Errai: The browser as a platform

Wednesday, August 13, 2014

Errai 3.1.0.CR1, 3.0.2.Final and 2.4.5.Final released!

Today we're happy to announce three new Errai releases!

Errai 3.0.2.Final and 2.4.5.Final are maintenance releases containing fixes to all reported problems. 3.0.2.Final also contains significant performance improvements for development mode. Browser refreshes to load changes should be significantly faster on average due to a newly introduced caching mechanism and several classpath scanning optimizations.

Errai 3.1.0.CR1 contains all the same fixes and improvements as well as number of new features requested in our forums.
  • Support for JSR-356 WebSockets: ErraiBus can now leverage JSR-356 WebSocket support when available (i.e. in WildFly 8.0 or higher). Check out our reference guide for details. Thanks to Michel Werren for the pull requests!
  • Built-in offline manifest linker: Errai now provides an offline linker to generate HTML5 cache manifest files at compile time.
  • PushState support in Errai Navigation: Errai Navigation can now optionally leverage HTML5 pushState (using Johannes Barop's great GWT library). This allows for more flexibility when designing your page URLs (i.e. you can now make use of path parameters).
  • Errai Security Enhancements: Errai Security now has a Keycloak integration module for SSO support and allows for fine-grained authorization rules.

The last item deserves more details. So, here they are, provided by Max Barkley who also did most of the implementation work:

Errai Security provides a uniform, declarative syntax for securing RPC Services, Messaging Services, Navigation Pages, and UI elements (you can read more here). We've listened to your feedback and have some new features in Errai Security.

Fine-Grained Authorization with Custom Roles

In Errai 3.0, roles must be specified as String constants. In Errai 3.1, it is now possible to define a RequiredRolesProvider that can return your custom implementation of the Role interface. By overriding the equals and hashcode methods with your own role matching logic, it is now possible to create more fine-grained authorization rules.

Here is an example two RPC Services that both require the same roles, but one uses the String role syntax while the other uses a RequiredRolesProvider:

Note that implementations RequiredRolesProvider will be looked up through the bean manager, so they can inject dependencies and use other IOC features.

Keycloak SSO Integration

JBoss Keycloak is a framework that makes Single Sign On (SSO) and Social Media logins a walk in the park. In Errai 3.1, Errai Security has a keycloak module that provides an implementation of the AuthenticationService that can accept logins from Keycloak.

The best part is that you can still use this feature with the PicketLinkAuthenticationService (or your own custom implementation) if you want to also allow logins from your own database. When added to the classpath, the KeycloakAuthenticationService will wrap any other AuthenticationService it finds. This way, you can either direct your users to a Keycloak server for SSO, or call the AuthenticationService.login method to log in through an alternate service.

You can read about configuring Keycloak with your app here, or follow this README to see it in action with the Errai Security demo.

Happy coding and please keep the feedback and feature requests coming!

No comments:

Post a Comment