Comments (0)

Security is a very important aspect of application development. Tonight I learned a new security framework called Apache Shiro, the successor to the JSecurity project.

It’s a great talk given by the founder and lead of the project, Les Hazlewood, who relocated to Bay area not long ago for starting his company katasoft. The presentation ran over for one hour but still got most people seated.

Les introduced four parts of application security: authentication, authorization, enterprise session management and cryptograph. Concept wise, there is nothing new. Interestingly, the authorization model is very much similar to the one in vSphere as we discussed before with user/role/permission elements. Implementation wise, I can see a big simplification, based on samples, over other security frameworks like Sun’s security implementation which got most people confused. One of Shiro’s secret source is to object orientify the old frameworks.

In the end, Les demoed two web based applications: one integrated with Spring framework, and the other as a simple Java Servlet.

Now, what’s in it for YOU? Well, you can use it as an alternative to JAAS or Spring Security. It’s more than Web applications, and you can use it in standalone, mobile applications as well.

BTW, one new term I heard today is the salts for cryptographic hashing. Normally we just supply a string like password as input to a hashing algorithm. While using salts, we need an additional string (salts, only server knows) as input so that the hashed result is more random than otherwise. The other alternative is to repeat the hashing algorithm for multiple times. All these can make hacking code harder to guess out password.

Author: Steve Jin is the author of VMware VI and vSphere SDK (Prentice Hall), creator of VMware vSphere Java API. For future articles, please subscribe to RSS or Email, and follow on Twitter.

Comments (0)

RSA just had its annual conference at San Francisco this past week. Intel, VMware and RSA demoed how to build up layers of trust in data centers in the conference.

The foundation for this new trusted computing infrastructure is a hardware root of trust derived from Intel® Trusted Execution Technology (TXT), which authenticates each and every step of the boot sequence, from verifying hardware configurations and initializing the BIOS to launching the hypervisor. Once launched, the VMware virtualization environment collects data from both the hardware and virtual layers and feeds a continuous, raw data stream to the RSA enVision® Security Information and Event Management platform. The RSA enVision solution is engineered to analyze events coming through the virtualization layer to identify incidents and conditions affecting security and compliance. The information is then contextualized within the Archer SmartSuite Framework™ solution, which is designed to present a unified, policy-based assessment of the organization’s security and compliance posture through a central dashboard.

To get more info, check here.

The news release also mentioned a white paper: Infrastructure Security: Getting to the Bottom of Compliance in the Cloud. It’s authored by many industry thought leaders including VMware CTO Steve Herrod. Highly recommended.

Author: Steve Jin is the author of VMware VI and vSphere SDK (Prentice Hall), creator of VMware vSphere Java API. For future articles, please subscribe to RSS or Email, and follow on Twitter.

Comments (0)

newScale recently announced it would support VMware vCloud API in a press release.

San Mateo, Calif. - February 17, 2010 – newScale^®, Inc., pioneers of the self-service IT storefront for the enterprise, today announced it will support the VMware vCloud API, a key component of the VMware vCloud initiative. Enterprises and service providers integrating with the VMware vCloud API can now use the newScale FrontOffice^TM Suite to effectively manage and control self-service requests for cloud resources as well as their physical and virtual environments. 

This announcement underscores newScale’s continuing commitment to supporting multi-vendor, cross-platform data center and cloud infrastructures. The newScale FrontOffice Suite -  a complete set of Service Catalog solutions for managing IT services from cradle to grave –  integrates with VMware vSphere^TM 4 and VMware vCenter^TM Server. newScale is also a member of the VMware Technology Alliance Partner (TAP) program. By leveraging the VMware vCloud API, newScale demonstrates its ongoing support for a wide range of virtualization and cloud infrastructures, giving newScale customers maximum flexibility, efficiency, and agility in their data center deployments. Read more »

Author: Steve Jin is the author of VMware VI and vSphere SDK (Prentice Hall), creator of VMware vSphere Java API. For future articles, please subscribe to RSS or Email, and follow on Twitter.

Comments (0)

Done with the four day training, finally! It’s pretty exhausting given that I had to get up two hours earlier to match the Central time schedule.

Spring Faces

I talked about JavaScript and AJAX two days ago. They are all good to some extent, but seemingly disconnected from the server. You have to think and manage the Web app as two pieces, bad for the productivity.

JavaServer Faces (JSF) technology was created to solve this problem. It a server-side framework, which provides GUI components, manages their states from the server side, handles events, and etc. You can then develop a web app more like the standalone application in some sense. Because JSF manages the state from the server side, it uses more resources and less performant than it’s JS/AJAX equivalent.

Spring Faces is not a replacement for JSF, but complements in the “Spring” way. It facilitates deeper JSF and Web Flow integration, manages JSF components’ states, and provides more lightweight JSF components. Therefore, you can get leaner web application than using pure JSF.

Debugging

Several tools can be handy for your debugging: Read more »

Author: Steve Jin is the author of VMware VI and vSphere SDK (Prentice Hall), creator of VMware vSphere Java API. For future articles, please subscribe to RSS or Email, and follow on Twitter.