Java Shots 2 : Intellij IDEA IDE, Eclipse Orion, Grails Data Binding Vulnerability

 
Apr 03, 2012
March 25 - April 3, 2012

by Brian Kotek

Tidbits and news from the Java world

Intellij IDEA IDE

Version 11.1 of the Intellij IDEA IDE was just released. In many ways, IDEA is superior to Eclipse, particularly for Java, Groovy, and JavaScript development. On a less tangible level, IDEA just feels more whole because one company is handling the majority of its features. This contrasts with the disjointed impression that Eclipse can give due to the fact that most plugins are created by separate groups. IDEA is also the foundation for all of the other JetBrains IDEs, including WebStorm. This new version fixes a number of existing bugs, and adds support for SVN 1.7, improved Git integration, Hibernate 4.x, and many built-in Android development features. The Ultimate version requires a paid license, but the community version is free and includes many (but not all) of the capabilities of the Ultimate version. That said, in my opinion the $199 Ultimate license is worth every penny. Even better, until April 16, you can buy a personal license for the Ultimate edition for only $139.

Eclipse Orion

The Eclipse foundation still has a few tricks up its collective sleeve, though. They are hard at work on an IDE called Orion. What makes this tool different is the fact that it is entirely web-based. It's written in JavaScript and is geared specifically for building HTML and JavaScript applications. At first glance this might not make much sense; why have a web-based IDE at all? But if you dig deeper, there are actually some compelling advantages. For one thing, there's really nothing to install. Unlike a desktop IDE, there's nothing to update or maintain. And finally, if you're building an HTML and JavaScript app, what better preview and execution engine is there than the web browser itself? The final 1.0 version is still a few months away, but you can sign up for the beta at the Orion site.

Cloud Foundry for Eclipse

SpringSource has released version 1.0 of their Cloud Foundry tools for Eclipse. Cloud Foundry is an open source PaaS (Platform as a Service) offering. You can think of it as a layer of abstraction on top of the various cloud computing platforms. It supports a range of languages (Java, Groovy, Ruby, Node.js, etc.) and frameworks (Spring, Grails, etc.) As a quick example, you can set up an app, then provision a VM and push the app directly to the cloud. If the app requires, say, MySQL, you just specify that and a MySQL instance is automatically created and bound to your application. Even better, even if your application is 5 Mb in size, the tools might only upload 10k to the VM in the cloud. It can do this because a lot of your app is probably common code like the Spring libraries or Hibernate. Cloud Foundry creates a cloud-wide cache of these common libraries so it doesn't need to push them with your app. The other big benefit is that Cloud Foundry is "cloud-agnostic", meaning you can push to their servers, Amazon Web Services, OpenStack, or several other providers. You can also run your app in a local Micro Cloud Foundry VM, or choose to run it normally and not in a VM at all.

EOL of Java 6

Be aware that in November of 2012, Java SE 6 will be designated as EOL (End of Life) and receive no further public support or fixes. So if you have not started planning to switch over to Java 7, you'll want to begin that process.

Grails Data Binding Vulnerability

A critical security vulnerability was recently discovered in Grails. The exploit only affects applications that use Grails parameter binding to push property values into a command or domain class, *and* where that object also has injected dependencies from the Spring application context. The exploit has been fixed in Grails 1.3.8 (for 1.x users) and 2.0.2 (for 2.x users). Even if you don't think this exploit applies to your application, the smart thing is to update to the latest version just to be safe.


Brian Kotek is an Associate at Booz Allen Hamilton. He's been developing applications for over 14 years, using ColdFusion, Flex, Java, Groovy, C#, and other technologies for a range of government and commercial clients.



Add a Comment
(If you subscribe, any new posts to this thread will be sent to your email address.)
  
Privacy | FAQ | Site Map | About | Guidelines | Contact | Advertising | What is ColdFusion?
House of Fusion | ColdFusion Jobs | Blog of Fusion | AHP Hosting