This article discusses the foundational code construct called Domain Primitive. Domain Primitives are the smallest building block in your domain model, and a key concept to understand for creating code that is Secure by Design. If you want to, you can save 37% off Secure by Design with code fccsecure at manning.com. |
sôft'wâr'
Bits and pieces from the world of software development
September 21, 2017
Domain Primitives - the key to creating secure code
This article is an excerpt of topics discussed in the book Secure by Design that I'm currently writing together with Dan Bergh-Johnsson and Daniel Deogun.
May 9, 2017
Entities and Security: identity matters
This article is an excerpt of topics discussed in the book Secure by Design that I'm currently writing together with Dan Bergh-Johnsson and Daniel Deogun.
This article discusses the properties of the model objects known as entities and how they function inside the domain model. Knowing about fundamental Domain Driven Design (DDD) concepts such as entities is a great way to start your Secure by Design journey – here is what you need to know to be ready to dive in. If you want to, you can save 37% off Secure by Design with code fccsecure at manning.com. |
Entities
Each part of your domain model has certain characteristics and a certain meaning. Entities are one type of model object with distinct properties. What makes an entity special is that:- It has an identity that defines it and makes it distinguishable from others.
- It has an identity which is consistent during its lifecycle.
- It can contain other objects, such as other entities or value objects.
- It’s responsible for the coordination of operations on the objects it owns.
Labels:
DDD,
Domain-Driven Design,
Entities,
Secure by Design,
Security,
Software Security
January 17, 2017
New Book: Secure by Design - now in early access program
The blog posts have been sparse but I've still been writing a lot lately.
After years of thoughts, discussions, and trying out ideas in real projects, we decided to formalize our views on software security in the form of a book. A privilege to write a book together with such great co-authors as Dan Bergh-Johnsson and Daniel Deogun.
After years of thoughts, discussions, and trying out ideas in real projects, we decided to formalize our views on software security in the form of a book. A privilege to write a book together with such great co-authors as Dan Bergh-Johnsson and Daniel Deogun.
Today is a big day because the first early drafts of the book is now released to the public through the Manning ”early access program” (MEAP). We still have a long way to go, and a lot of hard work ahead of us, but I'm confident it'll turn out just as good as we hope - or better.
If you’re interested in reading a book in-the-making, or just want to ’pre-order’ the finished book, you can get it for 50% off until January 24 (2017) if you use the discount code "mljohnsson" (all formats)
If you’re interested in reading a book in-the-making, or just want to ’pre-order’ the finished book, you can get it for 50% off until January 24 (2017) if you use the discount code "mljohnsson" (all formats)
June 26, 2015
Continuous Delivery and Conway's Law
The challenges of continuous delivery
Continuous Delivery is more and more becoming a mainstream practice in how to create and deliver software. The reason for this are the numerous benefits this practice will have on the business as a whole. But as with most other things there is no free lunch and these benefits do not come without a price. An example of this is the fact that there are many challenges you may face when trying to implement continuous delivery in an existing organization. My colleague Daniel Deogun and I have spent quite a lot of time working with implementing continuous delivery practices within organizations. And in doing so we started to notice some reoccurring patterns among the challenges that organizations run into when moving towards continuous delivery.March 25, 2015
Custom accessors with IntelliJ's new code generation features
The problem with getters
If you know your Java history, you will also be familiar with the naming conventions for accessors and mutators that was introduced, and defined, by the JavaBeans specification. (i.e. the good ol' getters and setters) This naming convention became more or less a de facto convention for accessor and mutator methods in Java. Even for objects that had no intentions whatsoever to be a java bean.And because it was such a widespread naming convention many frameworks and libraries started to rely on that convention in order to provide useful features. Luckily, many of the popular frameworks and libraries that are used today no longer require these naming conventions in order to function.
That means that today it is perfectly fine to write code like
person.name()
if it makes more sense to you and you will not be forced to write person.getName()
just in order to get your tooling to work.
Labels:
Clean Code,
IntelliJ,
Java,
Productivity
April 17, 2014
Clean code - why it matters
Well designed and thought through code is something every software professional should take seriously as it is an enabler for so many important properties of software design. It will help you in areas such as testability, maintainability, modularity, sustainability, readability, security, time-to-market and so on. The list of positive side effects of creating well designed code is neverending.
If you are new to the term clean code, then Bob Martin's book Clean Code is a good place to start to get an inroduction to what it means. In his book, Bob Martin shows many examples of what clean code can look like and you may not agree with all of them but the importance is to understand the overall concept and purpose of the term. Other areas to explore in terms of code design is domain driven design (DDD) and test driven development (TDD).
In my view, well designed code is the foundation of everything that we do as software professionals. All contemporary best practices that we apply daily are dependent of well designed and expressive code. Whether it be TDD, DDD, domain driven security, continuous integration, scalability and so on. A poorly designed code base that is nothing more than a big mess of code will never enable you to succeed in any best-practice, at all. Period. This may sound a bit harsh but in the long run I really do believe that well designed code is the base for everything else.
If you are new to the term clean code, then Bob Martin's book Clean Code is a good place to start to get an inroduction to what it means. In his book, Bob Martin shows many examples of what clean code can look like and you may not agree with all of them but the importance is to understand the overall concept and purpose of the term. Other areas to explore in terms of code design is domain driven design (DDD) and test driven development (TDD).
In my view, well designed code is the foundation of everything that we do as software professionals. All contemporary best practices that we apply daily are dependent of well designed and expressive code. Whether it be TDD, DDD, domain driven security, continuous integration, scalability and so on. A poorly designed code base that is nothing more than a big mess of code will never enable you to succeed in any best-practice, at all. Period. This may sound a bit harsh but in the long run I really do believe that well designed code is the base for everything else.
Labels:
Clean Code,
Java,
Modeling
June 11, 2013
MapReduce made simple with Akka
As you probably already know, Akka can make your life a lot easier when it comes to things like concurrency and scalability. A very typical use case for starting to use Akka is when you have a computation or algorithm of some sort that lends itself to parallelizing. Implementing that with just core Java is cumbersome, error prone and it will feel like you are reinventing the wheel every time you do it. Akka will, for example, enable you to take advantage of all the cores in your CPU, or maybe even the CPUs of several machines, without having to worry about the evils of things like threads, lock, semaphores etc., and not to mention the hassle of trying to distribute the computations.
Labels:
Akka,
Concurrency,
Java
February 12, 2013
Java-based configuration in Spring - An introduction
If you have not started using Java-based configuration in your Spring projects you really should take a look at it since it is a very valuable tool to master. Java-based configuration has been supported right out of the box since Spring 3.0 so it has become quite complete by now. (with the stable release being 3.2.x at the time of writing this post)
Personally, I have found that I hardly ever use any XML configuration files in Spring projects that I create nowadays. And as a side note, if I am also able to use an application server that supports Servlet 3.0 I can even get rid of my web.xml file. Thus eliminating a big part of the XML-based configuration usually needed.
Ok, but why? You might ask. Well, if you think about it there are a lot of benefits of having your configuration in code instead of in XML.
Personally, I have found that I hardly ever use any XML configuration files in Spring projects that I create nowadays. And as a side note, if I am also able to use an application server that supports Servlet 3.0 I can even get rid of my web.xml file. Thus eliminating a big part of the XML-based configuration usually needed.
Ok, but why? You might ask. Well, if you think about it there are a lot of benefits of having your configuration in code instead of in XML.
Labels:
Java,
Spring,
Spring MVC,
XML
Subscribe to:
Posts (Atom)