tag:blog.thisismartin.com,2014:/feedMartin Spasovski2016-06-16T06:41:09-07:00Martin Spasovskihttp://blog.thisismartin.comSvbtle.comtag:blog.thisismartin.com,2014:Post/cool-spring-projects-vol-22016-06-16T06:41:09-07:002016-06-16T06:41:09-07:00Useful demo/reference Spring based projects - Vol. 2<p>This is a second blog post in a series of posts which will highlight useful demo/reference Spring based projects. To check Vol. 1 go to <a href="http://blog.thisismartin.com/cool-demo-projects-from-springone2gx-2014">cool demo projects from #SpringOne2GX 2014</a>.</p>
<ol>
<li><p><a href="https://github.com/kbastani/spring-boot-graph-processing-example">spring-boot-graph-processing-example</a></p></li>
<li><p><a href="https://github.com/sqshq/PiggyMetrics">PiggyMetrics</a></p></li>
<li><p><a href="https://github.com/Qkyrie/spring-boot-netflix-example">spring-boot-netflix-example</a></p></li>
<li><p><a href="https://github.com/kucharzyk/spring-angular2-starter">spring-angular2-starter</a></p></li>
<li><p><a href="https://github.com/jmnarloch/rxjava-spring-boot-starter">rxjava-spring-boot-starter</a></p></li>
<li><p><a href="https://github.com/thomasdarimont/spring-boot-keycloak-server-example">spring-boot-keycloak-server-example</a></p></li>
<li><p><a href="https://github.com/saturnism/spring-boot-docker">spring-boot-docker</a></p></li>
</ol>
tag:blog.thisismartin.com,2014:Post/inspect-element-and-javascript-console-on-android-and-ios-devices-with-weinre2015-01-08T07:16:55-08:002015-01-08T07:16:55-08:00Inspect element and JavaScript console on Android and iOS devices with weinre<p>From time to time a developer needs to run some JS, or to check out the source of a page that is loaded, on a tablet or a smartphone. The first thing you’ll notice that Chrome has no developer tools on mobile. Fear not, remote access is possible.</p>
<p>Enter <strong><a href="https://people.apache.org/%7Epmuellr/weinre/docs/latest/Home.html">weinre</a></strong> (WEb INspector REmote). With weinre you’ll get the Chrome Developer Tools on your desktop - for every device that opens your specific web page.</p>
<p>Lets install and start weinre, and we’ll see how it works.</p>
<h1 id="installation_1">Installation: <a class="head_anchor" href="#installation_1">#</a>
</h1>
<p>First you’ll need <a href="http://nodejs.org/download/">node and npm installed</a>. After that, install weinre with</p>
<p><code class="prettyprint">npm -g install weinre</code></p>
<h1 id="running_1">Running: <a class="head_anchor" href="#running_1">#</a>
</h1>
<p>After weinre is installed, start the ‘server’ on your machine with</p>
<p><code class="prettyprint">weinre --boundHost 127.0.0.1 --httpPort 9090</code></p>
<p><em>Change the IP address and the port to your needs</em>.</p>
<p>And one last and very important step, include the following snippet in your relevant web app template:</p>
<p><code class="prettyprint"><script src="http://127.0.0.1:9090/target/target-script-min.js#anonymous"></script></code></p>
<p>This little JS script helps the web app loaded on the device to be accessed from your desktop machine.</p>
<h1 id="how-does-it-work_1">How does it work? <a class="head_anchor" href="#how-does-it-work_1">#</a>
</h1>
<p>When the web app is loaded, the script connects with the ‘server’ and provides the information needed to the embedded Chrome Developer Tools.</p>
<p>Next, go to <a href="http://127.0.0.1:9090/client/#anonymous">http://127.0.0.1:9090/client/#anonymous</a> and under <strong>Targets</strong> you’ll get a list of devices that have opened the page with the JS script included. </p>
<p><img src="https://dl.dropboxusercontent.com/u/137949/SVBTLE/weinre_result.jpg" alt="" title="Remote tab"></p>
<p>Now, select a target, and then click the tab that you need (Elements, Console, etc…).</p>
<p>The following screenshot (from the weinre page) is an example with the Elements tab opened:</p>
<p><img src="https://dl.dropboxusercontent.com/u/137949/SVBTLE/weinre-demo_result.jpg" alt="" title="Elements tab"></p>
<h1 id="alternatives_1">Alternatives? <a class="head_anchor" href="#alternatives_1">#</a>
</h1>
<p>Of course there are alternatives. Most popular and feature complete is <a href="https://creative.adobe.com/products/inspect">Adobe Inspect</a>, but I found it to be too heavy. Too much setups and apps have to be installed to get it working. With weinre it’s just the server and a single JS import statement in the web app template.</p>
tag:blog.thisismartin.com,2014:Post/cool-demo-projects-from-springone2gx-20142014-11-14T05:23:45-08:002014-11-14T05:23:45-08:00Cool demo projects from #SpringOne2GX 2014<p>Want to learn Spring by example? Use the source, Luke! </p>
<p>This is a list of the coolest example/demo projects that can be found at the <a href="https://github.com/SpringOne2GX-2014">SpringOne2GX conference Github space</a>. For each project there’s a related presentation as well. </p>
<ol>
<li><p>Rective Geocoder - <a href="https://github.com/SpringOne2GX-2014/reactive-geocoder">code</a>, <a href="http://www.slideshare.net/SpringCentral/spring-one2gx-2014reactivestreams-41130280">presentation</a>: uses Reactor, Spring Boot, and Ratpack.</p></li>
<li><p>Recommendation Engine - <a href="https://github.com/SpringOne2GX-2014/MichaelMinella-Recommendation-Engine">code</a>, <a href="http://www.slideshare.net/SpringCentral/building-a-recommendation-engine-with-spring-and-hadoop">presentation</a>: uses Hadoop, Spring XD, Apache Mahout, Spring Batch, Spring Boot, etc..</p></li>
<li><p>Microservice Security - <a href="https://github.com/SpringOne2GX-2014/microservice-security">code</a>, <a href="http://presos.dsyer.com/decks/microservice-security.html">presentation</a>: uses Spring Boot, Spring Security, Spring Session, OAuth 2, etc..</p></li>
<li><p>Spring Resource Handling - <a href="https://github.com/SpringOne2GX-2014/spring-resource-handling">code</a>, <a href="http://www.slideshare.net/SpringCentral/resource-handling-spring-framework-41-41088162">presentation</a>, uses Spring Boot, Spring MVC, Groovy, Handlebars, Node, Gulp.js, etc…</p></li>
<li><p>Intro to Spring Hadoop - <a href="https://github.com/SpringOne2GX-2014/Intro-to-Spring-Hadoop">code</a>, <a href="http://www.slideshare.net/SpringCentral/spring-one2gx-2014springforapachehadoop">presentation</a>, uses Hadoop, Spring XD, Spring Data Hadoop, Spring Boot, Hive, etc…</p></li>
<li><p>Spring-a-gram - <a href="https://github.com/SpringOne2GX-2014/spring-a-gram">code</a>, <a href="http://www.slideshare.net/SpringCentral/creating-restful-hypermediabased-microservices-with-spring-boot">presentation</a>, uses Spring Boot, Spring MVC, Spring Data JPA, Spring Data REST, Bower, RequireJS, jQuery, etc…</p></li>
</ol>
<p>Bonus: an <em>HTML5 SnapChat clone developed with Spring and AngularDart</em> - <a href="https://github.com/sdeleuze/opensnap">Opensnap</a>. Uses Reactor, Spring Boot, Spring Security, MongoDB, Dart, AngularDart, etc…</p>
tag:blog.thisismartin.com,2014:Post/publishing-developer-documentation2014-10-08T07:29:11-07:002014-10-08T07:29:11-07:00Publishing developer documentation<p>While searching for a nice and easy way to publish developer documentation and make it available to other folks I found several options, so I’m sharing them here in this short-but-informative post.</p>
<p>The main distinction between the options is that some are self-hosted and some are available as a service.</p>
<h1 id="selfhosted_1">Self-hosted: <a class="head_anchor" href="#selfhosted_1">#</a>
</h1>
<ul>
<li>Flatdoc: <a href="https://github.com/rstacruz/flatdoc">Github</a> / <a href="http://ricostacruz.com/flatdoc/">Homepage</a>
</li>
<li>Slate: <a href="https://github.com/tripit/slate">Github</a> / <a href="https://github.com/tripit/slate/wiki">Wiki</a>
</li>
</ul>
<p>Both tools use Markdown for writing and don’t require server-side processing except serving file resources (html/css/js). You write the documentation in Markdown, customize the templates, generate the pages and put them on a server. This means that the documentation can be hosted on pretty much everything, from GitHub Pages to Heroku and more. The only difference between these two is that Flatdoc is not generating the static pages - it’s loading the Markdown documents in the browser and renders them in place.</p>
<h1 id="hosted_1">Hosted: <a class="head_anchor" href="#hosted_1">#</a>
</h1>
<ul>
<li>ReadMe: <a href="https://readme.io/">Homepage</a>
</li>
<li>Read the Docs: <a href="https://readthedocs.org/">Homepage</a> / <a href="https://docs.readthedocs.org/en/latest/index.html">Documentation</a>
</li>
</ul>
<p>ReadMe is the new kid on the block, it’s free plan is sufficient for a lot of use cases and looks good. On the other hand, Read the Docs is the most popular choice in the OpenSource community, has built in search functionality and other powerful features (check out the documentation).</p>
<h1 id="which-to-choose-hosted-or-self-hosted_1">Which to choose? Hosted or self hosted? <a class="head_anchor" href="#which-to-choose-hosted-or-self-hosted_1">#</a>
</h1>
<p>That depends of many factors. Is there a server available to host the documentation? Will someone maintain it? Do you need the documentation on a local/internal network or will it be available to the Internet? </p>
<p>For example, Mozilla uses both, the <a href="http://mozilla.github.io/localForage/">documentation for localForage</a> is built using Slate, and <a href="http://brick.mozilla.io/">the documentation for Brick</a> is hosted on ReadMe.</p>
<h1 id="what-about-api-documentation_1">What about API documentation? <a class="head_anchor" href="#what-about-api-documentation_1">#</a>
</h1>
<p>There are two obvious choices: <a href="http://swagger.io/">Swagger</a> and <a href="http://apiblueprint.org/">API Blueprint</a>. Swagger is very popular and can be used to generate the documentation from the actual code. The Swagger specification is language-agnostic and there’s support for dozens of programming languages and frameworks.</p>
tag:blog.thisismartin.com,2014:Post/think-like-a-caching-mechanism2014-03-14T06:02:43-07:002014-03-14T06:02:43-07:00Think like a caching mechanism<p>We keep the things we use around us, in reach, in all sorts of situations. Stuff on the desk at work, stuff on the coffee-table in the living room, on the drawers in the bathroom, in the garage, etc…</p>
<p>One day, while sorting and storing things around the house, a thought emerged, <em>we should manage these items like a caching mechanism!</em></p>
<p>Cache, <a href="https://en.wikipedia.org/wiki/Cache">as described in Wikipedia</a>, is:</p>
<blockquote class="short">
<p>a component that transparently stores data so that future requests for that data can be served faster</p>
</blockquote>
<p>For example, when a blog post is opened, the system does not read it from database the data per every request, but it caches and retrieves it in an instant, from the RAM memory. Or another example, instead of going to the basement for your favorite wine, keep one in the fridge.</p>
<p>How can we apply this kind of thinking around the house? Let’s see the characteristics of a cache:</p>
<p><strong>Cache size</strong>: imagine your most accessible drawers, and the tables you reach out most as the cache, as the ‘level one’ cache. You calculate the area that is to be used for storing things and make an estimation how much and which stuff to put on there. You may populate it with the items you think are most needed to be easily accessible, or you may put the items as you see that you use them.</p>
<p><strong>Eviction policy</strong>: imagine you have a drawer with perfumes, and some of these are not used at all. A cache would remove these items, either by the ‘Least Recently Used (LRU)’ or by the ‘Least Frequently Used (LFU)’ policy. And in this case, we remove/evict this never-used perfume in some more permanent and less accessible storage, let’s call it the ‘level two’ cache.</p>
<p><strong>Retrieving items</strong>: when we go to retrieve an item we need, if it’s not in the cache, we add it, so that the next time it will be there and the time ‘penalty’ will not happen. To get an idea of item retrieval and time penalties, let’s see an illustration of the example with the favorite wine:</p>
<p><img src="http://dl.dropboxusercontent.com/u/137949/SVBTLE/Cache-Blog-Post.PNG" alt="Wine example"></p>
<p><strong>Adding new items</strong>: when we add a new item in the cache (new perfume!) we first check if the cache is full and if it is we remove an item by applying the eviction policy. If there is space in the cache we can just add it.</p>
<p><strong>Time to live</strong>: cache mechanisms can remove items that reach the TTL count, if it’s not set to infinity. For example, some items in the fridge have an expiry of ‘n’ days or weeks and some don’t expire. The TTL is set for an item at the very moment when it’s added to the cache.</p>
<p><strong>Statistics</strong>: caches maintain statistics, giving information about the most accessed items, load time penalties, number of times items have been evicted, and more…</p>
<p>So, few ‘caching’ thoughts that apply when thinking of sorting and storing stuff:</p>
<ul>
<li>
<em>Keep your cache empty and fill it as new items are needed.</em> For example, empty your desk at work when a project finishes, and when a new project starts - add items as requested. </li>
<li>
<em>Do cache cleanup from time-to-time or on regular intervals.</em> Revisit and see which items haven’t been used for a long time, and even if there is some free space, remove them. If the TTL of an item has expired, remove it as well.</li>
<li>
<em>Check the statistics.</em> Recall which items you are using and you need the most, so that you don’t run out of them.</li>
</ul>
tag:blog.thisismartin.com,2014:Post/book-oauth-2-dot-0-identity-and-access-management-patterns-is-available-for-purchase2014-02-16T09:01:30-08:002014-02-16T09:01:30-08:00Book "OAuth 2.0 Identity and Access Management Patterns" is available<p>I’m proud to announce that the first book I authored, <a href="https://www.packtpub.com/application-development/oauth-20-identity-and-access-management-patterns">OAuth 2.0 Identity and Access Management Patterns</a>, is out and available for purchase.</p>
<h2 id="background_2">Background <a class="head_anchor" href="#background_2">#</a>
</h2>
<p>OAuth 2 is a protocol with which I had been working with at my day-job on several occasions, so the practical experience and previous research done on this topic was very useful (just to note, I have been working with OpenID and Persona as well). </p>
<p>When the team at Packt Publishing contacted me, I was happy to author a book on this topic.</p>
<h2 id="what-is-the-book-about_2">What is the book about? <a class="head_anchor" href="#what-is-the-book-about_2">#</a>
</h2>
<p>First a short intro on OAuth: We use OAuth every day, for example: I want my Foursquare check-ins to be auto posted on Facebook. So I go in Foursquare and say add Facebook account. Then I am redirected to Facebook where it asks me if I want to approve the application request – where I say yes or no – and then I am redirected back to Foursquare. In this final step, if the decision was yes, Foursquare gets a unique ‘token’ for my Facebook user, and with that one it can post status updates in my name.</p>
<p>So OAuth basically specifies how this protocol of authorization should work and which data is exchanged in the background between the servers and applications. OAuth 2 is in use by all ‘big players’: Google, Amazon, Facebook, LinkedIn, and so on… so the previous question whether it is a hot topic? It may not be the hottest topic at the moment, but it’s a pretty important one.</p>
<p><strong>The book (in short)</strong>: Covers how to implement OAuth 2 in all types of applications, web, client-side, desktop, mobile; explains the protocol in detail and outlines security precautions that should be taken in consideration. Altogether with code examples.</p>
<h2 id="but-aren39t-there-already-books-on-oauth-2_2">But, aren’t there already books on OAuth 2? <a class="head_anchor" href="#but-aren39t-there-already-books-on-oauth-2_2">#</a>
</h2>
<p>Yes there are. What is different about this book:</p>
<ul>
<li>
<strong>The approach to the protocol/framework</strong>: instead of writing a chapter for each authorization flow, there is a chapter for each application type, and then, it is discussed which authorization flow is applicable for that application type, and the flow is covered in detail;</li>
<li>
<strong>The code examples</strong>: each authorization flow is covered with examples, which can run as standalone applications out of the box (the reader just has to insert the token/secret and etc… the needed information is described in a README.txt file for each example and in the book as well);</li>
<li>
<strong>More security considerations</strong>: there are two chapters regarding security: one for general security considerations and precautions that developers have to make - covering all flow scenarios; and one for integrating SAML with OAuth 2. No other OAuth 2.0 book that I know covers this that good.</li>
</ul>
<h2 id="what-do-i-get-as-a-reader_2">What do I get as a reader? <a class="head_anchor" href="#what-do-i-get-as-a-reader_2">#</a>
</h2>
<p>Key features of this book are:</p>
<ul>
<li>Build web, client side, desktop, or server-side secure OAuth 2.0 client applications, by utilizing the appropriate grant flow for the given scenario.
Get to know the OAuth 2’s inner workings and be able to handle and implement various authorization flows with knowledge.</li>
<li>Learn which features OAuth 2 provides regarding security and which precautions should be taken in consideration.</li>
<li>Explore practical code examples, which additionally are executable as standalone applications running on top of Spring MVC.</li>
</ul>
<h2 id="on-which-information-is-the-book-based_2">On which information is the book based? <a class="head_anchor" href="#on-which-information-is-the-book-based_2">#</a>
</h2>
<p>When writing the book I did extensive research on RFC documents that deal with OAuth 2, these are the main ones:</p>
<ul>
<li>
<a href="http://tools.ietf.org/html/rfc6749">OAuth 2.0 spec</a>;</li>
<li>
<a href="http://tools.ietf.org/html/rfc6819">OAuth 2.0 Threat Model and Security Considerations</a>;</li>
<li>
<a href="https://tools.ietf.org/html/rfc6750">The OAuth 2.0 Authorization Framework - Bearer Token Usage</a>;</li>
<li>
<a href="https://tools.ietf.org/html/draft-ietf-oauth-assertions-12">Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants</a>;</li>
<li>
<a href="http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-17">SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants</a>;</li>
</ul>
<h2 id="feedback_2">Feedback <a class="head_anchor" href="#feedback_2">#</a>
</h2>
<p>If you red the book and have a comment or an opinion, let me know! If you found something that you think can be improved in the book, go to Packt’s <a href="https://www.packtpub.com/application-development/oauth-20-identity-and-access-management-patterns">book page</a> and submit errata on the Support section. Thanks!</p>