Auth0, and Okta.
Apache Roller, Acegi Security and Single Sign-onMatt Raible
Acegi Security is quickly becoming a widely respected security framework for Java applications. Not only does this security framework solve many of the deficiencies of J2EE's security mechanisms, but it's also easy to implement and configure. This tutorial will help you learn more about Acegi Security, as well as how to integrate it into your web applications. The Roller Weblogger project (currently in Apache's incubator) uses Acegi Security for many of its features: authentication, password encryption, remember me and SSL switching. After learning about Roller and Acegi, you will see how to deploy Roller onto Tomcat and Geronimo. Following that, you will learn how to hook Roller/Acegi into Apache Directory Server for authentication. Finally, you will learn how to integrate Roller with a Single Sign-on System (Yale's Central Authentication Service).
Case Study: Migrating Hyperic from EJB to Spring from JBoss to Apache TomcatVMware Hyperic
Jennifer Hickey of SpringSource's Case Study of the results from Hyperic's recent migration from EJB to Spring. From the 2010 SpringOne 2GX conference.
Get Hip with JHipster: Spring Boot + AngularJS + Bootstrap - Devoxx France 2016Matt Raible
Building a modern web (or mobile) application requires a lot of tools, frameworks and techniques. This session shows how JHipster unites popular frameworks like AngularJS, Spring Boot and Bootstrap. Using Yeoman, a scaffolding tool for modern webapps, JHipster will generate a project that uses Java 8, SQL or NoSQL databases, Spring profiles, Maven or Gradle, Gulp.js, WebSockets and BrowserSync. It also supports a number of different authentication mechanisms: classic session-based auth, OAuth 2.0, or token-based authentication. For cloud deployments, JHipster includes out-of-the-box support for Cloud Foundry and Heroku.
Web App Security for Java Developers - UberConf 2021Matt Raible
Web app security is not just authentication and authorization. It's also the things you do to protect your web app from attackers with their XSS (cross-site scripting), SQL injection, DoS/DDoS attacks, and CSRF (cross-site request forgery), to name a few.
Web app security is a central component of any web-based business. The internet exposes web apps to attacks from different locations and various levels of scale and complexity. Web application security deals specifically with the security surrounding websites, web applications, and web services such as APIs.
In this presentation, you'll learn seven ways to better web app security, using Spring Security for code samples. You'll also see some quick demos of Spring Boot, Angular, and JHipster with Okta.
Get Hip with JHipster: Spring Boot + AngularJS + Bootstrap - Rich Web Experie...Matt Raible
Building a modern web (or mobile) application requires a lot of tools, frameworks and techniques. This session shows how JHipster unites popular frameworks like AngularJS, Spring Boot and Bootstrap. Using Yeoman, a scaffolding tool for modern webapps, JHipster will generate a project for you and allow you to use Java 7 or 8, SQL or NoSQL databases, Spring profiles, Maven or Gradle, Grunt or Gulp.js, WebSockets and BrowserSync. It also supports a number of different authentication mechanisms: classic session-based auth, OAuth 2.0, or token-based authentication.
For cloud deployments, JHipster includes out-of-the-box support for Cloud Foundry, Heroku and Openshift.
Java Web Application Security - Denver JUG 2013Matt Raible
During this presentation, you'll learn how to implement authentication in your Java web applications using good ol' Java EE 6 Security, Spring Security and Apache Shiro. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.
After learning how to integrate security, I'll show how to use Zed Attack Proxy to pentest your app and fix vulnerabilities.
Front End Development for Back End Java Developers - Jfokus 2020Matt Raible
Are you a backend Java developer that's being pushed into front-end development? Are you frustrated with all the JavaScript frameworks and build tools you have to learn to be a good UI developer? If so, this session is for you! We'll explore the landscape of UI development, including web standards, frameworks, and what’s on the horizon (e.g., micro frontends).
Play Framework vs Grails Smackdown - JavaOne 2013Matt Raible
The Play vs. Grails Smackdown. A comparison done by James Ward and Matt Raible. Includes detailed analysis from building the same webapp with these two popular JVM Web Frameworks.
See the HTML5 version of this presentation at http://www.ubertracks.com/preso.
The Modern Java Web Developer - JavaOne 2013Matt Raible
HTML5, CSS3, JavaScript, jQuery, Angular JS, Bootstrap, Mobile, CoffeeScript, GitHub, functional programming, Page Speed, Apache, JSON with Jackson, caching, REST, Security, load testing, profiling, Wro4j, Heroku, Cloudbees, AWS. These are just some of the buzzwords that a Java web developer hears on a daily basis. This talk is designed to expose you to a plethora of technologies that you might've heard about, but haven't learned yet. We'll concentrate on the most important web developer skills, as well as UI tips and tricks to make you a better front-end engineer. Some of the most valuable engineers these days have front-end JS/CSS skills, as well as backend Java skills.
10 Excellent Ways to Secure Spring Boot Applications - Okta Webinar 2020Matt Raible
Spring Boot is an efficient way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure.
This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more!
You’ll learn how to add these features to a real application, using the Java language you know and love.
* Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
* Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
* OIDC demo: http://bit.ly/spring-oidc-demo
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Matt Raible
In this session, you'll learn about recommended patterns for securing your backend APIs, the infrastructure they run on, and your SPAs and mobile apps.
The world is no longer a place where you just need to secure your apps’ UI. You need to pay attention to your dependency pipeline and open source frameworks, too. Once you have the app built, with secure-by-design code, what about the cloud it runs on? Are the servers secure? What about the accounts you use to access them?
If you lock all that sh*t down, how do you codify your solution so you can transport it cloud-to-cloud, or back to on-premises? This session will explore these concepts and many more!
Get Hip with JHipster: Spring Boot + AngularJS + Bootstrap - Angular Summit 2015Matt Raible
Presentation from Angular Summit talk in September 2015. http://angularsummit.com/conference/boston/2015/09/session?id=34190
Building a modern web (or mobile) application requires a lot of tools, frameworks and techniques. This session shows how JHipster unites popular frameworks like AngularJS, Spring Boot and Bootstrap. Using Yeoman, a scaffolding tool for modern webapps, JHipster will generate a project for you and allow you to use Java 7 or 8, SQL or NoSQL databases, Spring profiles, Maven or Gradle, Grunt or Gulp.js, WebSockets and BrowserSync. It also supports a number of different authentication mechanisms: classic session-based auth, OAuth 2.0, or token-based authentication. For cloud deployments, JHipster includes out-of-the-box support for Cloud Foundry, Heroku and Openshift.
A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019Matt Raible
You might’ve heard of Angular Schematics, but do you know what they do? Learn how you can use this powerful tool to develop workflows and simplify configurations for your Angular projects.
In this session, you'll learn how to create a schematic, how to test it, and how you can use them with non-Angular projects.
* YouTube video: https://youtu.be/bLLJqagO_dg
* Blog post: https://developer.okta.com/blog/2019/02/13/angular-schematics
* GitHub repo: https://github.com/oktadeveloper/schematics
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020Matt Raible
"Use Spring Boot! No, use Micronaut!! Nooooo, Quarkus is the best!!!"
There's a lot of developers praising the hottest, and fastest, Java REST frameworks: Micronaut, Quarkus, and Spring Boot. In this session, you'll learn how to do the following with each framework:
✅ Build a REST API
✅ Secure your API with OAuth 2.0
✅ Optimize for production with Docker and GraalVM
I'll also share some performance numbers and pretty graphs to compare community metrics.
Related blog post: https://developer.okta.com/blog/2020/01/09/java-rest-api-showdown
GitHub repo: https://github.com/oktadeveloper/okta-java-rest-api-comparison-example
Comparing JVM Web Frameworks - Rich Web Experience 2010Matt Raible
Comparing JVM Web Frameworks Presentation from The Rich Web Experience 2010. Compares many different JVM-based web frameworks, ranks them based on 20 different criteria and compares the Pros, Cons and other stats of the top 5.
Tips and criteria for selecting a web presentation framework. The focus is on Java-based frameworks, but the criteria are valid for any platform. From a panel discussion at the Seattle Java User Group (SeaJUG)
Java REST API Framework Comparison - PWX 2021Matt Raible
Use Spring Boot! No, use Micronaut!! Nooooo, Quarkus is the best!!!
There's a lot of developers praising the hottest, and fastest, Java REST frameworks: Micronaut, Quarkus, and Spring Boot. In this session, you'll learn how to do the following with each framework:
✅ Build a REST API
✅ Secure your API with OAuth 2.0
✅ Optimize for production with Docker and GraalVM
I'll also share some performance numbers and pretty graphs to compare community metrics.
Related blog post: https://developer.okta.com/blog/2021/06/18/native-java-framework-comparison
Choose Your Own Adventure with JHipster & Kubernetes - Utah JUG 2020Matt Raible
Remember the choose your own adventure books that you used to read as a kid? This session is a reincarnation of a choose your own adventure book as a conference talk!
You'll learn about Spring Boot, Docker, and Kubernetes in this talk, along with the choices you make in the following areas:
* What kind of application architecture to build? Monolith or microservices?
* Would you like to use Java or Kotlin?
* MySQL, PostgreSQL, or MongoDB?
* Spring MVC or Spring WebFlux?
* Angular, React, or Vue.js?
* PWA or mobile app?
* Istio with Kubernetes or Kubernetes without Istio?
GitHub repos of demos:
* Monolith: https://github.com/mraible/healthy-hipster
* Microservices: https://github.com/mraible/ujug-microservices
Developing, Testing and Scaling with Apache Camel - UberConf 2015Matt Raible
Apache Camel is an integration framework that allows you to define routing and mediation rules in a number of domain-specific languages. This presentation shows how I used Apache Camel to replace IBM Message Broker on a project. It includes information on how routes were developed using Camel’s Java API and how Camel can be integrated with Spring Boot. It also covers unit, integration and load testing (using Gatling) of these services. Finally, it touches on monitoring with hawtio and New Relic.
HTML5 with Play Scala, CoffeeScript and Jade - Jfokus 2012Matt Raible
HTML5 Development with Play Scala, CoffeeScript and Jade Presentation from Jfokus 2012. Discusses these technologies, as well as my story of using them to develop an HTML5 Fitness Tracking application.
Read more about this presentation at:
http://raibledesigns.com/rd/entry/comparing_web_frameworks_and_html5
Get Hip with JHipster: Spring Boot + AngularJS + Bootstrap - Devoxx France 2016Matt Raible
Building a modern web (or mobile) application requires a lot of tools, frameworks and techniques. This session shows how JHipster unites popular frameworks like AngularJS, Spring Boot and Bootstrap. Using Yeoman, a scaffolding tool for modern webapps, JHipster will generate a project that uses Java 8, SQL or NoSQL databases, Spring profiles, Maven or Gradle, Gulp.js, WebSockets and BrowserSync. It also supports a number of different authentication mechanisms: classic session-based auth, OAuth 2.0, or token-based authentication. For cloud deployments, JHipster includes out-of-the-box support for Cloud Foundry and Heroku.
Web App Security for Java Developers - UberConf 2021Matt Raible
Web app security is not just authentication and authorization. It's also the things you do to protect your web app from attackers with their XSS (cross-site scripting), SQL injection, DoS/DDoS attacks, and CSRF (cross-site request forgery), to name a few.
Web app security is a central component of any web-based business. The internet exposes web apps to attacks from different locations and various levels of scale and complexity. Web application security deals specifically with the security surrounding websites, web applications, and web services such as APIs.
In this presentation, you'll learn seven ways to better web app security, using Spring Security for code samples. You'll also see some quick demos of Spring Boot, Angular, and JHipster with Okta.
Get Hip with JHipster: Spring Boot + AngularJS + Bootstrap - Rich Web Experie...Matt Raible
Building a modern web (or mobile) application requires a lot of tools, frameworks and techniques. This session shows how JHipster unites popular frameworks like AngularJS, Spring Boot and Bootstrap. Using Yeoman, a scaffolding tool for modern webapps, JHipster will generate a project for you and allow you to use Java 7 or 8, SQL or NoSQL databases, Spring profiles, Maven or Gradle, Grunt or Gulp.js, WebSockets and BrowserSync. It also supports a number of different authentication mechanisms: classic session-based auth, OAuth 2.0, or token-based authentication.
For cloud deployments, JHipster includes out-of-the-box support for Cloud Foundry, Heroku and Openshift.
Java Web Application Security - Denver JUG 2013Matt Raible
During this presentation, you'll learn how to implement authentication in your Java web applications using good ol' Java EE 6 Security, Spring Security and Apache Shiro. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.
After learning how to integrate security, I'll show how to use Zed Attack Proxy to pentest your app and fix vulnerabilities.
Front End Development for Back End Java Developers - Jfokus 2020Matt Raible
Are you a backend Java developer that's being pushed into front-end development? Are you frustrated with all the JavaScript frameworks and build tools you have to learn to be a good UI developer? If so, this session is for you! We'll explore the landscape of UI development, including web standards, frameworks, and what’s on the horizon (e.g., micro frontends).
Play Framework vs Grails Smackdown - JavaOne 2013Matt Raible
The Play vs. Grails Smackdown. A comparison done by James Ward and Matt Raible. Includes detailed analysis from building the same webapp with these two popular JVM Web Frameworks.
See the HTML5 version of this presentation at http://www.ubertracks.com/preso.
The Modern Java Web Developer - JavaOne 2013Matt Raible
HTML5, CSS3, JavaScript, jQuery, Angular JS, Bootstrap, Mobile, CoffeeScript, GitHub, functional programming, Page Speed, Apache, JSON with Jackson, caching, REST, Security, load testing, profiling, Wro4j, Heroku, Cloudbees, AWS. These are just some of the buzzwords that a Java web developer hears on a daily basis. This talk is designed to expose you to a plethora of technologies that you might've heard about, but haven't learned yet. We'll concentrate on the most important web developer skills, as well as UI tips and tricks to make you a better front-end engineer. Some of the most valuable engineers these days have front-end JS/CSS skills, as well as backend Java skills.
10 Excellent Ways to Secure Spring Boot Applications - Okta Webinar 2020Matt Raible
Spring Boot is an efficient way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure.
This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more!
You’ll learn how to add these features to a real application, using the Java language you know and love.
* Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
* Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
* OIDC demo: http://bit.ly/spring-oidc-demo
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Matt Raible
In this session, you'll learn about recommended patterns for securing your backend APIs, the infrastructure they run on, and your SPAs and mobile apps.
The world is no longer a place where you just need to secure your apps’ UI. You need to pay attention to your dependency pipeline and open source frameworks, too. Once you have the app built, with secure-by-design code, what about the cloud it runs on? Are the servers secure? What about the accounts you use to access them?
If you lock all that sh*t down, how do you codify your solution so you can transport it cloud-to-cloud, or back to on-premises? This session will explore these concepts and many more!
Get Hip with JHipster: Spring Boot + AngularJS + Bootstrap - Angular Summit 2015Matt Raible
Presentation from Angular Summit talk in September 2015. http://angularsummit.com/conference/boston/2015/09/session?id=34190
Building a modern web (or mobile) application requires a lot of tools, frameworks and techniques. This session shows how JHipster unites popular frameworks like AngularJS, Spring Boot and Bootstrap. Using Yeoman, a scaffolding tool for modern webapps, JHipster will generate a project for you and allow you to use Java 7 or 8, SQL or NoSQL databases, Spring profiles, Maven or Gradle, Grunt or Gulp.js, WebSockets and BrowserSync. It also supports a number of different authentication mechanisms: classic session-based auth, OAuth 2.0, or token-based authentication. For cloud deployments, JHipster includes out-of-the-box support for Cloud Foundry, Heroku and Openshift.
A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019Matt Raible
You might’ve heard of Angular Schematics, but do you know what they do? Learn how you can use this powerful tool to develop workflows and simplify configurations for your Angular projects.
In this session, you'll learn how to create a schematic, how to test it, and how you can use them with non-Angular projects.
* YouTube video: https://youtu.be/bLLJqagO_dg
* Blog post: https://developer.okta.com/blog/2019/02/13/angular-schematics
* GitHub repo: https://github.com/oktadeveloper/schematics
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020Matt Raible
"Use Spring Boot! No, use Micronaut!! Nooooo, Quarkus is the best!!!"
There's a lot of developers praising the hottest, and fastest, Java REST frameworks: Micronaut, Quarkus, and Spring Boot. In this session, you'll learn how to do the following with each framework:
✅ Build a REST API
✅ Secure your API with OAuth 2.0
✅ Optimize for production with Docker and GraalVM
I'll also share some performance numbers and pretty graphs to compare community metrics.
Related blog post: https://developer.okta.com/blog/2020/01/09/java-rest-api-showdown
GitHub repo: https://github.com/oktadeveloper/okta-java-rest-api-comparison-example
Comparing JVM Web Frameworks - Rich Web Experience 2010Matt Raible
Comparing JVM Web Frameworks Presentation from The Rich Web Experience 2010. Compares many different JVM-based web frameworks, ranks them based on 20 different criteria and compares the Pros, Cons and other stats of the top 5.
Tips and criteria for selecting a web presentation framework. The focus is on Java-based frameworks, but the criteria are valid for any platform. From a panel discussion at the Seattle Java User Group (SeaJUG)
Java REST API Framework Comparison - PWX 2021Matt Raible
Use Spring Boot! No, use Micronaut!! Nooooo, Quarkus is the best!!!
There's a lot of developers praising the hottest, and fastest, Java REST frameworks: Micronaut, Quarkus, and Spring Boot. In this session, you'll learn how to do the following with each framework:
✅ Build a REST API
✅ Secure your API with OAuth 2.0
✅ Optimize for production with Docker and GraalVM
I'll also share some performance numbers and pretty graphs to compare community metrics.
Related blog post: https://developer.okta.com/blog/2021/06/18/native-java-framework-comparison
Choose Your Own Adventure with JHipster & Kubernetes - Utah JUG 2020Matt Raible
Remember the choose your own adventure books that you used to read as a kid? This session is a reincarnation of a choose your own adventure book as a conference talk!
You'll learn about Spring Boot, Docker, and Kubernetes in this talk, along with the choices you make in the following areas:
* What kind of application architecture to build? Monolith or microservices?
* Would you like to use Java or Kotlin?
* MySQL, PostgreSQL, or MongoDB?
* Spring MVC or Spring WebFlux?
* Angular, React, or Vue.js?
* PWA or mobile app?
* Istio with Kubernetes or Kubernetes without Istio?
GitHub repos of demos:
* Monolith: https://github.com/mraible/healthy-hipster
* Microservices: https://github.com/mraible/ujug-microservices
Developing, Testing and Scaling with Apache Camel - UberConf 2015Matt Raible
Apache Camel is an integration framework that allows you to define routing and mediation rules in a number of domain-specific languages. This presentation shows how I used Apache Camel to replace IBM Message Broker on a project. It includes information on how routes were developed using Camel’s Java API and how Camel can be integrated with Spring Boot. It also covers unit, integration and load testing (using Gatling) of these services. Finally, it touches on monitoring with hawtio and New Relic.
HTML5 with Play Scala, CoffeeScript and Jade - Jfokus 2012Matt Raible
HTML5 Development with Play Scala, CoffeeScript and Jade Presentation from Jfokus 2012. Discusses these technologies, as well as my story of using them to develop an HTML5 Fitness Tracking application.
Read more about this presentation at:
http://raibledesigns.com/rd/entry/comparing_web_frameworks_and_html5
The Modern Java Web Developer - Denver JUG 2013Matt Raible
HTML5, CSS3, JavaScript, jQuery, Angular JS, Bootstrap, Mobile, CoffeeScript, GitHub, functional programming, Page Speed, Apache, JSON with Jackson, caching, REST, Security, load testing, profiling, Wro4j, Heroku, Cloudbees, AWS. These are just some of the buzzwords that a Java web developer hears on a daily basis. This talk is designed to expose you to a plethora of technologies that you might've heard about, but haven't learned yet. We'll concentrate on the most important web developer skills, as well as UI tips and tricks to make you a better front-end engineer. Some of the most valuable engineers these days have front-end JS/CSS skills, as well as backend Java skills.
Comparing JVM Web Frameworks - Jfokus 2012Matt Raible
Comparing JVM Web Frameworks Presentation from Jfokus Conference in Stockholm, Sweden. Compares many different JVM-based web frameworks, ranks them based on 20 different criteria and compares the Pros, Cons and other stats of the top 5.
Read more about this presentation at:
http://raibledesigns.com/rd/entry/comparing_web_frameworks_and_html5
#NoXML: Eliminating XML in Spring Projects - SpringOne 2GX 2015Matt Raible
Many Spring projects exist that leverage XML for their configuration and bean definitions. Most Java web applications use a web.xml to configure their servlets, filters and listeners. This session shows you how you can eliminate XML by configuring your Spring beans with JavaConfig and annotations. It also shows how you can remove your web.xml and configure your web components with Java.
Comparing Hot JavaScript Frameworks: AngularJS, Ember.js and React.js - Sprin...Matt Raible
JavaScript MVC Frameworks are all the rage these days. They’ve taken the web development world by storm. This session explores the various features of the three hottest JavaScript MVC frameworks: AngularJS, Ember.js and React.js. It also compares client-side templating vs. server-side templating and how well each framework supports Isomorphic JavaScript (code that can run both client-side and server-side). Finally, it ranks each framework on 10 different criteria using Yevgeniy Brikman’s framework scorecard.
Video on InfoQ: https://www.infoq.com/presentations/comparing-angular-ember-react
In this webinar, we focus specifically on how Apache SHIRO can help developers in providing better security architecture. You will also learn the following Application security is gaining critical attention due to increase in cyber-attacks and risks of business and financial losses.
In the context of J2EE development and Java web application development, security concerns are addressed through multiple means. This informative 45 min session to understand approaches and strategies for building secure web applications.
- Planning for Security: Authentication, Authorization, Session Management and Cryptography
- Comparing Different Approaches for Security: JAAS, Spring, Grails
- How to use the simplified universal approach of Apache SHIRO
- A LIVE DEMO on using SHIRO to secure web applications
If you have any query please write to us at inquiry@cygnet-infotech.com
El desarrollo de APIs en las empresas es muy importante hoy en día. Poder exponer estas APIs no solo de forma interna sino al exterior puede generar a las empresas un gran valor añadido. A veces las tecnologías usadas y la falta de buenas prácticas hacen que no se tomen las medidas de seguridad más adecuadas. En este documento se explica cómo enfrentarse a esta problemática en tus APIs y como GFI puede ayudarte en esta delicada labor
Supercharged java 8 : with cyclops-reactJohn McClean
Overview of the rationale behind cyclops-react and some of it's features, including extended Java Collections, more powerful Sequential and Parallel Streaming, pattern matching, data types (such as Xor cyclops-react Either type, Maybe, Eval).
Super simple application security with Apache ShiroMarakana Inc.
Les Hazlewood, founder of the Apache Shiro project, covers the benefits of using Shiro as an application security framework.
Check out the video for this presentation, as well as more training resources for Java here: http://marakana.com/forums/java/general/183.html
Baromètre Harris Interactive – 1ère vague
Harris Interactive présente les résultats de son étude sur les nouveaux moyens de paiements : quels concepts sont amenés à se démocratiser, à disparaitre ?
Cette étude permet d’établir un panorama des usages actuels du grand public en matière de moyens de paiement et surtout de mesurer son appétence pour 10 nouveautés : la carte bancaire sans contact, la carte titre restaurant, le paiement par sms, le paiement par QR Code, la carte bancaire sans contact, le paiement à distance via smartphone, les services de paiement en ligne, la carte prépayée rechargeable, les monnaies virtuelles et les monnaies locales.
http://harris-interactive.fr/?p=9080
Reactive Programming, Traits and Principles. What is Reactive, where does it come from, and what is it good for? How does it differ from event driven programming? It only functional?
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
At HIMSS 2015 Kantara Initiative will focus on the User Managed Access (UMA) initiative with a networking breakfast held on April 15th sponsored by ForgeRock and MedAllies. More information about HIMSS15 and registration.
Existing notice-and-consent paradigms of privacy have begun to fail dramatically — and as recent Pew surveys have demonstrated, people have begun to (ahem) notice. The discipline of privacy engineering aspires to “craft”, but finds it hard to break out the “compliance” rut. The User-Managed Access (UMA) standard and the OpenUMA open-source project are stepping into the breach with two essential elements that change the game: asynchronous consent and centralized consent management.
We already showed you how to build a Beautiful REST+JSON API(http://www.slideshare.net/stormpath/rest-jsonapis), but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API.
Oracle WebLogic Server 12.2.1 Do More with LessEd Burns
Oracle WebLogic Server 12.2.1 (WLS) is the most significant release of WLS since Oracle added WLS to its product portfolio with the acquisition of BEA in 2008. This session by WebLogic developer and JCP Specification Lead Ed Burns goes behind the buzzwords and explains the enterprise value-add brought by WLS 12.2.1 in plain English. Ed infuses his decades long experience in web technologies throughout the presentation, addressing such topics as why app servers are still useful, what role standards play in transitioning to the cloud, and what is the difference between "full stack" and "monolith".
See an interview about this topic at <https: />.
Ed introduces the new version of WLS by taking a tour of two big ticket new features: multitenancy and Java EE 7. Other features such as continuous availability, REST management, and Docker/devops features will also be included.
The multitenancy features in WebLogic Server offer extreme efficiency, full isolation, application portability, and full automation, all in an easy to adopt format.
Java EE 7 is the latest version of the Java standard full stack of loosely coupled, highly cohesive technologies for building enterprise software. EE 7 features new versions of popular standards such as JAX-RS (REST), CDI, Servlet, JSF, JSON, WebSocket, JMS, and more.
WLS 12.2.1 delivers these and other new features, while continuing the promise of stability and scale developers expect.
For those who are developing, managing, or planning enterprise Java and business application deployments on Oracle WebLogic Server with Oracle Coherence or Oracle GlassFish Server applications, this session gives a roadmap on how Oracle is evolving this infrastructure to be the next-generation application foundation for its customers to build on in a private cloud setting. Together with Java as a Service Update you will be able to see Oracle’s vision, product plans, and roadmap for this server infrastructure and how it will be used in the rapidly maturing cloud infrastructure space. The session will help you make key decisions about running enterprise applications on Oracle’s enterprise Java server foundation.
This presentation introduces the new Java EE 8 Security API JSR 375. Originally presented at Devoxx France 2015, the slides present the motivation behind the new JSR, some history, the expert group, and a summary of ideas.
The slides were created after the expert group had been meeting for about a month, so the ideas are raw and undeveloped. However, the ideas in the slides do indicate the general direction the JSR is headed, with respect to modernizing, simplifying, and standardizing the Java EE Security API.
Oracle Cloud is an integrated, flexible and robust platform based in standard technologies to help development teams to develop better applications faster and cheaper.
Java2Days - Security for JavaEE and the CloudWerner Keil
When we deploy existing applications to the cloud or build new applications for it, how do the applications change? How does the boundary of an application change? How does this change affect the security parameters? What are the security characteristics that need to be accounted for? This talk explores these and the following questions:
• What are the top security concerns when building for the cloud?
• How do we evolve the security JSR (375) in Java EE 8 for the cloud?
• What are the key security areas for the next-generation Java EE platform that can ease a developer’s path for cloud deployments?
So you're an Oracle DBA or database developer and you've been hearing about this "REST-thing" and apparently it's way cool for exchanging data. This session for any database folk who missed the trend, covers at a high level what this REST thing is all about, then takes a look at Oracle REST Data Services (ORDS) that allows you to expose your database objects via HTTP, and then walk through how Oracle SQL Developer makes this a breeze to setup.
Comparing JVM Web Frameworks - TSSJS 2011Matt Raible
Comparing JVM Web Frameworks Presentation from TheServerSide Java Symposium 2011. Compares many different JVM-based web frameworks, ranks them based on 20 different criteria and compares the Pros, Cons and other stats of the top 5.
Shiro is an open source, powerful and easy to use Java security framework. This is a short document introducing the features of the framework, its cons and alternate options
Open Architecture in the Adobe Marketing Cloud - Summit 2014Paolo Mottadelli
Explore the open architecture concepts of Adobe Marketing Cloud and how they increase the quality and usability of Adobe solutions. The open architecture makes Adobe components easier to integrate, test, and understand, enabling partners and customers to integrate custom data sources and applications with Adobe Marketing Cloud.
Learn about:
– The open architecture concepts applied to Adobe Marketing Cloud
– How the open architecture increases the quality and usability of Adobe solutions
– Taking advantage of integration options
This session is for the entire technical constituency, from developers to CTOs, across all Adobe Marketing Cloud solutions.
Integrating with Adobe Marketing Cloud - Summit 2014Paolo Mottadelli
Adobe Marketing Cloud provides a number of extension points to allow external systems to integrate. Third-party applications can easily register as clients and share information within the Adobe Marketing Cloud user interface. External data providers can be connected to several Adobe Marketing Cloud solutions, as well as to the shared infrastructure layer. Some of the Adobe solutions support implementing and deploying plug-ins to extend their capabilities or integrate with other systems, both on cloud-based and on-premises architectures. This session presents some integration patterns and existing examples.
Learn about:
– Adobe Marketing Cloud integration points
– How to get started with a new integration
– Real integration examples
This session is for developers, technical business users, and technical executives, such as CTOs, of Adobe Marketing Cloud customers and partners.
A Crash Course in Rapid Application DevelopmentProgress
Progress Rollbase is the rapid application development platform at the core of Progress® Pacific™. Watch these videos, and you’ll be on your way to developing and deploying powerful cloud-native apps with minimal coding, even if you are from a non-technical background!
Similar to Java Web Application Security - Utah JUG 2011 (20)
Keep Identities in Sync the SCIMple Way - ApacheCon NA 2022Matt Raible
What if keeping your user stores in sync across domains was as simple as running "java -jar"? With Apache SCIMPle, it is!
Apache SCIMple is a SCIM 2.0-compliant server powered by Spring Boot 3. You can run it standalone or embedded in your existing app. It exposes user management REST endpoints and handles the hassle of user synchronization for you. If your identity provider supports SCIM, use the simple way!
GitHub example: https://github.com/mraible/okta-scim-spring-boot-example
Demo script: https://github.com/mraible/okta-scim-spring-boot-example/blob/main/demo.adoc
Micro Frontends for Java Microservices - Belfast JUG 2022Matt Raible
You've figured out how to split up your backend services into microservices and scale your teams to the moon, right?
But what about the frontend? Are you still building monoliths for your UI?
If so, you might want to check out micro frontends—basically extensions to the microservices pattern, where the concept is extended to the frontend.
Find out how to package and deploy your microservices and their UIs in the same artifact, as well as make it possible to test and develop them independently.
In this live session, Matt will show you how to build a microservices and micro frontends architecture using Angular, Spring Boot, and Spring Cloud.
Related blog post: https://auth0.com/blog/micro-frontends-for-java-microservices
GitHub repo: https://github.com/oktadev/auth0-micro-frontends-jhipster-example
Micro Frontends for Java Microservices - Dublin JUG 2022Matt Raible
You've figured out how to split up your backend services into microservices and scale your teams to the moon, right?
But what about the frontend? Are you still building monoliths for your UI?
If so, you might want to check out micro frontends—basically extensions to the microservices pattern, where the concept is extended to the frontend.
Find out how to package and deploy your microservices and their UIs in the same artifact, as well as make it possible to test and develop them independently.
In this live session, Matt will show you how to build a microservices and micro frontends architecture using Angular, Spring Boot, and Spring Cloud.
YouTube: https://youtu.be/lKC55S-OxPQ
Related blog post: https://auth0.com/blog/micro-frontends-for-java-microservices
GitHub repo: https://github.com/oktadev/auth0-micro-frontends-jhipster-example
Micro Frontends for Java Microservices - Cork JUG 2022Matt Raible
You've figured out how to split up your backend services into microservices and scale your teams to the moon, right?
But what about the frontend? Are you still building monoliths for your UI?
If so, you might want to check out micro frontends—basically extensions to the microservices pattern, where the concept is extended to the frontend.
Find out how to package and deploy your microservices and their UIs in the same artifact, as well as make it possible to test and develop them independently.
In this live session, Matt will show you how to build a microservices and micro frontends architecture using Angular, Spring Boot, and Spring Cloud.
Related blog post: https://auth0.com/blog/micro-frontends-for-java-microservices
GitHub repo: https://github.com/oktadev/auth0-micro-frontends-jhipster-example
Comparing Native Java REST API Frameworks - Seattle JUG 2022Matt Raible
Use Spring Boot! No, use Micronaut!! Nooooo, Quarkus is the best!!! What about Helidon?
There are a lot of developers praising the hottest, and fastest, Java REST frameworks: Micronaut, Quarkus, Spring Boot, and Helidon. In this session, you'll learn how to do the following with each framework:
✅ Build a REST API
✅ Secure your API with OAuth 2.0
✅ Optimize for production with Docker and GraalVM
I'll also share some performance numbers and pretty graphs to compare community metrics.
Related blog post: https://developer.okta.com/blog/2021/06/18/native-java-framework-comparison
Helidon companion post: https://developer.okta.com/blog/2022/01/06/native-java-helidon
GitHub repo: https://github.com/oktadev/native-java-examples
Reactive Java Microservices with Spring Boot and JHipster - Spring I/O 2022Matt Raible
Microservice architectures are all the rage in JavaLand. They allow teams to develop services independently and deploy autonomously.
Why microservices?
IF
you are developing a large/complex application
AND
you need to deliver it rapidly, frequently, and reliably over a long period of time
THEN
the Microservice Architecture is often a good choice.
Reactive architectures are becoming increasingly popular for organizations that need to do more, with less hardware. Reactive programming allows you to build systems that are resilient to high load.
In this session, I'll show you how to use JHipster to create a reactive microservices architecture with Spring Boot, Spring Cloud, Keycloak, and run it all in Docker. You will leave with the know-how to create your own resilient apps!
Related blog post: https://developer.okta.com/blog/2021/01/20/reactive-java-microservices
YouTube demo: https://youtu.be/clkEUHWT9-M
GitHub repo: https://github.com/oktadev/java-microservices-examples/tree/main/reactive-jhipster
Comparing Native Java REST API Frameworks - Devoxx France 2022Matt Raible
Use Spring Boot! No, use Micronaut!! Nooooo, Quarkus is the best!!! What about Helidon?
There are a lot of developers praising the hottest, and fastest, Java REST frameworks: Micronaut, Quarkus, Spring Boot, and Helidon. In this session, you'll learn how to do the following with each framework:
✅ Build a REST API
✅ Secure your API with OAuth 2.0
✅ Optimize for production with Docker and GraalVM
I'll also share some performance numbers and pretty graphs to compare community metrics.
Related blog post: https://developer.okta.com/blog/2021/06/18/native-java-framework-comparison
Helidon companion post: https://developer.okta.com/blog/2022/01/06/native-java-helidon
GitHub repo: https://github.com/oktadev/native-java-examples
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...Matt Raible
In this session, you'll learn about recommended patterns for securing your backend APIs, the infrastructure they run on, and your SPAs and mobile apps.
The world is no longer a place where you just need to secure your apps’ UI. You need to pay attention to your dependency pipeline and open-source frameworks, too. Once you have the app built, with secure-by-design code, what about the cloud it runs on? Are the servers secure? What about the accounts you use to access them?
If you lock all that sh*t down, how do you codify your solution so you can transport it cloud-to-cloud, or back to on-premises? This session will explore these concepts and many more!
Native Java with Spring Boot and JHipster - Garden State JUG 2021Matt Raible
Do you want to deploy your Spring Boot apps in a serverless environment and have them start up in milliseconds? Of course, you do!
In this talk, Josh Long and Matt Raible will introduce you to Spring Native. They'll teach you all about how it can compile Spring Boot apps into native binaries that start faster than a speeding bullet! You'll learn about native testing support with JUnit 5 and the pros and cons of native vs JVM deployments.
This talk will also highlight a customer, the JHipster project. JHipster generates Spring Boot-based monoliths and microservices. You'll learn about the project's experience with Spring Boot, Spring Cloud, Spring WebFlux, and Spring Native. It ain't easy being a Java Hipster, but the Spring ecosystem does simplify the process quite a bit.
Recording on YouTube: https://youtu.be/k6nBB8FOmQ8
Examples on GitHub: https://github.com/mraible/spring-native-examples
Writeup on LinkedIn: https://www.linkedin.com/pulse/jhipster-works-spring-native-part-2-matt-raible/
Mobile App Development with Ionic, React Native, and JHipster - Connect.Tech ...Matt Raible
Mobile development offers a lot of options. To develop native apps, you can use Java or Kotlin on Android. On iOS, you can use Objective C or Swift. There are other options, too. You can build hybrid mobile apps and Progressive Web Apps (PWAs). Hybrid mobile apps are those created with web technologies (HTML, JavaScript, and CSS) that look like native apps. PWAs have the ability to work offline and act like mobile apps.
In this talk, we'll explore a few different mobile technologies: PWAs, React Native, and Ionic (with Angular). You'll walk away with knowledge of how to build mobile + Spring Boot apps in minutes with JHipster.
* GitHub repo: https://github.com/mraible/mobile-jhipster
* Demo script: https://github.com/mraible/mobile-jhipster/blob/main/demo.adoc
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...Matt Raible
In this session, you'll learn about recommended patterns for securing your backend APIs, the infrastructure they run on, and your SPAs and mobile apps.
The world is no longer a place where you just need to secure your apps’ UI. You need to pay attention to your dependency pipeline and open-source frameworks, too. Once you have the app built, with secure-by-design code, what about the cloud it runs on? Are the servers secure? What about the accounts you use to access them?
If you lock all that sh*t down, how do you codify your solution so you can transport it cloud-to-cloud, or back to on-premises? This session will explore these concepts and many more!
Delivered at JokerConf on October 28, 2021 at 11am MDT: https://jokerconf.com/en/talks/lock-that-sh*t-down-auth-security-patterns-for-apps-apis-and-infra/
Java REST API Framework Comparison - UberConf 2021Matt Raible
Use Spring Boot! No, use Micronaut!! Nooooo, Quarkus is the best!!!
There's a lot of developers praising the hottest, and fastest, Java REST frameworks: Micronaut, Quarkus, and Spring Boot. In this session, you'll learn how to do the following with each framework:
✅ Build a REST API
✅ Secure your API with OAuth 2.0
✅ Optimize for production with Docker and GraalVM
I'll also share some performance numbers and pretty graphs to compare community metrics.
Related blog post: https://developer.okta.com/blog/2021/06/18/native-java-framework-comparison
Native Java with Spring Boot and JHipster - SF JUG 2021Matt Raible
Do you want to deploy your Spring Boot apps in a serverless environment and have them start up in milliseconds? Of course, you do!
In this talk, Josh Long and Matt Raible will introduce you to Spring Native. They'll teach you all about how it can compile Spring Boot apps into native binaries that start faster than a speeding bullet! You'll learn about native testing support with JUnit 5 and the pros and cons of native vs JVM deployments.
This talk will also highlight a customer, the JHipster project. JHipster generates Spring Boot-based monoliths and microservices. You'll learn about the project's experience with Spring Boot, Spring Cloud, Spring WebFlux, and Spring Native. It ain't easy being a Java Hipster, but the Spring ecosystem does simplify the process quite a bit.
Recording on YouTube: https://youtu.be/F9oydL_MndA
Examples on GitHub: https://github.com/mraible/spring-native-examples
Writeup on LinkedIn: https://www.linkedin.com/pulse/jhipster-works-spring-native-matt-raible/
Reactive Java Microservices with Spring Boot and JHipster - Denver JUG 2021Matt Raible
Microservice architectures are all the rage in JavaLand. They allow teams to develop services independently and deploy autonomously.
Why microservices?
IF
you are developing a large/complex application
AND
you need to deliver it rapidly, frequently, and reliably over a long period of time
THEN
the Microservice Architecture is often a good choice
Reactive architectures are becoming increasingly popular for organizations that need to do more, with less hardware. Reactive programming allows you to build systems that are resilient to high loads.
In this session, I'll show you how to use JHipster to create a reactive microservices architecture with Spring Boot, Spring Cloud, Keycloak, and run it all in Docker. You will leave with the know-how to create your own resilient apps!
Related blog post: https://developer.okta.com/blog/2021/01/20/reactive-java-microservices
YouTube demo: https://youtu.be/clkEUHWT9-M
YouTube recording: https://youtu.be/8OuZMFyh0xE
GitHub repo: https://github.com/oktadev/java-microservices-examples/tree/main/reactive-jhipster
Get Hip with JHipster - Colorado Springs Open Source User Group 2021Matt Raible
JHipster is bad-ass. It's an Apache-licensed open source project that allows you to generate Spring Boot APIs and Angular (or React/Vue) apps. It has a vibrant community and ecosystem with support for deploying to many cloud providers and using the latest DevOps buzzwords, like Docker and K8s.
This session will show you JHipster, why it's cool, and show you how to create an app with it.
JHipster 7 Demo: https://www.youtube.com/watch?v=6lf64CctDAQ
JHipster 7 Tutorial: https://github.com/mraible/jhipster7-demo#readme
JHipster and Okta - JHipster Virtual Meetup December 2020Matt Raible
YouTube video: https://www.youtube.com/watch?v=ym-OPn4e_nQ
When I first started working at Okta, I refactored JHipster's OAuth support to move from authentication on the client to the server, leveraging Spring Security. This allowed for easier client integration since we didn't need to worry about finding an OIDC client for each frontend framework.
Fast forward four years and JHipster's OAuth 2.0 and OIDC support is first-class! It uses Keycloak in a Docker container by default, but it's easy to switch to another identity provider (IdP) thanks to Spring Boot. Other blueprints like Micronaut, Quarkus, Node.js, and .NET support OAuth and OIDC too!
This presentation explains what OAuth 2.0 and OIDC is, gives an overview of JHipster’s OAuth implementation, and provides three quick demos with Keycloak, the Okta CLI, and Heroku.
See https://developer.okta.com/blog/tags/jhipster for Okta + JHipster tutorials and screencasts! 邏
You also might enjoy my What the Heck is OAuth? blog post:
https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth
Security Patterns for Microservice Architectures - SpringOne 2020Matt Raible
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
Microservices for the Masses with Spring Boot, JHipster, and OAuth - South We...Matt Raible
Microservices are being deployed by many Java Hipsters. If you're working with a large team that needs different release cycles for product components, microservices can be a blessing. If you're working at your VW Restoration Shop and running its online store with your own software, having five services to manage and deploy can be a real pain.
This presentation will show you how to use JHipster to create a microservices architecture with Spring Boot, Spring Cloud, Keycloak, and run it all in Docker. You will leave with the know-how to create your own excellent apps!
Related blog posts:
* Java Microservices with Spring Boot and Spring Cloud: https://developer.okta.com/blog/2019/05/22/java-microservices-spring-boot-spring-cloud
* Java Microservices with Spring Cloud Config and JHipster: https://developer.okta.com/blog/2019/05/23/java-microservices-spring-cloud-config
* Secure Reactive Microservices with Spring Cloud Gateway: https://developer.okta.com/blog/2019/08/28/reactive-microservices-spring-cloud-gateway
Security Patterns for Microservice Architectures - London Java Community 2020Matt Raible
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.