More action with Struts 2
In a recent review of Struts 2 in Action, JW Blogger Oleg Mikheev notes that Struts 2 is "just a collection of extensions built upon WebWork, which is ultimately the right thing to learn before starting a Struts 2 project." While Struts 2 has some architectural flaws, Oleg calls WebWork well-designed, well-tested, and reliable. What are your experiences using Struts 2 and WebWork?

Also see "Hello World the WebWork way," a JavaWorld excerpt from WebWork in Action, by Patrick Lightbody and Jason Carreira.

Newsletter sign-up

Sign up for our technology specific newsletters.

Enterprise Java
View all newsletters
Email Address:
JavaWorld.com > Java Development Tools >

Product Snapshot: Phaos Liberty Toolkit

Phaos Technology banks on the Liberty Alliance Project

JavaWorld.com, 11/08/02

November 8, 2002 — With its recent release of the Phaos Liberty Toolkit 2.0, Phaos Technology continues to demonstrate its commitment to the Liberty Alliance Project's vision of network identity. Version 2.0 follows the Phaos Liberty SDK, which the company launched earlier this year. Phaos's latest release introduces the industry's first toolkit for implementing the Liberty Alliance Project's initial set of specifications—Liberty Alliance Version 1.0, released in July—that enables opt-in account linking and simplified sign-on functionality across systems. The Liberty Alliance Project, a consortium of more than 95 technology and consumer organizations, seeks to establish an open standard for federated network identity.

The Phaos Liberty Toolkit helps Java developers build applications that allow single sign-on, support integrated enterprise authentication schemes, and enable migration from legacy systems to Web services. Version 2.0 extends the Phaos Liberty SDK with an integrated security library. The toolkit provides integrated XML digital signatures and XML encryption, and works with any XML parser.

Phaos has modeled its toolkit's APIs after Sun Microsystems' Java API for XML Parsing 1.1 conventions and the W3C (World Wide Web Consortium) Document Object Model 2. "So anyone familiar with programming in Java with the JAXP APIs or with the DOM conventions and idiom should find our APIs very familiar and easy to get up to speed with," says Ari Kermaier, senior software engineer at Phaos Technology and the toolkit's architect.

The tool does not manage the interactions between entities in a Liberty infrastructure, continues Kermaier. "We're trying to provide a more flexible approach for our customers, instead of forcing them to implement a monolithic Liberty infrastructure in one go and forcing all their business models to fit it," he says. "We've allowed our customers to roll their own message interactions so they can build this system into their e-business processes in an incremental fashion."

With the exception of Sun—who has introduced Interoperability Prototype for Liberty, a validation solution—Phaos Technology currently is the only vendor that has officially released a Liberty-based toolkit. Other vendors including NeuStar, Novell, and RSA Security have announced plans to support the Liberty Alliance Project and are expected to release products in the coming months, which is good news for developers.

As Pete Lindstrom, research director at Spire Security, explains, security toolkits, such as Phaos's offering, are generally better than developers' home-grown solutions. "The do-it-yourself mentality has put us into the position that we're in today, with security vulnerabilities run rampant," he says. "Even the pros, Microsoft, for example, are not good at building security into applications. There are too many problems with it. The toolkit takes the problems away from the developer. It also standardizes your approach to security across applications and allows you to deal with new specifications and standards coming out in the industry."

Resources