Matt RaibleMatt Raible is a Web Architecture Consultant specializing in open source frameworks.

10+ YEARS


Over 10 years ago, I wrote my first blog post. Since then, I've authored books, had kids, traveled the world, found Trish and blogged about it all.

UberConf 2015: My Presentations on Apache Camel and Java Webapp Security

Last week I had the pleasure of speaking at UberConf 2015. My first talk was on Developing, Testing and Scaling with Apache Camel. This presentation contained an intro to Apache Camel and a recap of my experience using it at a client last year. You can click through the presentation below, download it from my presentations page, or view it on SlideShare.

My second presentation was about implementing Java Web Application Security with Java EE, Spring Security and Apache Shiro. I updated this presentation to use Java EE 7 and Jersey, as well as Spring Boot. I used Spring Boot to manage dependencies in all three projects, then showed the slick out-of-the-box security Spring Boot has (when you include the Spring Security on the classpath). For Apache Shiro, I configured its filter and required dependencies using Spring's JavaConfig. You can click through my security presentation below, download it from my presentations page, or view it on SlideShare.

One thing that didn't make it into the presentation was the super-helpful pull request from Rob Winch, Spring Security Lead. He showed me how you can use basic and form-based authentication in the same app, as well how to write tests with MockMvc and Spring Security's Testing support.

The next time I do this presentation (at the Rich Web Experience), I'd like to see if it's possible to use all-Java to configure the Java EE 7 example. I used web.xml in this example and the Servlet 3.0 Security Annotations might offer enough to get rid of it.

All the demos I did during the security presentation can be seen in my java-webapp-security-examples project on GitHub. There's branches for where I started (javaee-start, springsecurity-start and apacheshiro-start) as well as "complete" branches for where I finished. The complete examples should also be in-sync with the master branch.

If you have any questions about either presentation, please let me know.

Posted in Java at Jul 27 2015, 08:08:48 AM MDT Add a Comment

Grails + Angular vs. JHipster

I recently received an email from a long time follower of my comparing web frameworks research and presentations. He asked some interesting questions:

I am starting on a new venture to build a direct to consumer web application. I am planning to leverage Cloud services to build my CI/CD pipeline. I am very strong with Java Backend/middleware and learning Javascript Front-end frameworks. I love Spring and SOFEA. Having said that, I am wondering if I should use Grails + Angular or JHipster? My primary concern with JHipster is there is hardly any ‘community', there is Julien and whatever he says/thinks goes! Can you give me some pointers?

I imagine there's other JVM developers with similar questions, so I figured I'd publish my response for all to see.

JHipster may have a smaller community than Grails, but remember that it's built on Spring Boot and AngularJS. Both have huge communities. In fact, Grails 3 is built on Spring Boot, just like JHipster.

Even though JHipster generates your code in Java, there's nothing preventing you from writing your code in Groovy or Scala. I dig JHipster, but I've also worked with AngularJS and Spring Boot for a couple years. The fact that someone put these technologies together and makes it easy to work with them is awesome.

I like JHipster so much, I decided to write a book on it. I hope to finish it in the next couple months and have it published in the fall. It'll be a free download from InfoQ. Learn more at http://www.jhipster-book.com.

Yes, I'm probably a bit biased since I'm writing a JHipster book. However, it's been easy for me to introduce and use Spring Boot at my last few clients. They were already using Spring, so the transition to using a Spring simplifier was a no-brainer. I haven't had as much luck getting clients to adopt Grails, even though I've suggested it. That could change now that it's based on Spring Boot.

What's your experience? Would you recommend Grails + Angular over JHipster? If so, why?

Posted in Java at Jul 14 2015, 08:02:01 AM MDT 1 Comment

Getting Hip with JHipster at Denver's Java User Group

Last night, I had the pleasure of speaking at Denver's Java User Group Meetup about JHipster. I've been a big fan of JHipster ever since I started using it last fall. I developed a quick prototype for a client and wrote about solving some issues I had with it on OS X. I like the project because it encapsulates the primary open source tools I've been using for the last couple of years: Spring Boot, AngularJS and Bootstrap. I also wrote about its 2.0 release on InfoQ in January.

My Hipster Getup To add some humor to my talk, I showed up as a well-dressed Java Developer. Like a mature gentleman might do, I started the evening with a glass of scotch (Glenlivet 12). Throughout the talk I became more hip and adjusted my attire, and beverage, accordingly. As you might expect, my demos had failures. The initial project creation stalled during Bower's download all JavaScript dependencies. Luckily, I had a backup and was able to proceed. Towards the end, when I tried to deploy to Heroku, I was presented with a lovely message that "Heroku toolbelt updating, please try again later". I guess auto-updating has its downsides.

After finishing the demo, I cracked open a cold PBR to ease my frustration.

I did two live coding sessions during this presentation; standing on the shoulders of giants to do so. I modeled Josh Long's Getting Started with Spring Boot to create a quick introduction to Spring Boot. IntelliJ IDEA 14.1 has a nice way to create Spring Boot projects, so that came in handy. For the JHipster portion, I created a blogging app and used relationships and business logic similar to what Julien Dubois did in his JHipster for Spring Boot Webinar. Watching Josh and Julien's demos will give you a similar experience to what DJUG attendees experienced last night, without the download/deployment failures.

You can click through my presentation below, download it from my presentations page, or view it on SlideShare.

You might notice my announcement on slide #32 that I've signed up to write a book on JHipster.

The JHipster Mini-Book

I haven't started writing the book yet, but I have been talking with InfoQ and other folks about it for several months. I plan to use Asciidoctor and Gradle as my authoring tools. If you have experience writing a book with these tools, I'd love to hear about it. If you've developed an application with JHipster and have some experience in the trenches, I'd love to hear your stories too.

As I told DJUG last night, I plan to be done with the book in a few months. However, if you've been a reader of this blog, you'll know I've been planning to be done with my '66 VW Bus in just a few more months for quite some time, so that phrase has an interesting meaning for me. ;)

Posted in Java at Apr 09 2015, 08:31:54 AM MDT 4 Comments

How To Setup Your Own Software Development Company, 6 Years Later

Just over six years ago, I wrote a popular post titled How To Setup Your Own Software Development Company. I'd just left LinkedIn a few months earlier and was enjoying consulting life again, working with a group of friends at Evite. In the article, I wrote about how I liked consulting because it forces you to keep your skills up-to-date and it pays a lot better. I also talked about the type of legal entity you should form (I have an S Corp), what business insurance you should buy, what I had for health insurance and how I automated payroll and tax payments.

I recently received an email from a reader, asking me if I had any updated thoughts.

It's been nearly six years since you wrote the article about starting your own business ... and thanks, by the way.

I am starting my venture into independent contract work as a software engineer (Java technology) in California and most likely will setup an S corp entity.

Seeing that you wrote this six years ago and things have considerably changed in the U.S. (economy, health care, etc.), I was wondering if you had some updated thoughts to share, perhaps some learned lessons even.

And also, I have questions about business insurance: what type of insurance should I opt for? Is there really an umbrella insurance out there? Or does each (or many) clients out there dictate the insurance you need?

Yes, a lot has changed in the last six years. The economy has improved and health care costs have risen. Through this time, I've been able to continue to operate as an independent software developer and keep the contracts flowing. Personally, the biggest changes in my life have been outside of work. I met an exceptional woman, traveled to conferences all around the world with her, got married, traveled some more, then bought a VW Westfalia so we could have lots of fun traveling in our own backyard. All the while, I've worked for some great clients. I built a team of hot shots at Time Warner Cable (many of them still work there), I skied the awesome powder of Utah while working at Overstock and I enjoyed a long-term contract at Oracle. After Oracle, I got into the healthcare industry and I've been working in it ever since.

In fact, I just finished working for a healthcare company last week and I'm on the hunt for my next gig in April. Check out my LinkedIn profile if you'd like to see my résumé.

I've learned quite a few lessons over the last several years. As an independent developer, the biggest thing I've learned is marketing is key. I've always known this, but I've been reminded of its importance a few times. When I worked at Taleo (after Overstock), I was on a 3-month contract that turned into a 9-month contract that got a 1-year extension when Oracle bought them. The work was challenging, but the application was outdated. Getting them to adopt new technologies like Bootstrap and AngularJS was difficult. When Oracle took over, they offered me a 1-year contract at a great rate. I accepted, never thinking it would be difficult to get paid from someone like Oracle. It took them over three months to pay my first invoice and it took me another three months to get payments flowing regularly. I felt like I was trapped. I felt like I could quit, but that wouldn't speed up the process of getting my invoices paid. From this experience, I'm hesitant to start with any contract that's longer than three months.

During my time at Oracle, I didn't blog as much as I had previously (because the day-to-day work wasn't that exciting), but I did still speak at conferences. Last year, I took the year off from speaking at conferences altogether. Speaking is an excellent marketing tool. Because of my lack of speaking, I saw a downturn in contract opportunities in Q4 last year.

As far as health insurance is concerned, I continued to have a disaster prevention plan, with a $5K per year deductible. I paid around $300/month for this, and rarely used it. By riding my bike to my office in downtown Denver, and skiing a bunch in the winter, I felt like I was pretty healthy. After I stopped eating sugar last fall, I became much healthier. So much healthier that I've stopped taking high blood pressure medication. Today, I don't pay for health insurance. Trish went back to IT Security Sales in November and she was able to get me on her company's plan for $100 cheaper than what I was paying. I didn't have dental insurance for the last five years and I did have to shell out $5K for a tooth implant at one point.

For business insurance, I have the Business Owner's Policy from The Hartford. I pay around $600/year and I've gotten that back when I've had laptops stolen or accidentally killed my iPhone. I've got automated backups going all the time, so I haven't lost any data in several years. This insurance policy and its liability coverage has been "good enough" for all my clients, including the big ones.

I think the biggest lesson I've learned in the last several years is that the best way to be rich is to be rich in time. I've always dreamed of making $500/hour and working 20 hours per week. While $500/hour sounds crazy, you know there's consultants out there that are making that kinda cash. They're probably not in software, maybe they're political consultants, or former professional athletes, but those consulting rates do exist. In software, there's certainly companies that bill those kinda rates. My rates for the last several years haven't been that good, but they've been pretty awesome.

Earlier this year, I had the opportunity to work 20 hours per week instead of 40. It was one of the greatest work-life experiences I've had to date. I was still able to pay all my bills, and I had time during each-and-every-day to do something fun. When working 40 hours per week, exercising and cooking dinner were somewhat of a chore. When I flipped to working less, work became the chore and exercise and cooking became the fun parts of my day. I read somewhere recently that if Americans valued health over wealth, we'd be a lot better off. I felt like I did this when working less and that I was rich in time.

Related to feeling better over making more, I've started to target employment opportunities that offer a good team to work with. For the last year, most of my contracts have been with remote clients, where they haven't required me to travel onsite. While this sounds great in theory, I do miss the comradery that exists when working with a team. Working with someone over a Skype/HipChat call is nothing like sitting next to each other and cracking jokes while writing code. Don't get me wrong, I love remote work, but I do think it's important to be onsite and collaborating face-to-face at least once per month.

To those individuals looking to start their own Solopreneurship, I hope this advice helps. It's been a great experience for me.

Posted in Java at Mar 02 2015, 09:26:01 AM MST 5 Comments

AppFuse 3.5 Released!

The AppFuse Team is pleased to announce the release of AppFuse 3.5. This release contains a number of improvements.

  • XML reduced by 8x in projects generated with AppFuse
  • CRUD generation support for Wicket, as well as AppFuse Light archetypes (Spring Security, Spring FreeMarker and Stripes)
  • Upgraded Tapestry to 5.4
  • Integrated Spring IO Platform for dependency management
  • Refactored unit tests to use JUnit 4
  • Renamed maven-warpath-plugin to warpath-maven-plugin
  • Upgraded to jWebUnit 3 for AppFuse Light integration tests
  • Updated all AppFuse Light modules to be up-to-date

For more details on specific changes see the release notes.

What is AppFuse?
AppFuse is a full-stack framework for building web applications on the JVM. It was originally developed to eliminate the ramp-up time when building new web applications. Over the years, it has matured into a very testable and secure system for creating Java-based webapps.

Demos for this release can be viewed at http://demo.appfuse.org. Please see the QuickStart Guide to get started with this release.

If you have questions about AppFuse, please read the FAQ or join the user mailing list. If you find any issues, please report them on the users mailing list. You can also post them to Stack Overflow with the "appfuse" tag.

Thanks to everyone for their help contributing patches, writing documentation and participating on the mailing lists.

We greatly appreciate the help from our sponsors, particularly Atlassian, Contegix, and JetBrains. Atlassian and Contegix are especially awesome: Atlassian has donated licenses to all its products and Contegix has donated an entire server to the AppFuse project.

Posted in Java at Feb 20 2015, 09:08:53 AM MST Add a Comment

Converting an Application to JHipster

I've been intrigued by JHipster ever since I first tried it last September. I'd worked with AngularJS and Spring Boot quite a bit, and I liked the idea that someone had combined them, adding some nifty features along the way. When I spoke about AngularJS earlier this month, I included a few slides on JHipster near the end of the presentation.

This week, I received an email from someone who attended that presentation.

Hey Matt,
We met a few weeks back when you presented at DOSUG. You were talking about JHipster which I had been eyeing for a few months and wanted your quick .02 cents.

I have built a pretty heavy application over the last 6 months that is using mostly the same tech as JHipster.

  • Java
  • Spring
  • JPA
  • AngularJS
  • Compass
  • Grunt

It's ridiculously close for most of the tech stack. So, I was debating rolling it over into a JHipster app to make it a more familiar stack for folks. My concern is that it I will spend months trying to shoehorn it in for not much ROI. Any thoughts on going down this path? What are the biggest issues you've seen in using JHipster? It seems pretty straightforward except for the entity generators. I'm concerned they are totally different than what I am using.

The main difference in what I'm doing compared to JHipster is my almost complete use of groovy instead of old school Java in the app. I would have to be forced into going back to regular java beans... Thoughts?

I replied with the following advice:

JHipster is great for starting a project, but I don't know that it buys you much value after the first few months. I would stick with your current setup and consider JHipster for your next project. I've only prototyped with it, I haven't created any client apps or put anything in production. I have with Spring Boot and AngularJS though, so I like that JHipster combines them for me.

JHipster doesn't generate Scala or Groovy code, but you could still use them in a project as long as you had Maven/Gradle configured properly.

You might try generating a new app with JHipster and examine how they're doing this. At the very least, it can be a good learning tool, even if you're not using it directly.

Java Hipsters: Do you agree with this advice? Have you tried migrating an existing app to JHipster? Are any of you using Scala or Groovy in your JHipster projects?

Posted in Java at Feb 12 2015, 09:28:59 AM MST 2 Comments

Integrating Node.js, Ruby and Spring with Okta's SAML Support

Okta Security has always piqued my interest, ever since I first developed AppFuse and figured out how to make J2EE security work back in 2004. I hacked AppFuse to have Remember Me functionality, then moved onto Acegi/Spring Security. Spring Security had the features I needed, even if it did require almost 100 lines of XML to configure it. These days, it's much better and its JavaConfig - combined with Spring Boot - is pretty slick.

That was the first part of my security life. The second phase began the night I met Trish, and learned she sold security products. She knew of OWASP and their top 10 rules. It was Trish that inspired me to write my Java Web Application Security presentation. I really enjoyed writing that presentation, comparing Apache Shiro, Spring Security and Java EE's security frameworks. I followed up the first time I presented it with a number of blog posts and screencasts. Hmmmm, maybe I should update the presentation/screencasts to use Java configuration only (#NoXML) and submit it to a couple conferences this year? I digress.

I had to do a security-related spike over the last couple weeks. I was trying to get SAML authentication working with Okta and my client's Active Directory server. Luckily, someone setup the AD integration so all I had to do was try a few different languages/frameworks. I searched and found ThoughtWorks' okta-samples, which includes examples using Node.js and Sinatra (Ruby + JRuby). I also found a Spring SAML example that includes one of my favorite things in JavaLand: Java-based configuration.

I'm happy to report I was able to get all of these applications working with my client's Okta setup. This article will tell you how I did it. For each application, I created a new application on Okta using its "Template SAML 2.0 Application" and added myself in the application's "People" tab. Each section below contains the configuration I used for Okta. The instructions below assume you're similar to me, a developer that has Java 8, Node and Ruby installed, but none of the specific frameworks. As I write this, I have everything working on my Mac with Yosemite, but I wrote the instructions below using one of my old laptops, fresh after a Yosemite upgrade.

[Read More]

Posted in Java at Jan 08 2015, 11:43:47 AM MST Add a Comment

AppFuse, Reduced

In November, I had some time off between clients. To occupy my time, I exercised my body and brain a bit. I spent a couple hours a day exercising and a few hours a day working on AppFuse. AppFuse isn't used to start projects nearly as much as it once was. This makes sense since there's been a ton of innovation on the JVM and there's lots of get-started-quickly frameworks now. Among my favorites are Spring Boot, JHipster, Grails and Play.

You can see that AppFuse's community activity has decreased quite a bit over the years by looking at its mailing list traffic.

AppFuse Mailing List Traffic, December 2014

Even though there's not a lot of users talking on the mailing list, it still seems to get quite a few downloads from Maven Central.

AppFuse Maven Central Stats, November 2014

I think the biggest value that AppFuse provides now is a learning tool for those who work on it. Also, it's a good place to show other developers how they can evolve with open source frameworks (e.g. Spring, Hibernate, JSF, Tapestry, Struts) over several years. Showing how we migrated to Spring MVC Test, for example, might be useful. The upcoming move to Spring Data instead of our Generic DAO solution might be interesting as well.

Regardless of whether AppFuse is used a lot or not, it should be easy to maintain. Over the several weeks, I made some opinionated changes and achieved some pretty good progress on simplifying things and making the project easier to maintain. The previous structure has a lot of duplicate versions, properties and plugin configurations between different projects. I was able to leverage Maven's inheritance model to make a number of improvements:

[Read More]

Posted in Java at Dec 16 2014, 06:03:31 AM MST 6 Comments

Devoxx4Kids Denver: Having fun with littleBits

A little more than a week ago, on a beautiful Saturday morning, a number of Denver kids converged at Assembly to learn about hardware concepts with littleBits. This meetup was a bit different than our last meeting in that the kids built stuff with their hands rather than on computers.

Supplies Devoxx4Kids Sign

The workshop was taught by Juan Sanchez of Tack Mobile. Juan did an excellent job of keeping his presentation short and sweet and got the kids building things within the first hour. The event space provided by Assembly was excellent and we look forward to December's Greenfoot Workshop at the same location.

Juan in Action

[Read More]

Posted in Java at Dec 02 2014, 12:10:49 PM MST 2 Comments

Building a REST API with JAXB, Spring Boot and Spring Data

Project JAXB If someone asked you to develop a REST API on the JVM, which frameworks would you use? I was recently tasked with such a project. My client asked me to implement a REST API to ingest requests from a 3rd party. The project entailed consuming XML requests, storing the data in a database, then exposing the data to internal application with a JSON endpoint. Finally, it would allow taking in a JSON request and turning it into an XML request back to the 3rd party.

With the recent release of Apache Camel 2.14 and my success using it, I started by copying my Apache Camel / CXF / Spring Boot project and trimming it down to the bare essentials. I whipped together a simple Hello World service using Camel and Spring MVC. I also integrated Swagger into both. Both implementations were pretty easy to create (sample code), but I decided to use Spring MVC. My reasons were simple: its REST support was more mature, I knew it well, and Spring MVC Test makes it easy to test APIs.

Camel's Swagger support without web.xml
As part of the aforementioned spike, I learned out how to configure Camel's REST and Swagger support using Spring's JavaConfig and no web.xml. I made this into a sample project and put it on GitHub as camel-rest-swagger.

This article shows how I built a REST API with Java 8, Spring Boot/MVC, JAXB and Spring Data (JPA and REST components). I stumbled a few times while developing this project, but figured out how to get over all the hurdles. I hope this helps the team that's now maintaining this project (my last day was Friday) and those that are trying to do something similar.

[Read More]

Posted in Java at Oct 29 2014, 05:52:37 AM MDT 2 Comments