Testing Android apps based on Dagger and RxJavaFabio Collini
In this talk, you will learn:
how to take advantage of Mockito and other libraries to write good JVM and Espresso tests
how to use DaggerMock (an open source library available on github https://github.com/fabioCollini/DaggerMock) to avoid boilerplate code in tests
how to test asynchronous RxJava code using a JVM test
Writing reliable tests is not easy for many reasons, especially when asynchronous code is involved. Some libraries can be used to create a testable architecture (for example Dagger and RxJava) and to simplify testing (Mockito, AssertJ and DaggerMock). In this talk we’ll see how to write JVM and Espresso tests with particular attention on how to replace real objects with mocks and how to test asynchronous RxJava code.
Testing Android apps based on Dagger and RxJavaFabio Collini
In this talk, you will learn:
how to take advantage of Mockito and other libraries to write good JVM and Espresso tests
how to use DaggerMock (an open source library available on github https://github.com/fabioCollini/DaggerMock) to avoid boilerplate code in tests
how to test asynchronous RxJava code using a JVM test
Writing reliable tests is not easy for many reasons, especially when asynchronous code is involved. Some libraries can be used to create a testable architecture (for example Dagger and RxJava) and to simplify testing (Mockito, AssertJ and DaggerMock). In this talk we’ll see how to write JVM and Espresso tests with particular attention on how to replace real objects with mocks and how to test asynchronous RxJava code.
Testing Android apps based on Dagger and RxJava Droidcon UKFabio Collini
Writing reliable tests is not easy for many reasons, especially when asynchronous code is involved. Some libraries can be used to create a testable architecture (for example Dagger and RxJava) and to simplify testing (Mockito, AssertJ and DaggerMock). In this talk you'll learn how to write JVM and Espresso tests with particular attention on how to replace real objects with mocks and how to test asynchronous RxJava code. In this talk, you will also explore:
how to take advantage of Mockito and other libraries to write good JVM and Espresso tests in both Java and Kotlin
how to use DaggerMock (an open source library available on github to avoid boilerplate code in tests
how to test asynchronous RxJava code using a JVM test
Value types are at the core of Swift (seriously, mostly everything in the Swift standard library is a value type). But how do you avoid subclassing? That’s where the power of Protocol-Oriented programming comes in. Learn how to structure your code to never subclass (almost) again! Practical everyday examples and ideas for your own code base will be included.
Антон Минашкин
Android разработчик с 5-летним стажем. Сейчас занимает должность Android Developer в GlobalLogic . Выступал на UA Mobile'14 , конференции "IT- ПЕРСПЕКТИВА" , Kyiv Android gathering , Android Dev Club и др . Cоорганизатор сообществ GDG Kremenchuk и IT Kremenchuk .
This presentation explains the benefits of Dagger 2, a Dependency Injections framework. It will be useful for Android developers.
The author of the presentation is Anton Minashkin (Android Developer, GlobalLogic); he delivered it at IT Saturday on June 6, 2015 in Kyiv.
An Emoji Introduction to React Native (Panagiotis Vourtsis, Senior Front End ...GreeceJS
React Native is the new kid in town. So what is it, what problems does it solve and “do I need to know native to work with it” are a some of the questions to be answered.
A Series of Fortunate Events: Building an Operator in JavaVMware Tanzu
SpringOne 2021:
Session Title: A Series of Fortunate Events: Building an Operator in Java
Speakers: Alberto C. Ríos, Staff Engineer at VMware; Bella Bai, Software Engineer at VMware
Provisioning & Migration with p2: Case study - The Good, the Bad and the Uglychristianbourgeois
Case study of how Compuware leveraged the p2 framework to create an end to end remote provisioning solution for one of our product offering. We'll also show how we solved the common problem of configuration management with the help of p2.
p2 is a provisioning framework that covers broad use cases. Adopting p2 in a product is not just about including a feature in your product: chances are that if you want to use it inside one of your product you will have to build some customized components on top of p2 to make it fit your requirements.
Attending this talk, the audience will learn what are the caveats and quick wins of building software on top of the p2 framework. If you envision to use p2 in your next product, you'd better take some notes!
Through code samples and a demo, we'll show you concrete examples of how to:
* leverage p2 to provision a remote runtime (using JMS)
* add custom p2 touchpoint actions to run your migrations
* deal with p2 metarequirements in your IDE
* create a business model on top of the standard p2 Installable Units
* create a custom UI for your provisioning business model
Testing Android apps based on Dagger and RxJava Droidcon UKFabio Collini
Writing reliable tests is not easy for many reasons, especially when asynchronous code is involved. Some libraries can be used to create a testable architecture (for example Dagger and RxJava) and to simplify testing (Mockito, AssertJ and DaggerMock). In this talk you'll learn how to write JVM and Espresso tests with particular attention on how to replace real objects with mocks and how to test asynchronous RxJava code. In this talk, you will also explore:
how to take advantage of Mockito and other libraries to write good JVM and Espresso tests in both Java and Kotlin
how to use DaggerMock (an open source library available on github to avoid boilerplate code in tests
how to test asynchronous RxJava code using a JVM test
Value types are at the core of Swift (seriously, mostly everything in the Swift standard library is a value type). But how do you avoid subclassing? That’s where the power of Protocol-Oriented programming comes in. Learn how to structure your code to never subclass (almost) again! Practical everyday examples and ideas for your own code base will be included.
Антон Минашкин
Android разработчик с 5-летним стажем. Сейчас занимает должность Android Developer в GlobalLogic . Выступал на UA Mobile'14 , конференции "IT- ПЕРСПЕКТИВА" , Kyiv Android gathering , Android Dev Club и др . Cоорганизатор сообществ GDG Kremenchuk и IT Kremenchuk .
This presentation explains the benefits of Dagger 2, a Dependency Injections framework. It will be useful for Android developers.
The author of the presentation is Anton Minashkin (Android Developer, GlobalLogic); he delivered it at IT Saturday on June 6, 2015 in Kyiv.
An Emoji Introduction to React Native (Panagiotis Vourtsis, Senior Front End ...GreeceJS
React Native is the new kid in town. So what is it, what problems does it solve and “do I need to know native to work with it” are a some of the questions to be answered.
A Series of Fortunate Events: Building an Operator in JavaVMware Tanzu
SpringOne 2021:
Session Title: A Series of Fortunate Events: Building an Operator in Java
Speakers: Alberto C. Ríos, Staff Engineer at VMware; Bella Bai, Software Engineer at VMware
Provisioning & Migration with p2: Case study - The Good, the Bad and the Uglychristianbourgeois
Case study of how Compuware leveraged the p2 framework to create an end to end remote provisioning solution for one of our product offering. We'll also show how we solved the common problem of configuration management with the help of p2.
p2 is a provisioning framework that covers broad use cases. Adopting p2 in a product is not just about including a feature in your product: chances are that if you want to use it inside one of your product you will have to build some customized components on top of p2 to make it fit your requirements.
Attending this talk, the audience will learn what are the caveats and quick wins of building software on top of the p2 framework. If you envision to use p2 in your next product, you'd better take some notes!
Through code samples and a demo, we'll show you concrete examples of how to:
* leverage p2 to provision a remote runtime (using JMS)
* add custom p2 touchpoint actions to run your migrations
* deal with p2 metarequirements in your IDE
* create a business model on top of the standard p2 Installable Units
* create a custom UI for your provisioning business model
JavaFX 8 est disponible depuis mars 2014 et apporte son lot de nouveautés. Gradle est en version 2 depuis juillet 2014. Deux technologies plus que prometteuses: JavaFX donne un coup de jeune au développement d’applications desktop en Java en apportant un navigateur web intégré, le support des WebSockets, de la 3D, et bien d’autres. Gradle est l’outil de d’automatisation de build à la mode, apportant de superbes possibilités par rapport rapport à maven, outil vieillissant, grâce à l’engouement de la communauté vis à vis de cet outil mais aussi par le fait de la technologie utilisée en son sein: groovy. Venez découvrir comment il est possible de réaliser rapidement une application à la mode en JavaFX avec un outil à la mode également. Bref venez à une session trendy.
Spring and Cloud Foundry; a Marriage Made in HeavenJoshua Long
Spring and Cloud Foundry: a Marriage Made in Heaven. This talk introduces how to build Spring applications on top of Cloud Foundry, the open source PaaS from VMware
Dependency Injection for Android @ Ciklum speakers corner Kiev 29. May 2014First Tuesday Bergen
We are happy to invite you to the Speakers’ Corner today, on Thursday May 29, from 18.30 till 19.30 at SkyPoint to meet Thomas Vervik, Head of Development Bipper Communications who will talk on “How to save money on QA - Dependency Injection and automated testing on Android”
Thomas is Head of Development for Bipper Communications, and has been managing the company's team in Kiev since February 2012. Originally a seasoned Java server backend/frontend developer, he has the last two years started mobile development, first with HTML 5 and later Android.
Mobile development has since its birth around 2008 gone from simple apps to more complex enterprise similar software. The increase in size and complexity yields the need for structuring the code differently in order to handle the new complexity. The tools used to handle this complexity has been applied to server side development for years, but mobile development has been lagging behind.
But not anymore. New frameworks built on proven paradigms are emerging, and in this Speakers Corner we will introduce Dependency Injection for Android, the motivation for its use, and one of the implementations - Dagger. Dependency Injection has several advantages, but in this presentation we will focus on how it enables to write proper automated tests.
We are happy to invite you to the Speakers’ Corner today, on Thursday May 29, from 18.30 till 19.30 at SkyPoint to meet Thomas Vervik, Head of Development Bipper Communications who will talk on “How to save money on QA - Dependency Injection and automated testing on Android”
Thomas is Head of Development for Bipper Communications, and has been managing the company's team in Kiev since February 2012. Originally a seasoned Java server backend/frontend developer, he has the last two years started mobile development, first with HTML 5 and later Android.
Mobile development has since its birth around 2008 gone from simple apps to more complex enterprise similar software. The increase in size and complexity yields the need for structuring the code differently in order to handle the new complexity. The tools used to handle this complexity has been applied to server side development for years, but mobile development has been lagging behind.
But not anymore. New frameworks built on proven paradigms are emerging, and in this Speakers Corner we will introduce Dependency Injection for Android, the motivation for its use, and one of the implementations - Dagger. Dependency Injection has several advantages, but in this presentation we will focus on how it enables to write proper automated tests.
MCE^3 - Natasha Murashev - Practical Protocol-Oriented Programming in SwiftPROIDEA
Value types are at the core of Swift (seriously, mostly everything in the Swift standard library is a value type). But how do you avoid subclassing? That's where the power of Protocol-Oriented programming comes in. Learn how to structure your code to (almost) never subclass again! Practical everyday examples and ideas for your own code base will be included.
Speaker: Jacob Aae Mikkelsen
Once you have successfully developped your application in Grails, Ratpack or your other favorite framework, you would like to see it deployed as fast and painless as possible, right?
This talk will cover some of the supporting cast members of a succesful modern infrastructure, that developers can understand and use efficiently, and with good DevOps practices.
Key elements are
Docker
Infrastructure as Code
Container Orchestration
The demo-goods will hopefully be on our side, as this talk includes quite some live demos!
Creating and testing REST contracts with Accurest Gradle GR8Conf
REST does not come with an in-built contract compliance mechanism, which in many ways is a great thing. However, while working with microservice-based systems, it often appears that a practical mechanism that would provide help in shaping and describing REST contracts would come in handy. Similarly, creating integration and acceptance tests in such systems presents many challenges.
In this talk, I will present Accurest, a Gradle plugin that allows for both: easily shaping REST contracts and verifying if our app adheres to them using automatically generated Spock tests. I will show how, using Accurest, we can quickly generate automatically-tested stubs from simple Groovy DSL scripts. I will talk about the typical usages and script examples, as well as possible problems and ways of handling them.
Mum, I want to be a Groovy full-stack developerGR8Conf
How many times have you ever heard the term "Full-Stack developer"? In most of the cases it means that you have to be fluent with a backend language, html, javascript, maybe Android or iOS... What if I told you that you can be a Full-Stack developer using only Groovy?
In this talk I'll present the technological stack of Polaromatic, the application with I won the Learning Spring Boot contest, and you'll learn that it's possible to write the whole stack with Groovy: Backend, Javascript, HTML, Android, test, build tool,... Isn't that amazing?
Groovy is a dynamic language that provides different types of metaprogramming techniques. In this talk we’ll mainly see runtime metaprogramming. You’ll understand the Groovy Meta-Object-Protocol (MOP), the metaclass, how to intercept method calls, how to deal with method missing and property missing, the use of mixins, traits and categories. All of these topics will be explained with examples in order to understand them.
Also, you’ll see a little bit about compile-time metaprogramming with AST Transformations. AST Transformations provide a wonderful way of manipulating code at compile time via modifications of the Abstract Syntax Tree. You’ll see a basic but powerful example of what we can do with AST transformations.
Geb is a wonderful tool for testing your Html pages. However, scraping is an unexplored use case where Geb can shine too.
In this talk I will show you different scraping examples powered by Geb, after which you will be able to use Geb beyond functional testing
How to create a conference android app with Groovy and AndroidGR8Conf
In this talk Sergio del Amo will show you how to:
Create conference websites with Wordpress custom post types and custom fields
Use a Groovy Android library to consume your Wordpress’s generated JSON API
Develop a simple Android App with Groovy which shows the conference data.
After this talk you will be able to jump into development for Android with Groovy and consume easily custom Wordpress backends
So you've built your neato Ratpack microservices, but it's already 5 o`clock and you're still fighting your way through testing, deployment and interaction instead of having your usual at the bar; What a PITA! In this talk I'll show you how to harness the power of Gradle and Docker to ease you through service orchestration and make it to the bar on time for happy hour!
"Clean Code" by Bob Martin is probably one of the most important practical documents out there; A must read for all developers, if you will. In this talk I will show how you can use Groovy and its rich ecosystem to apply the discussed principals, thus cleaning and vastly improving your codebase while still maintaining your sanity and joy.
By Noam Tenne
Cut your Grails application to pieces - build feature pluginsGR8Conf
Reuse has been taught in CS classes since the very beginning. But how should you practically do to reuse functionality from one Grails application in other applications? The plugin subsystem in Grails is an awesome machinery that makes it easy to separate functionality into distinct plugins. Plugins that can be used in many applications with similar functionality. Yet have unique features without creating a maintenance hell.
In this session you will learn how to think "feature plugins" when you're designing and developing your Grails applications. We will cover topics like inter-plugin communication using application events and how to support different look and feel for each application using "theme plugins". You will also learn how each plugin can be tested and documented separately from the application.
After this session "grails create-plugin" will be your best friend.
Grails has great performance characteristics but as with all full stack frameworks, attention must be paid to optimize performance. In this talk Lari will discuss common missteps that can easily be avoided and share tips and tricks which help profile and tune Grails applications.
One of the goals of Grails 3 is to reach out of the servlet container. Grails 3 has a concept of application profiles for choosing a certain set of core plugins to use. In this talk Lari will present how Ratpack fits in Grails 3. He will also talk about how Grails 3 supports micro service architectures.
Grails & DevOps: continuous integration and delivery in the cloudGR8Conf
Nowadays, companies require very short release cycles, especially in lean startup environments.
But to release often:
deployments should be routine, not terrifying.
configuration should require a few clicks, not a thousand-line shell script.
problems should be easy to spot, not buried in a log file.
You are a developer that need to release every week or every day with a single git commit and zero-downtime? Easily spot release performance or bugs issues? If required, roll back to previous version in few seconds and one click? And you don't want to manage any dedicated repository, monitoring, build, staging, production servers? So this talk is for you!
We will explore Lean startup and DevOps concepts and share our experience on how to create a simple and fully automated build pipeline for Grails apps with a live demo, based on SaaS/cloud services: GitHub, Travis CI, NewRelic, AWS (ElasticBeanstalk, CloudFront), etc.
Functional testing your Grails app with GEBGR8Conf
GEB (pronounced 'jeb') is a browser automation solution.
It brings together the power of WebDriver, the elegance of jQuery content selection, the robustness of Page Object modelling and the expressiveness of the Groovy language.
We'll cover what it takes to test your grails application with GEB and discuss successful strategies and drawbacks about the tool.
Deploying, Scaling, and Running Grails on AWS and VPCGR8Conf
This talk will cover how to get your application running on AWS VPC and related services. We will go over some related services and their current state like RDS, autoscaling, s3, cloudfront, s3fs, ebs, elastic beanstalk, etc and how your Grails application can benefit from using these. The networking can also be confusing with your application so we'll cover the basics here as well. I will share lots of random nuggets of information that I have learned the hard and and recommended practices of configuration of your VPC as well.
Grails is a complete web application framework that runs on the Java JVM. It is a full-stack framework, and handles all layers from the user interface to the persistence layer. Grails is based on known and proven technologies, such as the Spring Framework and Hibernate. It has been around since 2006, and has made considerable progress around the globe in the past few years.
This workshop aims to show how to get from 0 to running application with Grails in three hours - so hold on to your hats! We will touch the following points:
Grails application structure
Domain model and persistence
Controllers
Services
Testing
User Interface
Going beyond the basics of how to use Spock this talk will discuss writing expressive, readable & maintainable specifications using the features of Spock and the Groovy language itself. Concrete examples backed up with live coding will cover a range of topics such as how to structure assertions, effective use of the where: block, appropriate use of mocks and stubs, and driving specifications from a database. The focus will always remain on creating tests that are readable, robust and helpful when you need to deal with regressions.
Groovy is a well established player in the JVM since a few years ago. It's increased popularity across the years has spawned several projects that conform the Groovy Ecosystem. You've probably heard of Grails, Gradle, Griffon and Spock. But what about the rest of projects that are just waiting around the corner to be discovered and make your life easier? This talk presents them tools and libraries that use Groovy as the main driving force to get the job done.
Groovy 3 and the new Groovy Meta Object Protocol in examplesGR8Conf
Groovy3 and the new MOP are closing in! But the time of this talk the new MOP will not be done, but I will show some examples of how old Groovy code will look like transferred to the new MOP.
Apache Camel is versatile integration library that supports a huge number of components, enterprise integration patterns, and programming languages.
In this this talk I first introduce you to Apache Camel and its concepts. Then we move on to see how you can use the Groovy programming language with Camel as a first class Groovy DSL to build integration flows.
You will also learn how to build a new Camel and Groovy app from scratch from a live demo.
And we also touch how you can use Camel from grails using the grails-camel plugin.
I will also show the web console tools that give you insight into your running Apache Camel applications, including visual route diagrams with tracing, debugging, and profiling capabilities.
This session will be taught with a 50/50 mix of slides and live demos, and it will conclude with Q&A time.
CRaSH the shell for the Java Virtual MachineGR8Conf
CRaSH is the open source shell for the JVM. The shell can be accessed by various ways, remotely using network protocols such as SSH, locally by attaching a shell to a running virtual machine or via a web interface. Commands are written Groovy and can be developed live making the extensibility of the shell easy with quick development cycles. Since the version 1.3, the REPL also speaks the Groovy language, allowing Groovy combination of command using pipes.
CRaSH comes with commands such as thread management, log management, database access and JMX. The session will begin with an introduction to the shell. The main part of the session will focus on showing CRaSH commands development with few examples, showing how easy and powerful the development is.
The audience will learn how to use CRaSH for their own needs: it can be a simple usage or more advanced like developing a command or embedding the shell in their own runtime like a web application or a Grails application.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
4. Spring Overview
Main functions of Spring
• Bean container: ApplicationContext and BeanFactory
• Dependency Injection (DI) and Inversion of Control (IoC)
• Proxies
• Transactions
• Security
• Caching
• Event publishing and listening
• Exception conversion
CONFIDENTIAL 4
10. Alternate approach to BeanDefinition modification
def doWithSpring = {
def mybeanDef = delegate.getBeanDefinition('mybean')
mybeanDef.beanClass = NewClass
mybeanDef.propertyValues.add("order",
application.config.plugin?.rendering?.order ?: 42)
}
● Use loadAfter = ['plugin1', 'plugin2'] to
ensure the bean is loaded
● Only valid in a plugin, not the app's resources.groovy
CONFIDENTIAL 10
12. Aliases
As of Grails 2.1 aliases work fully
• You can create aliases pre2.1 but only if defined in the same
resources.groovy or plugin (doWithSpring)
beans = {
springConfig.addAlias 'alias', 'realBean'
}
CONFIDENTIAL 12
15. Spring MVC
New in Grails 1.2
Annotate src/java or src/groovy classes with @Controller
Add all packages to the grails.spring.bean.packages list in
Config.groovy
• e.g.grails.spring.bean.packages = ['gr8conf.testapp.foo']
CONFIDENTIAL 15
16. Spring MVC
Annotate methods with
@o.s.w.bind.annotation.RequestMapping
@RequestMapping("/mvc/hello.dispatch")
public ModelMap handleRequest() {
return new ModelMap()
.addAttribute("text", "some text")
.addAttribute("cost", 42)
.addAttribute("config",
grailsApplication.getConfig().flatten()));
}
CONFIDENTIAL 16
18. Spring MVC
Use @Autowired for dependency injection (on fields in Groovy
classes, on setters or constructors in Java)
private GrailsApplication grailsApplication;
@Autowired
public void setGrailsApplication(GrailsApplication app) {
grailsApplication = app;
}
CONFIDENTIAL 18
26. A Simple Proxied Bean – The interface
package gr8conf.eu.spring;
public interface ThingManager {
void method1();
int methodTwo(boolean foo);
}
CONFIDENTIAL 26
27. A Simple Proxied Bean – The implementation
package gr8conf.eu.spring;
public class ThingManagerImpl
implements ThingManager {
public void method1() {
System.out.println("You called method1");
}
public int methodTwo(boolean foo) {
System.out.println("You called methodTwo");
return 42;
}
}
CONFIDENTIAL 27
28. A Simple Proxied Bean – The FactoryBean
package gr8conf.eu.spring;
public class ThingManagerProxyFactoryBean
implements FactoryBean<ThingManager>,
InitializingBean {
private ThingManager managerProxy;
private ThingManager target;
public ThingManager getObject() {
return managerProxy;
}
public Class<ThingManager> getObjectType() {
return ThingManager.class;
}
public boolean isSingleton() {
return true;
}
CONFIDENTIAL 28
29. A Simple Proxied Bean – The FactoryBean
public void setTarget(ThingManager manager) {
target = manager;
}
public void afterPropertiesSet() {
Assert.notNull(target,
"The proxied manager must be set");
Class<?>[] interfaces = { ThingManager.class };
InvocationHandler invocationHandler =
new InvocationHandler() {
public Object invoke(Object proxy,
Method m, Object[] args)
throws Throwable {
CONFIDENTIAL 29