Book Review: Pro JavaFX 2: A Definitive Guide to Rich Clients with Java Technology
I was privileged to be given a copy of the recently released Pro JavaFX 2: A Definitive Guide to Rich Clients with Java Technology
GlassFish 3.1.2, REST Security, and the Jersey Client
Jason Lee 2012-03-12
I recently blogged about a change we made in GlassFish 3.1.2 with regard to REST security. Specifically, we added some CSRF protection (you can read the details here ). For those of you using the Jersey Client, updating your code to support this change is very simple:
import com.sun.jersey.api.client.filter.CsrfProtectionFilter;
// ...
Client client = new Client();
client.addFilter(new CsrfProtectionFilter());
// ...On the client side, that's all you have to change. Jersey will take care of the details.
Hat tip to Dan Allen for suggesting this post. :)
1
Mar 2012
GlassFish 3.1.2 and REST Security
Jason Lee 2012-03-01
As you may know by now, we released GlassFish 3.1.2 yesterday. Tim Quinn has a nice overview of some of the security-related changes, but one change he didn't cover was one in the RESTful administration area, namely CSRF protection. I won't go into the details of what CSRF attack is here, but I do want to show we've added protections to GlassFish to make sure the server is as secure as possible.
For the curious, we implemented the CSRF protection using a filter
provided by the Jersey
team. As you can see from the javadoc, this change only affects requests that change state (POST, PUT, DELETE, etc). To update your client code, all you need to do is add the X-Requested-By header. Its value doesn't matter:
curl -X POST -H 'X-Requested-By: YeaGlassFish' -d key=value \
http://localhost:4848/management/domain/path/to/resourceThat's all there is to it. It's a very simple change, but an important one. If you run into any issues with this, please let us know!
15
Feb 2012
Comparing JVM Web Frameworks - A Critique
Jason Lee 2012-02-15
Recently, Matt Raible again presented his Comparing JVM Web Frameworks , this time at JFokus 2012. The intent of the presentation, as best as I can gather from half a world away, is to prevent some of the major JVM-based web frameworks, showing the various strengths and weaknesses, which will allow the audience to choose a framework more easily. While the goal is laudable, I'm just not sure how well executed the attempt was.
14
Feb 2012
CDI @OKCJUG
Jason Lee 2012-02-14
I had the opportunity today to present an introduction to CDI at the Oklahoma City Java Users Group . It was a smaller crowd, but they had great questions nonetheless. After a rough start in a workspace that wasn't quite as clean as it should have been, I think the went fairly well. I had a good time at least. : )
Thanks to all those that came out and asked questions during and after. If you'd like to play with the code .
My name is Jason Lee. I am a software developer living in the middle of Oklahoma. I’ve been a professional developer since 1997,
using a variety of languages, including Java, Javascript, PHP, Python, Delphi, and even a bit of C#. I currently work for Red Hat
on the WildFly/EAP team, where, among other things, I maintain integrations for some MicroProfile specs, OpenTelemetry, Micrometer,
Jakarta Faces, and Bean Validation. (Full resume 
