When we’re building web applications containing data entry forms, it’s sometimes a requirement that (part of) the form is dynamic, in the sense that the fields to be included in the form need to be determined at runtime. For instance, this may be required if application managers need to be able to add new data fields quickly through a management console, without support by a programmer.
Posts Tagged ‘Spring MVC’
After learning about AngularJS a couple of months ago, I started using it on new Java web projects, and that has been a great pleasure. If you haven’t worked with AngularJS yet, you may be wondering what the hype is all about and whether or not it’s a thing worthwhile of investing your time in. In this blog, I’d like to put some of the merits of AngularJS in the spotlights, by comparing it to some other approaches for web application programming in the Java world.
It’s been a while since our last ‘from the trenches’ entry, and as I’ve found I am better at authoring blogs than convincing colleagues to do the same I figured I’d write you another installment. This time I’d like to focus on an easy yet powerful approach that we used to secure a multi-tenant Spring-MVC application using Spring Security and its support for annotation-based declarative authorization.
If you’re developing enterprise web applications, then you have certainly applied some form of security to your apps. In some cases it suffices to come up with a number of roles that you can assign to (groups of) users and to perform authorization based on that. However, in many cases that’s not enough and the concept of data access control comes into play: only users that are somehow related to the data they’re trying to work with should be allowed to access that data. This can be through direct ownership, access control lists, some temporary relation like a doctor-patient treatment relationship, etc. A common requirement in multi-tenant applications, where a single application instance is used by people from different organizations whose data should be strictly separated, is that data should only be accessible by people who work for the organization that that data belongs to.
In this blog we’ll show you one approach that we used to implement this with Spring Security.
The Axon framework is a CQRS framework created by Allard Buijze. From the beginning I am trying to help him out, mostly by creating samples. This blog post is about a sample I am creating for Google App Engine. Everybody that has been working with Google App Engine (GAE) knows that it enforces some limitations on the jdk. The sample uses spring, spring security, sitemesh, objectify and of course Axon. I’ll discuss everything that was needed to deploy a working axon application.