Security

Security is important in any web application and with GWT this is not trivial. There are some well known security frameworks like PicketLink and Shiro, but they are hard to integrate into GWT because they are still request and URL based. So we decided that in true Errai fashion this should be easy.

The new security module is based on PicketLink, but can work with others as well, and integrates well with Errai's existing features like multi-page navigation and automatic data binding. To create a login page for example you'll need something like this:

There are a couple of things that are new here: on the @Page annotation we've introduced the notion of roles. A page can have multiple roles. "Default Page" is now also a page role. You can also define custom page roles in your application and use them to group your pages however you like. LoginPage is a special role that the security module defines. Errai-security will 'redirect' the user to the Login Page when they don't have enough rights to continue.

That raises the question: how do we specify that we need a logged in user for a specific operation or view? Well, we annotate:

This will 'redirect' the user to the login page when the user is not logged in or doesn't have the admin role. Now for those of you who are paying attention, you will have noticed that this is not very secure as this will all happen in the browser via JavaScript. Although the JavaScript is hard to read, an attacker could still be able to call the service even if he is not allowed. That is why the interceptors have server side equivalents that will throw exceptions instead of 'redirecting' the user.

On the server side, the interceptors are CDI interceptors and in order for them to activate you'll need to add them to your beans.xml.

When a user logs in or out, CDI events are fired. Of course, you can observe these events. Also, you can hide elements declaratively based on users' roles. For instance, hide a menu item in a navigation bar:

In this example the admin link is only shown when the user has this role. You'll need to remember to also annotate the Service methods that fetch data for this admin page as you can not rely on these client side checks alone.

Let me know what you think of it and what kind of features you would like to see in there.

Upcoming JBoss and Red Hat events!

As you know, Errai is sponsored by JBoss and Red Hat. Errai and other great Red Hat open source technologies will be appearing at some of our fantastic upcoming community events. Here's an overview of some opportunities to learn about new technologies and mingle with the development teams from the plethora of great software we develop!

--- 

Red Hat Developer Exchange:

Red Hat Connect Developer Exchange is heading back to Boston. You won't want to miss this one-day event where you can learn more about Red Hat developer tools and technologies. From gcc to Java to scripting languages, from traditional models to devops--You'll get the chance to connect with fellow developers, share real-world challenges, and solve mutual problems through collaboration.

5 tracks and 25 sessions will cover important topics, including:

• Programming on OpenShift Online PaaS

• OpenShift Enterprise and Java

• Languages and tools for mission-critical development

• Get more out of Red Hat Enterprise Linux tools

Red Hat Developer Exchange Agenda:

http://www.redhat.com/developerexchange/agenda/

JUDCon:

The activities start Sunday evening June 9th with the JUDCon, CamelOne and Red Hat Exchange reception. Then Monday and Tuesday, there will be 3 tracks of sessions, and 2 workshop tracks as well. The evening will also include a JBoss Core Developer panel, a live recording of the JBoss Community Asylum, and yes, beer.

The JBoss Users and Developers Conferences are developer gatherings held around the Globe to give JBoss users the chance to talk to and collaborate with Java contributors and core developers. The core JBoss developers, along with the open source community, create and support the projects that drive innovation and help lead development in standards bodies like the Java Community Process, the Apache Software Foundation, OASIS, W3C and other open standards organizations. Many of these projects become the upstream for Red Hat JBoss products.

3 tracks and 33 sessions will cover topics including:

• Java and Java EE App Development

• Mobile Development

• Drools, jBPM, Fuse, ActiveMQ, Infinispan 

• and many more

6 workshops providing hands-on labs covering:

• Ceylon taught by Gavin King and Stephane Epardaud

• Infinispan and JBoss Data Grid cross-datacenter replication

• CDI, Forge and Errai

• and many more.

JUDCon:2013 Boston Agenda

http://www.jboss.org/events/JUDCon/2013/unitedstates/agenda

CamelOne:

CamelOne is designed specifically for professionals using open source integration and messaging solutions in the enterprise and will feature a combination of keynote presentations, educational sessions and networking events that will enable attendees to meet, learn and share ideas with open source integration experts.

Founders, committers and users of Apache Camel, ServiceMix, ActiveMQ and CXF enjoyed a great Meet and Greet in the Exhibit Hall from 6:30 to 8:30. Stop by and mingle with your community over hors d’oeuvres and drinks!

CamelOne Agenda

http://www.camelone.com/apache-camel-conference-2013/camelone_agenda_2013/

Errai 2.3.0.CR1 released!

We've just released Errai 2.3.0.CR1. This is a maintenance release fixing all reported bugs in 2.2.0.Final (see the release notes for details). Errai 2.3 also upgrades all components to GWT 2.5.1.

Development on Errai 3 is already well underway and we will soon have a first milestone release available. There's lots to look forward to in Errai 3:

• Automatic data synchronization (with support for JPA entities and operational transform)
• First class mobile support for deploying Errai apps in Cordova
• Built-in clustering support for Errai Bus
• Improved data binding, navigation and templating system
• Asynchronous Bean Manager, allowing client-side code splitting

Thanks everyone for reporting problems and your feedback! Please keep it coming. In this case, more is more!

Maven Cordova Plugin

As you may already know, we are also focusing on making mobile applications with Errai. We have something that will make your life really easy. Inspired by the Cordova CLI, we have created something similar that is Maven based.

How does it work

You want to create a Cordova based Errai project, then all you have to do is add this plugin to your maven build. The plugin will create a config.xml in your project folder. In this configuration file you can set settings, like icon and application name. After that, performing a build will copy the generated web files into the Cordova platforms and these will get built.
Now you have integrated mobile platform builds into your regular release cycle. You can run the simulator with the generated binaries all out of your maven project.

Installation

Create an Errai project with one of the archetypes and add the following to your pom Now when you perform a maven install your Android and iOS projects also get built. To see the result of that in the simulator, you just use a simple maven command:
mvn cordova:emulator -Dplatform=android
This will start the Android emulator for your project.
It's still work in progress, but if you want to become an early adopter, just put this repo in your pom and you are ready to go Let me know what you think of it and what kind of features you would like to see in there.

Our booth talks at JavaOne 2012!

We really inundated JavaOne with Errai this past year. Here's a collection of booth talks we gave at the conference:

Errai UI

Errai JPA and JAX-RS

Errai CDI (In the Browser!)

Errai JavaOne talk on YouTube

If you haven't seen our JavaOne talk on Errai yet. Here's another chance. All JavaOne videos have been posted to YouTube. This means you can sync it to your phone or tablet for offline viewing or embed it in your own blog *hint* *hint*!

Taming the Spaghetti: Rich Web Applications with Errai

In this talk, you will learn
- how to create and send push messages (CDI events) from server to client and back
- how to use the same JPA entities in the browser and on the server
- how to create typesafe, refactorable JAX-RS clients in the browser
- and about the underlying technologies within Errai that make all this possible

RPC batching

Today's spotlight is on yet another new feature in Errai 3: RPC batching.

GWT and Errai shine in big web applications that implement complex use cases. These use cases often require multiple interactions with the server. RPC batching allows for batched invocations of remote methods that will be executed using a single server round-trip. This is useful for reducing the number of simultaneous HTTP connections and at the same time allows for reusing and combining fine-grained remote services.

Errai offers a lightweight and boilerplate-free RPC mechanism. All details can be found here. Simply inject a BatchCaller instead of a Caller<T> to make use of batched remote procedure calls. The rest of the API should be familiar if you already use Errai. Here's an example:

Only after sendBatch is called will the remote methods get executed. An additional RemoteCallback can be provided to the sendBatch call which will be invoked when all remote calls have completed in success. Consequently, an additional ErrorCallback can be provided which will get executed for all remote calls that have completed in failure.

The credits for inspiring this feature go to our invaluable community member Josh Blinick. The API might still change as we're looking for feedback! If you have ideas or any feedback, please comment. Here's the link to the JIRA.