Friday, December 08, 2006


J2EE Wannabee

Recently I had a discussion with someone trying to focus on J2EE security, as I am. In his project they proposed this wonderful new J2EE AOP security architecture that made me freeze over my beer for 30 seconds (we were sitting in a bar, hence the beer). As all team members on this project are very new to J2EE, including this person with whom I had some beers, nobody really notices what the fuck they were about to create: the perfect J2EE wannabees. To pass a SAML assertion for authentication, they were going to create an EJB3 interceptor. They all notices this is J2EE AOP, which probably is why it felt as a good thing to do. This interceptor should check on every method's first parameter. And if it's of the SAML class whatever fuck-type, they would check the content, which is their lovely SAML assertion and thus this would drive their security. If that isn't a great invention for .NET-ers to come up with I don't now.

Such scenarios are a serious threat to J2EE freelancers. Since EJB3, the learning curve has lowered that much, that newbies can learn J2EE within a few months. At least, that's what they thing, while actually they're screwing up projects as hard as they did within .NET, leaving behind a non-positive view over J2EE with their project managers. And this is where I get upset about, since it directly impacts my possible project assignments as freelancer.

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?