Category

Webapps

Categories

Test for and Patch the Heartbleed Bug

Test for and Patch the Heartbleed Bug

OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are compromised with a vulnerability that makes it possible to steal information. Patched versions of the OpenSSL may have been back ported to the "built on" date newer or equal to April 2014 should be a good indicator...

read more

Spring MVC – setting JSON date format

Spring MVC's message conversion feature is the bomb.  I love it; I wish I'd started using it long ago.  Just make sure your JSON fields match your POJO property names, and your MVC controller includes a POJO parameter or return value.  Then Spring MVC auto-converts...

read more

Understanding Spring Security – Part 4 – ACL Security

Spring Security also provides domain object level security in addition to the other types of security discussed in this Spring Security blog series. In simple terms, ACL provides a way to specify permissions based on a combination of role, business object (referred to...

read more

Understanding Spring Security – Part 1 – Introduction

Spring Security, formerly known as Acegi Security, is an open source security provider that is used extensively in Java based web applications. Due to its power and ability to be customized, Spring Security has evolved itself into the de-facto standard for securing...

read more

The CRASH Report

Cast software, the maker of software quality tools, released their second annual CRASH (Cast Report on Application Software Health) report in December. The report examined the "health" of world-wide software applications by examining the source code of 745...

read more

New and improved method for extracting JavaScript from HTML

A few weeks back, I wrote about using HTML5 custom data attributes as an enabling mechanism for extracting JavaScript from HTML pages. Turns out that approach has one significant drawback: HTML attributes are not suitable for storing arbitrary data.  Specifically, we...

read more

JSP Pages, Do not get too used to c:out!

I was always one to go ahead and use <c:out> to display model data in my JSP pages.  Never had a reason not to!  Well, I recently had a reason…   As I mentioned in my last post, I am working on a web application that uses several jQuery libraries – another...

read more

A pattern for extracting JavaScript from HTML

When I wrote about separation of concerns in webapps, I said I would consider how to apply separation of concerns in my project.  This post is a progress report!  I have tried this pattern on several pages and so far, all is well. Step 1 is obvious: just extract all...

read more

Webapps and Separation of Concerns

Separation of concerns is a big deal in software engineering.  Program structures should be nicely organized, such that distinct tasks are handled by distinct program elements.  In other words: no business logic wrapped up in our SQL statements; no data access in our...

read more