ngImprovedTesting 0.3: improved ModuleBuilder with lots of bug fixes

NOTE: ngImprovedTesting is AngularJS library to make mock testing AngularJS code more easy.
For more information about ngImprovedTesting be sure to read its (updated) introductory blog post.

Just released version 0.3 ngImprovedTesting with a much improved ModuleBuilder.

Prior to 0.3 usage of ngImprovedTesting might be troublesome due to fact that the ModuleBuilder:
Continue reading

Stateless Spring Security Part 3: JWT + Social Authentication

This third and final part in my Stateless Spring Security series is about mixing previous post about JWT token based authentication with spring-social-security. This post directly builds upon it and focusses mostly on the changed parts. The idea is to substitude the username/password based login with “Login with Facebook” functionality based on OAuth 2, but still use the same token based authentication after that.

Login flow

Client-side

The user clicks on the “Login with Facebook” button which is a simple link to “/auth/facebook”, the SocialAuthenticationFilter notices the lack of additional query parameters and triggers a redirect leading the user of your site to Facebook. They login with their username/password and are redirected back, again to “/auth/facebook” but this time with “?code=…&state=…” parameters specified. (If the user previously logged in at facebook and had a cookie set, facebook will even instantly redirect back and no facebook screen is shown at all to the user.) The fun part is that you can follow this in a browsers network log as it’s all done using plain HTTP 302 redirects. (The “Location” header in the HTTP response is used to tell the browser where to go next)

Continue reading

ngImprovedTesting 0.2: adding $q.tick() to improve testing promises

NOTE: Just released version 0.2.2 of ngImprovedTesting to fix issue #6 causing chained promises (i.e. .then(...).then(...)) not to executed by a $q.tick(); also see README of the GitHub repo.

After quite a while I finally got round to creating version 0.2 of ngImprovedTesting.
The ModuleBuilder API is unchanged and still makes mock testing AngularJS code much easier (be sure to read this blog post if you are unfamiliar with ngImprovedTesting).

Version 0.2 of ngImprovedTesting brings you the following interesting improvements:

  • ngModuleIntrospector no longer uses internal AngularJS API.
  • mocks can now also be created manually using the (global) “mockInstance” function.
  • features a more descriptive way of testing promises by adding the tick() method to $q.
  • offers an module called “ngImprovedTesting” to be able to use $q.tick() in your tests without having to use the ModuleBuilder API (which automatically includes the module).

Continue reading

Web-components like AngularJS directives

As you may already know web components consist out of a set of technologies which are combined to create a custom element for use in your HTML markup. The main additions, as described in several blogposts, are HTML imports, Shadow Dom and Templates combined with isolated scripts and styling. (If these concepts are new to you i suggest you read up on web components at WebComponents.org).

This blog post has a living example on plnkr.co.

Continue reading

Stateless Spring Security Part 2: Stateless Authentication

This second part of the Stateless Spring Security series is about exploring means of authentication in a stateless way. If you missed the first part about CSRF you can find it here.

So when talking about Authentication, its all about having the client identify itself to the server in a verifiable manner. Typically this start with the server providing the client with a challenge, like a request to fill in a username / password. Today I want to focus on what happens after passing such initial (manual) challenge and how to deal with automatic re-authentication of futher HTTP requests.

Common approaches

Session Cookie based

The most common approach we probably all know is to use a server generated secret token (Session key) in the form of a JSESSIONID cookie. Initial setup for this is near nothing these days perhaps making you forget you have a choice to make here in the first place. Even without further using this “Session key” to store any other state “in the session”, the key itself is in fact state as well.  I.e. without a shared and persistent storage of these keys, no successful authentication will survive a server reboot or requests being load balanced to another server.

Continue reading

Stateless Spring Security Part 1: Stateless CSRF protection

Today with a RESTful architecture becoming more and more standard it might be worthwhile to spend some time rethinking your current security approaches. Within this small series of blog posts we’ll explore a few relatively new ways of solving web related security issues in a Stateless way. This first entry is about protecting your website against Cross-Site Request Forgery (CSRF).

Recap: What is Cross-Site Request Forgery?

CSRF attacks are based on lingering authentication cookies. After being logged in or otherwise identified as a unique visitor on a site, that site is likely to leave a cookie within the browser. Without explicitly logging out or otherwise removing this cookie, it is likely to remain valid for some time.

Another site can abuse this by having the browser make (Cross-Site) requests to the site under attack. For example including some Javascript to make a POST to “http://siteunderattack.com/changepassword?pw=hacked” will have the browser make that request, attaching any (authentication) cookies still active for that domain to the request!

Continue reading

ngImprovedTesting: mock testing for AngularJS made easy

NOTE: Just released version 0.3 of ngImprovedTesting with lots of bug fixes.
Check out this blog post or the README of the GitHub repo for more info.

Being able to easily test your application is one of the most powerful features that AngularJS offers. All the services, controllers, filters even directives you develop can be fully (unit) tested.

However the learning curve for writing (proper) unit tests tends to be quite steep.
This is mainly because AngularJS doesn’t really offer any high level API’s to ease the unit testing. Instead you are forced to use the same (low level) services that AngularJS uses internally. That means you have to gain in dept knowledge about the internals of $controller, when to $digest and how to use $provide in order to mock these services. Especially mocking out a dependency of controller, filter or another service is too cumbersome.

This blog will show how you would normally create mocks in AngularJS, why its troublesome and finally introduces the new ngImprovedTesting library that makes mock testing much easier. Continue reading

Suggested Parleys Watchlist for Devoxx 2013

This year we attended Devoxx 2013 with a total of 9 JDriven colleagues. After more than a week we finally recovered from a vast amount of great sessions, personal encounters and  ‘some’ Belgian beer. Looking back at Devoxx we had a great conference and like to thank the Devoxx team for making this possible. It was also good to notice that the majority of the sessions are related to subjects that drive us at JDriven, during our daily job and while further developing our expertise and craftsmanship, to name a few: Continuous Delivery, AngularJS, RESTful API’s, Gradle, Groovy, Grails, Java 8, Java EE.

The Devoxx 2013 sessions will be available at Parleys soon, hopefully just before the holidays. To protect you from infobesity we’d like to share our list of must watch sessions with you:

Suugested Parleys Watchlist for Devoxx 2013

Sven Peters – How To Do Kick-Ass Software Development
Sven, a presenter who is just full of energy, tells how software is developed at Atlassian and how they can build great software with even greater pleasure.
He explains how a good team, becomes a kick-ass team. He also mentioned that we as developers are always working to help automate others, but often forget to automate our own work. The presentation contains lots of tips and tricks.

Guillaume Laforge – What Makes Groovy Groovy
A great overview of the various aspects and power of Groovy targeted at Groovy newbies. The presentation contains great code examples, starting with Java code and showing off the Groovy alternatives ending up with less code but exactly the same functionality. A great session and good overview of how Groovy enriches (and improves) Java. Probably not too much news for Groovy experts but for a newbie certainly valuable.

Ben Hale – Designing a REST-ful API using Spring 4
Very good presentation that covered lot’s the concepts of the REST standards (or lack of it) and how to implement this using Spring 4 features and Spring-HATEOAS.

Seth Ladd – Mobile, multi-device, multi-player with HTML5 and Dart
A pretty solid, almost marketing, talk about developing the word game Boggle entirely using Dart. Seth also demonstrates his own recently developed API for offline-enabled browser-based web apps: Lawndart. The application has been developed as set of custom reusable components using polymer.dart (instead of angular.dart).
This presentation gave a great overview of Dart and the initial impression of Dart is very impressive. It certainly creates interest in investigating and playing with Dart.

Paul Sandoz – in full flow: Java 8 lambdas in the stream
A clear overview of the use of the new stream API to declaratively perform actions on lists using lambdas. Also the benefits and pitfalls of using streams in combination with multithreading are explained.

Simon Ritter – Is It A Car? Is It A Computer? No, It’s a Raspberry Pi JavaFX
A very nice session that explained how a Carputer could be made from a RaspberryPI and the risks you introduce when connecting your car with a RaspberryPI.
Using a touch screen connected to the RaspberryPI and an application developed using JavaFX to operate and view the data from the on-board computer.

Tugdual Grall, David Pilato – Elastify your app: from SQL to NoSQL in less than one hour!
Within an hour, a simple application backed by a SQL database is converted to a CouchBase database and then coupled with a Elasticsearch. The steps to take to convert the existing application are clearly explained. After the conversion, the data in the system is visualized using Kibana.

Geert Bevin – Programmers are way cooler than musicians
Geert Bevin presents the Eigenharp, a musical instrument which has been built on a completely different approach from it’s predecessors. Throughout his presentation he shows not only the instrument but also hints at the possibilities one gets if he lets go of “how things are”. An interesting display of thinking outside the box leading to a new design.

Hans Dockter – Gradle for Android and the Rest of the World Conference
Hans illustrated the possibilities and power of Gradle by explaining how the Gradle based build system for Android works. This new build system has been developed as a Gradle plugin by the Google Android team. He also noted that some people see the flexibility of  Gradle as a downside but stated that the opposite is true because you can use the power of Gradle to limit this flexibility. For instance you could fail a build when dependencies from a non whitelisted  repository are used.

This is just our short list ;) but have fun and see you next year @Devoxx!

Understanding and fixing AngularJS directive rendering and parsing

NOTE: This blog post is originally written for AngularJS 1.2.x; in 1.3.x the “input not showing invalid model values” has been fixed.
Although 1.3.x still has the “inconsistencies in how AngularJS parses data entry” the solution from this blog post isn’t working for 1.3.x but I will try to find a fix for this within the next few weeks.

A while ago I noticed that AngularJS doesn’t show invalid model values bound to an <input/>
There is also an open bug report about this: issue #1412 – input not showing invalid model values

The bug can be easily illustrated through the following example:

While running the example displays letters = 1 but the <input/> element remains empty.
Additionally notice that the <input/> element (due some custom CSS styling) has a “red” background to indicate that its value is invalid (since it doesn’t match the regex of ng-pattern).

In this blog post I will dig into how AngularJS handles rendering, parsing and validation and will finally provide a workaround / solution for this AngularJS bug as well as some other improvements.

Continue reading

Easy installation of Karma (Testacular) test runner on Windows

NOTE: this post was written for Karma 0.8 which required a manual installation of PhantomJS.
However this blog post is still relevant for installing the NodeJS and NPM pre-requisites.
As of 0.10 both PhantomJS and Chrome will be automatically installed by the launcher plugins.
Installation instructions for Karma 0.10 can be found here (a “Local installation” is preferred).
Furthermore instructions on how to install plugins (introduced as of 0.10) can be found here.

Recently I decided to switch from the “Jasmine Maven Plugin” (using the Mozilla Rhino JavaScript “emulator”) to the Karma (previously called Testacular) test runner.
The big advantage of Karma opposed to the “Jasmine Maven Plugin” is that it uses actual browsers (like Chrome, Firefox, Safari and even IE) to execute the tests.

This blogpost describes the installation and configuration of Karma on Windows.
Continue reading