My First Real AngularJS Project (with Spring REST and Data JPA)

I’ve been playing around with AngularJS since March this year but only in my spare time. So I was thrilled to be able to use AngularJS on an actual real-world project at my day job at the Academic Medical Center in Amsterdam.

So for the last three weeks I’ve been working at a small but nice web site. The web site is a training course catalogue for the nursing education program, which is ordered according to the CanMEDS Framework. Last week I released version 1.0 and next wednesday it will be formally presented to the public during an important conference.

The application is split into a backend with a REST interface and a Single Page frontend that’s basically a master-detail page with some filtering options, and added to it some necessary administration pages. I’ve built the backend of the application with Spring Data JPA, Spring REST, and Spring Security. For the frontend I’d chosen AngularJS and Boostrap 3. Below I will describe some of my experiences from the last couple of weeks.
Continue reading “My First Real AngularJS Project (with Spring REST and Data JPA)”

InterSystems Caché database

The IT landscape at my work – the Academic Medical Center (AMC) in Amsterdam – is about to change dramatically in the next couple of years. We are migrating away from a best-of-breed strategy combined with alot of custom, and mostly inhouse, build software systems, towards the integrated suite of health care software from Epic. Epic’s suite is centered on the Caché database from InterSystems. So when I learned about a free one-day introductory course on Caché I didn’t hesitate to sign up.

So earlier today I attended the workshop at InterSystems Benelux together with a couple of colleagues from the AMC. The day was well organised and provided me with a nice overview and introduction on InterSystems and their products and the Caché database in particular.

I always assumed that the database was an object database but it appears I was mistaken. At its core is something called “globals”. These key-value datastructures are stored internally in multidimensional hierarchical sparse arrays. The globals find their origin in MUMPS, which takes the origin of Caché back to the late sixties! Caché provides SQL and Object API’s built on top of the “Globals”, so you can also use Caché just as if it were a RDBMS or object database, although in essence it’s really more of a NoSQL datastore.

Supposedly, the internals of Caché provide for extremely high performance data access and extremely high transaction data processing. So I’m really curious to find out if – once we’ll have rolled out the Epic system – this claim holds true, and how it compares to the relational databases from the traditional competitors like Oracle and Microsoft.

Gotcha: preserving the ordering in collections when using JPA

This week I was faced with the requirement to store the ordering of a collection from a Java web application to a database. In plain Java, retaining the ordering within a collection is a no-brainer: you just use one of the java.util.List implementations. And saving the order into a database table should be as easy as a couple of INSERT statements in the correct order, right? Well, if you’re using JPA for ORM then it really isn’t that straightforward. As it turns out JPA does not take the ordering of a List into consideration, which imho is a serious design flaw. Forunately, as of version 2.0 a workaround was added to the spec: you can annotate relationships with @OrderColumn.

A very simple RSS reader with AngularJS and Google Feed API

Last year I’ve written a few lines about aggregating feeds with SimplePlie. SimplePie is a nice PHP library but the version I used broke when my hosting provider decided to upgrade the servers to a new PHP version. Although a new version was quickly installed, I found the broken pages to be the perfect motivation to finally do some coding with AngularJS.So after having attended a few workshops about AngularJS, and having read the excellent book by Brad Green and Shyam Seshadri, I finally got around to do some actual work with the framework.

Continue reading “A very simple RSS reader with AngularJS and Google Feed API”

Testing a Wicket application with Selenium IDE

Wicket and Selenium IDE

In development mode, Wicket generates id’s with the wicket namespace prefix. These id’s are dynamic and change everytime a page is rendered. This works fine until you try to record test scripts with Selenium IDE.

What Selenium basically does is use XPath queries against the wicket:id‘s, recording the value of those id’s. But next time around, when you try to playback the test script, it will fail beacuse the values of all of the wicket:id’s have changed.

One possible workaround would be to just use normal HTML id attributes. But this is very laborious and poses limitations on your HTML, CSS, and Javascript code, and also polutes the production code with a lot of unnecessary id attributes.

A more useful solution would be to make use of Wicket’s wicketpath attribute. Continue reading “Testing a Wicket application with Selenium IDE”

Encrypting passwords in Tomcat

Apache TomcatApache Tomcat is by far the most popular (open source) web server and Java servlet container. It has been around for a long time and – at the time of writing this post – has reached version 7.0.29. As Apache rightfully claims on its web site, Tomcat powers numerous large-scale, mission-critical web applications across a diverse range of industries and organizations. Therefore, one might imagine that such a widely used server would out-of-the-box already prove to be very secure .

However, alot of weaknesses in Apache Tomcat stem from incorrect or inappropriate configuration – as is the case not only for Tomcat but for the majority of software products, I would imagine. The OWASP organization has written up a nice document with a lot of best practices and recommendations on how to make Tomcat more secure than the default out-of-the-box installation.

The OWASP document rightfully states that best practices advice us never to store clear text passwords, but that in the case of the server.xml it is very difficult to avoid. In this post, I will try to look into ways to avoid storing clear text password in Tomcat’s files that hopefully will make it less difficult to avoid.
Continue reading “Encrypting passwords in Tomcat”

Integrating Wicket with Wicket Auth/Roles and Spring Security

In this tutorial I describe how you can setup Wicket 1.5 to use Spring Security 3.1 for authentication and Wicket Auth/Roles for authorization.

Spring Security is a very complete and flexible solution for all kinds of security needs. It offers a lot of functionality out-of-the-box and it is quite easy to extend to fit your own custom needs. Visit the Spring Security website ( for more information.

Wicket Auth/Roles makes it easy to annotate components with authorization information. E.g., the @AuthorizeInstantiation configures what roles are allowed to instantiate the annotated component or package, and the @AuthorizeAction annotation controls wether the component is rendered or not based on the roles.

At the and of this tutorial you will have a sample Wicket project that uses Spring Security to look up the user – including roles, full name, etc. -, validate the password, and manage the current user session. Wicket Auth/Roles validates whether the current user has access to a particular page, or even a particular component. Continue reading “Integrating Wicket with Wicket Auth/Roles and Spring Security”