December 3, 2013
I’d like to officially announce the new project I’m co-leading with Stian Thorgersen: Keycloak! Some of you may already have heard hints about this on the Resteasy dev list, but since July I’ve been working with some great Red Hat guys (Stian, Gabriel, Villiam, Bolek, Alexandre, and Marek) to put together an SSO solution for browser, social, and REST service applications. There is no release yet! But we’re getting close to releasing our first Alpha.
Check out our screencast presentation and demo of what we got and what we’re doing:
Here’s a list of features we have or are planning to add over the coming months.
- SSO and Single Log Out for browser applications
- Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required.
- Optional User Registration
- Password and TOTP support (via Google Authenticator). Client cert auth coming soon.
- OAuth Bearer token auth for REST Services
- Integrated Browser App to REST Service token propagation
- OAuth 2.0 Grant requests
- CORS Support
- CORS Web Origin management and validation
- Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
- Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
- Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
- Supports JBoss AS7, EAP 6.x, and Wildfly applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.
We would love to see anybody interested drop by on the keycloak-dev email list. We looking to do our first alpha release sometime before Christmas. The code was taken from the RESTEasy OAuth work I did earlier this year as well as the social broker service Stian Thorgersen and the portal team were prototyping early this year. We’re also trying to leverage Picketlink where appropriate.
November 12, 2013
java, javaee, JAX-RS, REST
My 2nd edition of RESTful Java is out! RESTful Java with JAX-RS 2.0 covers the spec additions to JAX-RS 2.0 including 3 new chapters:
- JAX-RS 2.0 Client API
- Asynchronous Client and Server APIs
- Filters and Interceptors
The book has also been revised here and there to cover some of the smaller features that were added to JAX-RS 2.0 like ParamConverters, Link, an the extensions added to UriBuilder. The workbook examples and chapters have been revised and expanded to cover this new content as well, so you really get 6 new chapters in total. Many thanks to Fernando Nasser, Melanie Yarborough, Meghan Blanchette, Meghan Connolly, and Charlie Roumeliotis for making this happen. I’d also like to thank the JAX-RS 2.0 JSR Expert Group, especially Marek Potociar, Santiago Pericas-Geertsen, and Sergey Beryozkin.
October 16, 2013
flame bait, sports
New England Patriots Fans Suck!
As a 20 year season ticket holder, in my experience, Pats fans are the worst fans in the league. They leave early, they are not loud. They boo the team with even the slightest mistake. You even get yelled at sometimes for standing up and making noise for the Defense. The drunken “pink hats” are often screaming Brady’s name when the Pats are on offense. The worst culprits are the premium seat wusses who empty their seats even it is marginally cold or sprinkling a little. Seems people are more interested in getting wasted, impressing their girlfriend, getting on the big screen, getting on TV, and/or beating the traffic instead of watching the game. It sickens me. The best part of going to the games is that I get to spend time with my father and sister. Sometime in the far future when he is unable to attend games, I’ll seriously consider giving up my tickets and watch games on TV instead.
That being said, I am ashamed of myself as I am one of these shitty Pats fans. At the end of the Saints game, we were guilty of leaving our seats after Brady threw his interception in the final 2 minutes. As we were crossing the bridge, we saw that the Pats would get the ball back, so we ended up going to the standing-room only area in the endzone and watching the final drive on the big screen. Was still a cool experience, but I wish we had never left our seats. I WILL NEVER LEAVE MY SEATS AGAIN! I PROMISE!
September 25, 2013
Sacha, you are so terrific.
September 5, 2013
java, JAX-RS, RESTEasy
Resteasy 3.0.4.Final has been released today. Besides some bug fixes, this ended up being a major feature release specifically:
- Netty 4 integration thanks to Kristoffer Sjoegren
- Undertow integration
- JOSE JSON Web Encryption (JWE) Support
- A new Servlet 3.0 ServerContainerInitializer for Resteasy. This allows you to take advantage of JAX-RS integration within a standalone Servlet 3.0 environment. This means you can work solely with Application classes, use automatic scanning, and not have to write anything in your web.xml files for Tomcat and Jetty deployments!.
- I also published the new revised examples for my up-and-coming Restful Java With JAX-RS 2.0 book revision.
As usual, check out http://jboss.org/resteasy for how to download the distro and view documentation.
August 14, 2013
I just don’t get the uproar with NSA spying on internet traffic and websites. Most of what NSA is doing is data mining which is inherently anonymous, I can’t see how any of this has anything to do with privacy or freedom for that matter. Sure, it creates possibilities for abuse, like blackmailing somebody that doesn’t want to come out of the closet or is having an affair. But wouldn’t strict laws with strict penalties, and strict procedures prevent such abuse?
For example, police need a court order to wire tap a phone. Couldn’t we just treat the results from data mining as we would a phone? The program would provide a list of potential suspects. FBI could check the suspects vs. public records and such, and then go to a judge for a court order to open up the details of the data mining done. Furthermore, if we have strict laws that prevent the CIA from using this digital spying for blackmail or other shady dealings, other nations wouldn’t have much to bitch about.
Given that we’re in an age of social media where a lot of what we do on the Internet is public knowledge, what’s all the pew pew about? Google et. al. are already doing this anonymous data mining to provide highly targeted ads. Why is it more acceptable for Google to do this, than for the NSA to search for crazies that want to fly planes into buildings, bomb marathons or shoot up a school? For myself, so much of what I do is in the public what do I care if some data mining program is parsing and analyzing my emails? I also don’t think we’re giving up on freedoms to make ourselves safer.
We must trust in our institutions that they are either benevolent or that there are appropriate checks and balances in place to prevent abuses. If these checks and balances are missing, its time to legislate them into existence. I think there is a happy medium where we can make ourselves safer and put the adequate safeguards in place to prevent a total Orwellian society.
August 7, 2013
java, javaee, JAX-RS, RESTEasy
Follow the links at http://jboss.org/resteasy to download and view release notes. The was just a maintenance release fixing a few minor bugs in async and cookie parsing.