Matt RaibleMatt Raible is a Java Champion and Developer Advocate at Okta. developer.okta.com

The JHipster Mini-Book The JHipster Mini-Book is a guide to getting started with hip technologies today: Angular, Bootstrap, and Spring Boot. All of these frameworks are wrapped up in an easy-to-use project called JHipster.

This book shows you how to build an app with JHipster, and guides you through the plethora of tools, techniques and options you can use. Furthermore, it explains the UI and API building blocks so you understand the underpinnings of your great application.

For book updates, follow @jhipster-book on Twitter.

10+ YEARS


Over 10 years ago, I wrote my first blog post. Since then, I've authored books, had kids, traveled the world, found Trish and blogged about it all.

AppFuse Light 1.8.2 Released

AppFuse Light 1.8.2 is a bug fixes release that includes upgrades for Spring, Spring Security, Hibernate, Wicket, Tapestry and many others. In addition, Spring bean definitions were replaced with annotations (@Repository, @Service and @Controller). See the Release Notes for more information on what's changed since the last release.

AppFuse Light now offers 60 possible combinations for download:

  • Web Frameworks: JSF (MyFaces), Spring MVC (with Ajax, Acegi Security, JSP, FreeMarker or Velocity), Stripes, Struts 1.x, Struts 2.x, Tapestry, WebWork, Wicket
  • Persistence Frameworks: Hibernate, iBATIS, JDO (JPOX), OJB, Spring JDBC

AppFuse Light Screenshot - click on the box at the bottom right of AL to activate StyleSheet Switcher

If you have any questions about this release, please subscribe to the AppFuse user mailing list by sending a blank e-mail to users-subscribe@appfuse.dev.java.net. You can also post questions in a forum-like fashion using Nabble: http://appfuse.org/forum/user.

Posted in Java at May 11 2008, 10:16:17 PM MDT Add a Comment

Upgrading to Spring Security 2.0

This evening I spent a few hours and upgraded AppFuse to use Acegi Spring Security 2.0. The upgrade was fairly straightforward:

  • %s/org.acegisecurity/org.springframework.security/g
  • Upgraded dependencies (exclusions are necessary if you're using Spring 2.5.x and don't want 2.0.x dependencies pulled in):
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core-tiger</artifactId>
        <version>${spring.security.version}</version>
        <exclusions>
            <exclusion>
                <groupId>org.springframework</groupId>
                <artifactId>spring-core</artifactId>
            </exclusion>
            <exclusion>
                <groupId>org.springframework</groupId>
                <artifactId>spring-support</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    ...
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-taglibs</artifactId>
        <version>${spring.security.version}</version>
        <exclusions>
            <exclusion>
                <groupId>org.springframework</groupId>
                <artifactId>spring-web</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    
  • Changed taglib prefix from "authz" to "security" and change the associated taglib declaration to:
    <%@ taglib uri="http://www.springframework.org/security/tags" 
        prefix="security" %>
    
  • In web.xml, I changed <filter-class> to org.springframework.web.filter.DelegatingFilterProxy. Since I didn't name my filter springSecurityFilterChain, I also had to add the following <init-param>:
        <init-param>
            <param-name>targetBeanName</param-name>
            <param-value>springSecurityFilterChain</param-value>
        </init-param>
    
  • Lastly, I modified security.xml to use the new syntax. AppFuse's security.xml went from 175 lines to 33 with the new security namespace configuration!

It's hard to believe I first looked at Acegi almost 4 years ago. At that time, I said it contained too much XML for my needs. Ben's reaction:

Seriously, the "whole lotta XML" gives you exponentially more power and flexibility than a method such as this could ever hope to provide you.

It's nice to see that Spring Security 2.0 gives you exponentially more power and flexibility without all the XML. Thanks guys!

P.S. You can also view the full changelog for this upgrade.

Update: If you're using <authz:authentication property="fullName"/> in your JSPs, you'll need to change it to <security:authentication property="principal.fullName"/>.

Posted in Java at Apr 17 2008, 02:45:47 AM MDT 19 Comments

Acegi Security 1.0.6 and Spring Security 2.0-M1

From the Acegi mailing list:

Release 1.0.6 is now available from Sourceforge:

http://sourceforge.net/project/showfiles.php?group_id=104215

This is a minor bugfix and maintenance release - the changelog can be viewed here:

http://jira.springframework.org/secure/ReleaseNote.jspa?version=10671&styleName=Text&projectId=10040

The jar files should also be available from the central maven repository.

Spring Security 2.0-M1
----------------------
This is the first milestone release of Spring Security 2.0. You can download it from:

http://static.springframework.org/downloads/nightly/milestone-download.php?project=SEC

The changelog can be found here:

http://jira.springframework.org/secure/ReleaseNote.jspa?projectId=10040&styleName=Html&version=10451

For maven users, the jars are available from the Spring milestone repository. For details on how to add this to your project, read Ben Hale's article.

I tried this release with AppFuse and all tests pass.

Posted in Java at Jan 04 2008, 12:31:37 PM MST 3 Comments

Spring Security 2

It looks like we'll have to wait until next week to get our hands on Spring Security 2 (the next release of Acegi Security). The good news is it looks much simpler. From what I can tell, this new code is available in Acegi's SVN repository. Here's to hoping the Acegi Team writes some sort of migration guide.

Posted in Java at Dec 06 2007, 03:52:34 PM MST 3 Comments

Integrate AppFuse with Crowd in 5 Easy Steps

The good folks at Atlassian have written a nice tutorial on Integrating Crowd with AppFuse and Acegi. Crowd is a web-based single sign-on (SSO) tool that simplifies application provisioning and identity management. We use Crowd for the AppFuse project to maintain a single user store for JIRA, Confluence, and Bamboo. It's worked awesome for us.

Posted in Java at Nov 29 2007, 10:33:32 AM MST 2 Comments

AppFuse Light 1.8.1 Released: includes upgrades to Spring 2.5 and Wicket 1.3

AppFuse Light 1.8.1 is a bug fixes release that includes an upgrade to Spring 2.5 and Wicket 1.3 RC1. See the Release Notes for more information on what's changed since the last release.

What is AppFuse Light? Click here to find out.

AppFuse Light now offers 60 possible combinations for download:

  • Web Frameworks: JSF (MyFaces), Spring MVC (with Ajax, Acegi Security, JSP, FreeMarker or Velocity), Stripes, Struts 1.x, Struts 2.x, Tapestry, WebWork, Wicket
  • Persistence Frameworks: Hibernate, iBATIS, JDO (JPOX), OJB, Spring JDBC

AppFuse Light Screenshot - click on the box at the bottom right of AL to activate StyleSheet Switcher

If you have any questions about this release, please subscribe to the AppFuse user mailing list by sending a blank e-mail to users-subscribe@appfuse.dev.java.net. You can also post questions in a forum-like fashion using Nabble: http://appfuse.org/forum/user.

If you're a developer of one of the frameworks that AppFuse Light uses - I'd love a code review to make sure I'm "up to snuff" on how to use your framework. I'm also more than willing to give commit rights if you'd like to improve the implementation of your framework.

Live demos are available at:

What's on tap for AppFuse Light 2.0? Here's what I'm hoping to do:

  1. Drop the seldom-used persistence frameworks: JDBC, JDO and OJB.
  2. Drop Struts 1.x and WebWork as web frameworks (replaced by Struts 2).
  3. Support the same persistence frameworks as AppFuse: Hibernate, iBATIS and JPA.
  4. Re-use appfuse-service, appfuse-hibernate, appfuse-ibatis and appfuse-jpa in AppFuse Light. I'll likely include the core classes (User, Role) since AppFuse Light is more "raw" than AppFuse.
  5. Require Java 5.

Let me know if you disagree with any of these items or would like to see other enhancements.

Posted in Java at Nov 29 2007, 09:28:06 AM MST 3 Comments

Apache Roller, Acegi Security, LDAP and JA-SIG CAS

Earlier today, I delivered my talk on Apache Roller, Acegi Security and Single Sign-on. As part of this talk, I put together a couple of tutorials you might find useful:

NOTE: These tutorials are using Roller's trunk as we found some things to simplify LDAP integration tonight.

You can download a PDF version of my presentation from my publications page.

During the presentation I did a number of demos:

  • Installing Roller on Tomcat
  • Integrating Roller with Apache Directory Server
  • Integration Roller with CAS
  • Integrating CAS with LDAP

Rather than saving the demo for the end, I did it as the first part of my presentation. This worked extremely well - especially since I didn't have to worry about running out of time.

If you're using Roller, have you integrated it with LDAP or another SSO solution? If so, is it working well for you?

Posted in Roller at Oct 23 2007, 01:38:40 AM MDT 5 Comments

AppFuse Light 1.8 Released

AppFuse Light 1.8 adds CSS Framework integration, as well as support for Stripes (1.4.2) and Wicket (1.2.6). It also has significant upgrades for JSF and Tapestry; to versions 1.2 and 4.1.3 respectively. See the Release Notes for more information on what's changed since the the beta release of 1.8.

What is AppFuse Light? Click here to find out.

AppFuse Light now offers 60 possible combinations for download:

  • Web Frameworks: JSF (MyFaces), Spring MVC (with Ajax, Acegi Security, JSP, FreeMarker or Velocity), Stripes, Struts 1.x, Struts 2.x, Tapestry, WebWork, Wicket
  • Persistence Frameworks: Hibernate, iBATIS, JDO (JPOX), OJB, Spring JDBC

AppFuse Light Screenshot - click on the box at the bottom right of AL to activate StyleSheet Switcher

If you have any questions about this release, please subscribe to the AppFuse user mailing list by sending a blank e-mail to users-subscribe@appfuse.dev.java.net. You can also post questions in a forum-like fashion using Nabble: http://appfuse.org/forum/user.

If you're a developer of one of the frameworks that AppFuse Light uses - I'd love a code review to make sure I'm "up to snuff" on how to use your framework. I'm also more than willing to give commit rights if you'd like to improve the implementation of your framework.

Live demos are available at:

Yes, I realize that 60 combinations is ridiculous. I didn't create the frameworks, I'm just integrating them so you don't have to. ;-)

Unfortunately, it's a real pain to create Maven archetypes or they'd all be as easy as mvn archetype:create. Rumor is that the archetype plugin will allow you to create-from-project in the future. When that happens, I'll make sure all the combinations are available as archetypes.

Posted in Java at Sep 14 2007, 11:01:46 AM MDT 2 Comments

The Security Annotation Framework

Spotted on the Acegi Security mailing list several weeks ago:

A few weeks ago, I started an open source project (Security Annotation Framework) which addresses annotation-based, instance-level access control for Spring applications. It is also based on Spring 2.0's extensible XML authoring features. You can find more info at

http://sourceforge.net/projects/safr and http://safr.sourceforge.net

The framework was created during a project in 2006 and is now available under the Apache 2.0 license. It's a generic framework focused on processing security annotations on Spring beans as well as domain objects (which typically aren't managed by a Spring application context) and can be used to enforce access decisions for domain object instances. It can be used with any authorization provider and is not specific to Acegi. However, I plan to include an example how to use the SAF with Acegi authorization soon. Furthermore, it supports inheritance of annotations from base classes and interfaces.

What do you think about SAF? Are annotations a better way of implementing ACLs on domain objects?

Posted in Java at May 24 2007, 12:42:35 PM MDT 1 Comment

AppFuse Light 1.8 Beta Released

AppFuse Light 1.8 Beta adds CSS Framework integration, as well as support for Stripes (1.4.2) and Wicket (1.2.6). This is a beta release so we can work out some kinks before the final release.

AppFuse Light now offers 60 possible combinations for download:

  • Web Frameworks: JSF (MyFaces), Spring MVC (with Ajax, Acegi Security, JSP, FreeMarker or Velocity), Stripes, Struts 1.x, Struts 2.x, Tapestry, WebWork, Wicket
  • Persistence Frameworks: Hibernate, iBATIS, JDO (JPOX), OJB, Spring JDBC

AppFuse Light Screenshot - click on the box at the bottom right of AL to activate StyleSheet Switcher

If you have any questions about this release, please subscribe to the AppFuse user mailing list by sending a blank e-mail to users-subscribe@appfuse.dev.java.net. You can also post questions in a forum-like fashion using Nabble: http://appfuse.org/forums.

If you're a developer of one of the frameworks that AppFuse Light uses - I'd love a code review to make sure I'm "up to snuff" on how to use your framework. I'm also more than willing to give commit rights if you'd like to improve the implementation of your framework.

Live demos are available at:

Update: Based on Martin's blog post, I've added the version numbers for Stripes and Wicket (1.4.2 and 1.2.6, respectively). While the Wicket guys recommended I use Wicket 1.3.0, I was already knee deep in 1.2.6 when I read their recommendation. If 1.3.0 really is that much better than 1.2.6, it should be a pleasure to upgrade (and a good learning experience too boot!).

Posted in Java at Apr 26 2007, 02:23:22 AM MDT 10 Comments