Skip to main content

Just You, Just Me

Posted by editor on September 14, 2006 at 7:17 AM PDT


Maintaining identity and credentials

A while back, Denis Pilupchuk wrote a definitive analysis of the relative strengths and weaknesses of Java and .NET security for ONJava. This exhaustive comparison nearly got me killed by my copy-editor (most feature articles run about 2,000 words; the final installment of the series was well over 7,000), and got into serious depth about not just the obvious issues security API's should handle, but also cryptography, code protection, code containment, user authentication and access, and how far each of the approaches you got you. By the way, you can buy this whole series as an inexpensive 80-page PDF from O'Reilly's online store.

But that series was written a few years ago, and standards have updated since then. In particular, Java Authentication and Authorization Service (JAAS) was added to the JDK a while back, so that should be a common solution for everyone right? Not so fast. Denis reports that it's had a hard time integrating into EE, and in many cases, vendors have implmented proprietary and mutually incompatible approaches to dealing with JAAS/EE non-integration. This problem is compounded by the emergence of service-oriented architecture and the need to provide a common security model across heterogenous services. Denis writes: "Many enterprises with heavy investments into Java technologies have already developed sophisticated JAAS-based security stacks, both on Java SE and EE platforms. Therefore, the task at hand is to define ways for taking such JAAS-based security services to the next level, to help in linking SOA services."

In our Feature Article,
Using JAAS in Java EE and SOA Environments Denis looks at the current situation, the compounding issue of SOA, and assesses future directions for JAAS.


In Java Today,

The Project Looking Glass team has posted a forum message detailing their plans for a 1.0 release. "'Panorama' is the code name that the LG core team members
have been using to describe the desktop aspect of LG. (As opposed to 'AppKit' which denotes the application library
aspect of LG). I just posted on the LG Twiki the plan for
Panorama Release 1.0. The main focus of this release is
stability and bug fixes. There are no new major features
planned at this time." The wiki page can be found in the Java Desktop wiki, under InfoReleases.

The Tidal Blog has a summary of the first day of the 10th Jini Community Meeting, currently wrapping up in Brussels, in the entry 10th Jini Meeting - Day +1. "One of the most interesting talks was the thought-provoking 'Beyond the choir' by Daniel Steinberg. The point was the usual paradox with Jini: it has proved to be reliable, good, substantially easy to work with, in a few words 'it works', BUT it's still a niche technology, ten years after its introduction. Is there any hidden problem lingering around?"

Key Indicator Data Systems, represented in the kids2 project, is a free GIS mapping software under development for over five years. Supported by grants from the Food and Agriculture Organization of the United Nations (FAO) and other funding bodies, KIDS is being used by numerous educational, government, and non-governmental agencies for thematic mapping and spatial analysis of indicator data.


You may think you're clever to use red text to indicate some important state in your GUI, but the red-green colorblind user is never going to see it. In today's Weblogs, Kirill Grouchnikov discusses How color-blind people see your UIs:
"According to medical studies, eight to ten percent of male population suffers from some kind of color blindness (the figure for female population is much lower). What does it mean to the average Swing developer? Well, if you rely too much on color differences, you may be not conveying the information as well as you thought."

In
JPRT: Build/Test System for the JDK, Kelly O'Hair reports:
"I did a little blogging on JPRT [on blogs.sun.com] but that was mostly to talk about the COOL rack of Sun hardware that I used. Now I want to talk a little more about why we need something like JPRT, and what it does for us."

Jim Hurley seems to be having a good time at the 10th Jini Community Meeting in Brussels, and says
Hey EuroOSCON! We're planning on leaving the place "messy"!
"The Meeting is open and free (like the technology), so if you're in early for EuroOSCON, you're invited to stop by."


In today's Forums,
rturnbull questions some old Swing rules-of-thumb in the thread
Re: Closures and Swing:
"> [snip] Most experienced Swing developers don't use action listeners we use Actions. Why? Other people have said the same thing. I quote from the Action javadoc: "Note that Action implementations tend to be more expensive in terms of storage than a typical ActionListener, which does not offer the benefits of centralized control of functionality and broadcast of property changes. For this reason, you should take care to only use Actions where their benefits are desired, and use simple ActionListeners elsewhere." It seems to me Actions should only be used where you have two or more components that invoke the same action, e.g. a menu entry and a toolbar button."

Bill Snyder offers his feedback on the latest SwingX component in
Re: JXStatusBar ready for public review:
"I really like the idea of having a status bar component that I can plug any bean into, rather whan having a generic JPanel subclass where the message and progress indicator is always in the same place. (Though I think common use cases like this should be readily available). Is there going to be a SwingLabs StatusBar and a JSR296 StatusBar?"


In today's java.net
News Headlines
:

Registered users can submit news items for the href="http://today.java.net/today/news/">java.net News Page using our
news submission
form
. All submissions go through an editorial review before being
posted to the site. You can also subscribe to the href="http://today.java.net/pub/q/news_rss?x-ver=1.0">java.net News RSS
feed.


Current and upcoming Java
Events
:

Registered users can submit event listings for the href="http://www.java.net/events">java.net Events Page using our href="http://today.java.net/cs/user/create/e">events submission form.
All submissions go through an editorial review before being posted to the
site.


Archives and Subscriptions: This blog is delivered weekdays as
the Java
Today RSS feed
. Also, once this page is no longer featured as the
front page of java.net it will be
archived along with other past issues in the href="http://today.java.net/today/archive/">java.net Archive.

Maintaining identity and credentials