May 21, 2004
JSR-170 Content Repository for Java Technology API Public Review
The public review has become available for JSR-170. This draft is available for Public Review as per Section 3.2 of the Java Community ProcessSM Program. Close of Public Review: 19 July 2004.
Posted by 0xFF3300 at 07:39 AM | Comments (0) | TrackBack
December 22, 2003
BEA Takes Security Onto Itself
BEA Systems Inc. this month is shipping a system designed to remove
security responsibilities from developers.
The new system, BEA Weblogic Enterprise Security, takes security from
the individual applications and makes it accessible to resources
around the network, including Web servers, application servers and
data stores.
A result of BEA's February acquisition of CrossLogix Inc., Enterprise
Security is the third of the company's moves to expand security,
according to vice president of business strategy Mark Moriconi. The
first was making security available to its own application server in
WebLogic 7.0. Next, the company made security available throughout its
own WebLogic Platform 8.1. Now, it is making the security available to
other products via APIs and partnerships.
This is the first time BEA has pulled out security services as a
separate product. Enterprise Security will work not only with the
WebLogic Platform, but also with applications developed with other
platforms, such as IBM's WebSphere, Moriconi said.
The software provides centralized security administration and
configuration, but distributes that information to modules customized
for Web servers, application servers and custom applications.
It includes authentication using LDAP, relational databases and
Microsoft's NT domain system. It uses Security Assertion Markup
Language (SAML) to exchange security information, and can assign
business roles that map to specific access rights.
According to Moriconi, the system can unify disparate security systems
into a single policy. "You can change your policy and we implement it
automatically across the enterprise in seconds," he said.
Enterprise Security is scheduled to ship Oct. 28.
Posted by 0xFF3300 at 11:20 PM | Comments (0)
IBM Puts Its Stamp on Source Validation
Realizing that the complexity of the J2EE environment causes
application defects that are much more elusive, IBM Corp. last month
released as a technology preview an automated code review tool called
J2EE Code Validator, created as a plug-in to the WebSphere Studio
Application Developer environment.
The new tool has an extensible knowledge base that includes both best
practices and anti-patterns to help developers create better software,
according to IBM's Robert Johnson, the software researcher who headed
up the J2EE Code Validator project.
A WebSphere Studio user can look at his application assets in one
pane, run that code against the validation tool and get another pane
to pop up listing the problems, Johnson explained. A third pane would
show the line of code where the defect exists, and the user can drill
down to get a fourth view with an explanation of what's going on in
the code and suggestions for how to fix it.
By automating the process, Johnson said, organizations can more
quickly prioritize which problems should be dealt with first, and
better utilize their resources to get the project completed.
He stressed that IBM's research department works very closely with the
company's customers, and was able to get a clear understanding of the
requirements for J2EE Code Validator before writing the tool. Then,
working in conjunction with the WebSphere team, the group was able to
draw from a broad knowledge base to create the rules and best
practices inside the tool.
"There are a set of anti-patterns we're seeing repeatedly," Johnson
said, such as applications failing to properly release resources when
they're done using them. "We thought it would be good to validate
against these things with automation."
The tool is expected to become widely available next year.
Posted by 0xFF3300 at 11:19 PM | Comments (0)