Masoud Kalali's Blog

Last year I wrote a wish list and prediction for 2012 and this year I am going to do the same for 2013. So for 2013 in technology realm specially when focused on Java is as follow:

• Java SE 8 will be an awesome release despite the Jigsaw setback.
• Java EE 7 will bring more ease of use and clarity into the community.
• GlassFish 4 will be awesome and and more people will benefit from it’s modular and extensible architecture…
• In late 2013 NetBeans IDE 8 will rock!
• IBM will push the idea of how cool Rational set of IDEs are and how good Websphere is and people will believe it until the are caught with no way to return.
• RIM seems to be pulling it together and it is likely to keep its own operating system rather than adopting Android.
• Google Chrome will continue eating other browsers marketshare as fast as browserly possible.
• Some of the new cool boys in the JVM town that are claiming to be the next Java will vanish/start vanishing without any trace
• I wish for a very thin and edge to edge tablet and cell phone on top of android so I could switch to another phone. This will be something that Google_Moto will do.
• Maybe I see someone with a Windows Mobile phone somewhere other than advertisements.

What I wish for during 2013, unrelated to technology

• No more war and instead of that some peace and quiet time around the globe.
• No disasters like what we had in 2011 and instead some ground breaking scientific discoveries in medicine, energy and space travel.
• No economy breakdown anywhere in the world.
• To win more bets against my nemesis.

Other predictions for 2013 which I truly like to be proven wrong for some parts:

• Iranian government will not go away and will not change to a sane governing body.
• Pakistan army and ISI will continue supporting /training and harboring  Al Qaeda and Taliban and continue destabilizing Afghanistan southern and central provinces.
• Iranian government will continue meddling in other countries affair specially in Afghanistan and Arab countries.
• It is highly likely that Syrian dictatorship loose the battle for capital city and leave the capital but they will remain a player in the country and wreck havoc for the time being.

I wish everyone a happy new year with lots of joys and success.

It is long since last I blogged and I go forward I find less and less time to put into tech blogging. I thought to post in my blog that I will be presenting three sessions in Java one along or accompanying another speaker.  As you may expect two sessions evolve around security and one session covers some interesting features and APIs provided by Java EE 7. The sessions are as follow:

Top 10 OWASP security concerns and how to address them with Java EE: Markus Eisele and I will be presenting this session.

The hottest topic for Enterprise Java applications out there is security which Java EE provides fair deal of flexibility to benefit from. This session focuses on how the top 10 OWASP application security concerns including “Broken Authentication and Session Management”, “Failure to Restrict URL Access” and “Security Misconfiguration” can be addressed using Java EE and GlassFish application server. The session covers how and where to integrate the solution for each OWASP concerns through a demo application. The demo application is developed considering the relevant best practices/design patterns involved with developing a secure application while avoiding the common pitfalls.

Server Sent Events, Async Servlet, Web Sockets and JSON; born to work together!: This BOF session is hosted by a very experienced and long standing Metro/ GlassFish team member, Bhakti Mehta and me.

This session focuses on how Java EE 7 provides extensive set of new and enhanced features to support standards like HTML5, WebSockets, and Server Sent Events among others.In this session we will show how these new features are designed and matched to work together for developing lightweight solutions matching end users high expectation from a web application’s responsiveness. The session will cover best practices and design patterns governing application development using JAX-RS 2.0, Async Servlet, and JSON-P (among others) as well as iterating over the pitfalls that should be avoided. During the session we will show code snippets and block diagrams that clarify use of APIs coming from the demo application we will show at the end.

Utilize the Full Power of GlassFish Server and Java EE Security: I will be you host for this session.

In this session, learn how to utilize Java EE security and what GlassFish Server technology provides to address your security requirements. The presentation explains a two-phase authentication mechanism.

If you are attending JavaOne you may like to join this sessions and if you are not attending and still interested in this sessions, Keep an eye on @MasoudKalali or check this blog sometime after JavaOne 2012 to get the slides.

I have been using NetBeans for a long time now; Because it is easy to use, easy to understand and explain to others, it has impressive Java EE support, etc. I was working on Java EE projects or projects  involving NetBeans RCP applications with 40-50 modules (1m loc or so) which are considered small applications. I didn’t need to have all modules opened or even when I needed NetBeans handled it pretty well. After joining GlassFish team things started to change a little. GlassFish codebase was new to me and the number of maven modules in GlassFish project was way larger than what I could easily open in NetBeans IDE to be able to navigate around in the code, to find the usages of a method, or to locate all of the implementing classes of a particular interface, etc.

I opened a RFE in NetBeans bug-tracking system but till that RFE got addressed I needed to work and thus I decided to give IntelliJ a try and see how it fares with GlassFish codebase and how easy it will be for me to adopt it as the IDE of choice for my day to day work on GlassFish.

First days impressions (Positive):

• Can import the entire GlassFish codebase and start using it, no delay in code assisting popup and amazingly no lag after the initial scanning and indexing of the entire codebase.
• Find usage works almost perfectly, sometimes it says that the class/es are outside of the codebase which might be my fault when importing the project
• Code completion assistant is fast, when I say fast I mean really fast.
• I like the fact that I can choose between different available LAFs. [The CDE/Motif LAF is still part of the JRE which denotes the overzealousness of keeping the backward compatibility of the platform?]
• I like the “Store Current Layout as Default” feature which let me store a layout and use it when the layout get too messed-up.
• I like the “Autoscroll to source” and “Autoscroll from source” though I’d rather have the action to do it manually when the mentioned options are disabled and I want to locate a class in the project view

First days impression (Not positive ones): Some of what I am missing might be available somewhere in the IDE but I haven’t find them yet….

• I was not able to switch between different profiles for the module, for example IDE, release, etc. Maybe it is somewhere but I have not found it yet.
• I think the color schema is hard to read because some of the used colors are low contrast, for example the comments, annotations, are hard to read and required some adjustment to be easier to read.
• I opened some views that I cannot close, IDETalk, commander, Ant Build… they are all on auto-hide in the vertical bar in the left side without any close button or close action in the context (right click) menu to remove the tab from the side bar. Same goes for view tabs appearing in the bottom bar and left bar. But the good thing is we can rearrange them for better accessibility.

• I think the local history feature in NetBeans has a better UI and usability than IDEA. In NetBeans the local history is shown in the same tab as the code and not in an extra window same goes for  diff window, etc.

• The code formatter works better in NetBeans (SHIFT+CTRL+F) compared to IntelliJ (CMD+ALT+L). I like the NetBeans hotkey better as it has something from Formatting in the hotkey. (I tried couple of unindented unglized code snippet in both).
• The Favorites view does not allow me to add a file system directory to a favorites list which limits the favorites view usage to project members (classes, packages, modules) …

I will post another blog entry after I used IntelliJ for another two weeks to give you a more in depth comparison of how they work for Mavan projects (my comparison will be mostly on Editors and Project/ navigation and refactoring features. Nothing on other languages support, Java EE, JavaFx, application server support, etc.)

It might have happened to you to require some customization the GlassFish behavior after you create the domain in order to make the domain fit the  basic requirements that you have in your organization or for your development purpose. Some of the files that we usually manipulate to customize GlassFish includes logging.properties, keystore.jks, cacert.jks, default-web.xml, server.policy and domain.xml. These files can be customized through different asadmin commands, or JDK commands like keytool, policytool or manually using a text editor after you created the domain in the config directory of the domain itself.  But repeating the steps for multiple domains is a laborious task which can be prevented by changing the template files that GlassFish domains are created using them. The templates are located atAnd we can simply open them and edit the properties to make them more fit to our needs.

The benefit of modifying the templates rather than copy pasting the config directory of one domain to another is the domain specific behaviors like port numbers which have placeholders in the domain.xml to be filled by asadmin command. An example of a placeholder is %%%JMS_PROVIDER_PORT%%% which will be replaced by JMS provider port by asadmin command.

I almost stopped blogging during 2011 because of lots of complications I was dealing with but this entry is something I couldn’t just pass over. Hopefully I will resume blogging during 2012 as actively as I was doing during late 2009 and early 2010.

My predictions for 2012 in technology realm specially when focused on Java is as follow:

• Oracle will push Java forward like never before.
• Java ecosystem will thrive with JavaFX getting open sourced and new big names joining JCP.
• We will see the best Java release for Mac os, Java SE 7.
• IBM will push the idea of how cool Rational set of IDEs are and how good Websphere is and people will believe it until the are caught with no way to return.
• RIM will probably stop development of it’s own operating system and instead develop a powerpack for Android…
• Google Chrome will eat other browsers marketshare as fast as browserly possible.
• Some of the new cool boys in the JVM town that are claiming to be the next Java will vanish/start vanishing without any trace
• GlassFish will get more marketshare and more people will benefit from it’s modular and extensible architecture.
• Google will market a revolutionary Android tablet that will change the concept.

What I wish for during 2012

• No more war and instead of that some peace and quiet time around the globe.
• No disasters like what we had in 2011 and instead some ground breaking scientific discoveries in medicine, energy and space travel.
• No economy breakdown anywhere in the world.
• A cell phone thinner than Motorola DROID RAZR
• Google to provide a good cloud storage for end users so I could stop using combination of DrobBox, Google and SkyDrive.

Other predictions for 2012 which I truly like to be proven wrong for them.

• Iranian government will not go away and will not change to a sane governing body.
• Pakistan army and ISI will continue supporting /training and harboring  Al Qaeda and Taliban and continue destabilizing Afghanistan southern and central provinces.
• Iranian government will continue meddling in other countries affair specially in Afghanistan and Arab countries.
• Syrian dictatorship will remain intact by support of Iranian government and the region will stay unstable as it is now.

I wish everyone a happy new year with lots of joys and success.

Identity, something that we hear more often these days with the whole web 2.0 and social services and more and more web based public services growing around us. The identity notion is an integral part of a security system in distributed services. Developing effective software system require an effective security and access control system which java provides, not exactly in the way that it should be in 2011 but it does provide what is the bare bone necessity to develop applications and frameworks on top of it and  benefit from its presence. The identity API is going to ease the interaction between the identity providers and those who consume the identity and trust the identity providers in addition to governing and managing the identity attributes.

I was studying the JSR details and it seems to be covering everything required for the identity attributes governance and the required API for both ends of the usage including the client API the governing/producing API. The identity producing and consuming is not new and there are fair number of public identity producers like facebook, twitter, etc. and also products that system integrators can use  like OpenAM as an open source product or gorilla Commercial software products like ORACLE identity management  or IBM tivoli identity management software, etc.

In a very simple set of words, the JSR 351: The Java Identity API will be as successful as it is going to be adopted. No adoption and it will endup dying some dark corner…  Design a simple and elegant API and try to ship it with some free and easy to use service implementations and it may get some momentum, otherwise it will be a goner and people will stick with what they have. I like the new features that it is going to introduce in the decision making or authorization part but we should see how well it will be adopted by identity providers to develop the services that provides the interaction point between the JSR interface and their repositories.  Pushing it as JSR wont really do that much without a wide adoption in the community. Look at how many implementation of the JSR 115 and JSR 196 exits to be plugged into application servers supporting the contract and you will get what I am referring to by community adoption.