I can't choose which security scanner to use. That's already defined by clients.
Maven is not an option. Regards, Rodolfo On Tue, Sep 29, 2020 at 11:03 AM [email protected] <[email protected]> wrote: > Hi Rodolfo, > > thanks for the insight. > > Yes, I think SonarCube is standard tool for the quality of the code today. > > We are using Maven with Sonatype Nexus and use BlackDuck ( > https://www.blackducksoftware.com) for checking all the dependencies... > Sonatype also offers Sonatype Nexus Vulnerability Scanner > <https://www.sonatype.com/appscan> and Nexus Auditor > <https://www.sonatype.com/product-nexus-auditor> for similar purpose. > > Such tools also analyze the compliance for the OSS licenses. > > So you can still use Maven and it's secure. > > [email protected] schrieb am Dienstag, 29. September 2020 um 11:30:22 > UTC+2: > >> Hi, >> >> I don't want a tool to manage dependencies for me because that means I >> may lose clients concerned with security. >> >> I wrote a web app used by a couple of large banks. Each new release must >> pass extensive security tests before deploying. Code must be reviewed using >> SonarQube, dependencies must pass OWASP dependency checks and the test >> server must pass an OWASP ZAP (Zed Attack Proxy) attack. >> >> If Maven or some other tool decides to update one of the selected jars >> used by my project, it can introduce a version marked as a high security >> risk. That's something I can't allow. >> >> Maven can simplify dependency management, but it is a terrible security >> risk. >> >> FWIW, I use Apache ANT for building. It is "old" but works without >> changing project dependencies. >> >> Regards, >> Rodolfo >> >> >> On Tue, Sep 29, 2020 at 5:57 AM [email protected] <[email protected]> >> wrote: >> >>> Ahh, I mean not only "Maven" just a *build tool* like Maven, Gradle, >>> Buildr, Bazel, Ivy or whatever... 😉👍 >>> >>> The main thing we need to *manage the dependencies and versions*. >>> >>> Just putting those Jar files in your project and only depends on IDE >>> dependent plugins won't help in mid term, IMHO. >>> >>> [email protected] schrieb am Dienstag, 29. September 2020 um 09:57:24 >>> UTC+2: >>> >>>> >>>> Lofi, >>>> >>>> https://github.com/pepstock-org/Charba is not using Maven and it's >>>> using Ivy. >>>> >>>> Also I'm not using it for my applications. I had to use it for the >>>> Charba J2CL showcase where I'm leveraging on J2CL maven plugin. >>>> >>>> Il giorno martedì 29 settembre 2020 alle 09:40:22 UTC+2 >>>> [email protected] ha scritto: >>>> >>>>> Actually I don't see any Java apps should work without Maven: >>>>> >>>>> - Why won't you use Maven? At the end everyone has to *manage >>>>> dependencies* / *versions* and today you need such a tool like >>>>> Maven. >>>>> >>>>> Yes, design patterns are language independent. >>>>> >>>>> Did you use pdf.js? And this is actually a very important part of GWT >>>>> / J2CL development. In such a case we should always offer an Open Source >>>>> lib for *JsInterop*, just like *DefinitelyTyped* in TypeScript... I >>>>> found a GWT project for pdf.js but it still using JSNI: >>>>> https://github.com/pandurangpatil/gwt-pdfjs >>>>> >>>>> I think, I'll open a GitHub project for the list of libraries for GWT, >>>>> similar to *DefinitelyTyped but only a link list...* >>>>> >>>>> As you said, if everyone support implementing *JsInterop files for >>>>> JavaScript libs* it will be very easy for Java developers to use them >>>>> and they don't need to write the JsInterop files for x times... >>>>> >>>>> Thanks, >>>>> Lofi >>>>> [email protected] schrieb am Dienstag, 29. September 2020 um 01:06:29 >>>>> UTC+2: >>>>> >>>>>> Hello Lofi, >>>>>> >>>>>> Some loose comments: >>>>>> >>>>>> - Another great advantage I enjoy is that I don't need Maven. Can you >>>>>> rewrite your example _without_ depending on Maven? And without using a >>>>>> library that relies on annotations? >>>>>> >>>>>> - VisualStudio code is great for Java and JavaScript. You can also >>>>>> use Eclipse with Java and JavaScript, but it is not as fast. >>>>>> >>>>>> - Design patterns are language independent. You can use them with >>>>>> Java, TypeScript, C++ or whatever you like. >>>>>> >>>>>> - Although there tons of libraries you can use on the server side, >>>>>> Java has limited options as a client in a browser. For example, in one of >>>>>> my projects I need to display a PDF in the browser and manipulate its >>>>>> text >>>>>> content depending on certain user actions; there aren't Java libraries >>>>>> that >>>>>> can work in the browser and are good enough for the task. >>>>>> >>>>>> Regards, >>>>>> Rodolfo >>>>>> >>>>>> >>>>>> On Mon, Sep 28, 2020 at 7:09 PM [email protected] < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> OK, now I understand you 😉 >>>>>>> >>>>>>> Yes, we always have to separate the Client and the Server part. This >>>>>>> is also GWT best practice. >>>>>>> >>>>>>> But if you are using JavaScript on browser you lose the advantages >>>>>>> like: >>>>>>> >>>>>>> 1. We use *Java* as the language >>>>>>> 2. We have the best *ecosystem* like libraries, frameworks, >>>>>>> build system and IDEs. >>>>>>> 3. We know best design patterns to make our apps maintainable >>>>>>> like Dependency Injection, Mock Testing and many other just take a >>>>>>> look at: >>>>>>> http://bit.ly/DesignPatternsJava >>>>>>> 4. … and if you use Java on the server-side with *Spring >>>>>>> Framework* or *JavaEE* you have *one language* through the whole >>>>>>> stack. So, you could reuse Validation APIs, Business Rules, Business >>>>>>> Model, >>>>>>> etc. from server to client. >>>>>>> >>>>>>> I've built this sample project: >>>>>>> https://github.com/gwtboot/domino-rest-enum-date to show some reuse >>>>>>> for Client and Server and I plan to write more articles on this topic: >>>>>>> Dependency Injection, Mocking Test, Validation API, Business Rules - all >>>>>>> from Server to Client. >>>>>>> >>>>>>> This type of reuse cannot be done if you are using JavaScript / >>>>>>> TypeScript on the web browser... >>>>>>> >>>>>>> Thanks, >>>>>>> Lofi >>>>>>> [email protected] schrieb am Montag, 28. September 2020 um 23:20:23 >>>>>>> UTC+2: >>>>>>> >>>>>>>> If the server part is a Java servlet that handles REST calls, there >>>>>>>> is no need for GWT at all. No need to deal with JSInterop and no need >>>>>>>> to >>>>>>>> deal with annotations, that's cleaner code! >>>>>>>> >>>>>>>> If you have a server that exposes a REST API, you can write the >>>>>>>> client in anything. JavaScript is great in the browser and TypeScript >>>>>>>> improves the coding experience while sharing direct use of JavaScript >>>>>>>> libraries. >>>>>>>> >>>>>>>> Running a Java client in the browser implies extra steps and >>>>>>>> complications. First and foremost, you can't mix Java and JavaScript >>>>>>>> libraries without wasting a lot of time with compatibility layers. >>>>>>>> That is, >>>>>>>> at least for me, the greatest advantage of using JavaScript in the >>>>>>>> browser. >>>>>>>> >>>>>>>> The number of libraries available for JavaScript outnumbers by >>>>>>>> orders of magnitude the available libraries you can use with Java in >>>>>>>> the >>>>>>>> browser. >>>>>>>> >>>>>>>> Java is a very useful language, but it's not the best one for >>>>>>>> writing code that runs in a web browser. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Rodolfo >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Sep 28, 2020 at 5:55 PM [email protected] < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> I'm not sure whether I follow you... what is the difference using >>>>>>>>> Java / GWT + REST and TypeScript + REST... The server part is the >>>>>>>>> same. The >>>>>>>>> web browser part is also the same. The difference is only the >>>>>>>>> language and >>>>>>>>> ecosystem you use on the web browser... >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Lofi >>>>>>>>> >>>>>>>>> [email protected] schrieb am Montag, 28. September 2020 um >>>>>>>>> 18:02:03 UTC+2: >>>>>>>>> >>>>>>>>>> Hi Lofi, >>>>>>>>>> >>>>>>>>>> I once used GWT + Electron + Materialize running with Jetty. That >>>>>>>>>> worked, but after getting rid of GWT the code was much cleaner. >>>>>>>>>> >>>>>>>>>> Class com.sun.net.httpserver.HttpServer is more than enough for >>>>>>>>>> running a Java server with REST interface on the desktop. >>>>>>>>>> >>>>>>>>>> Another advantage of moving away from GWT is that I don't need to >>>>>>>>>> work with JSInterop and things that require annotations in the Java >>>>>>>>>> code. >>>>>>>>>> Creating a REST servlet in plain Java is quite straightforward. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Rodolfo >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Sep 28, 2020 at 12:46 PM [email protected] < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Rodolfo, >>>>>>>>>>> >>>>>>>>>>> thanks a lot for the feedbacks! >>>>>>>>>>> >>>>>>>>>>> TypeScript is not bad. After all it's coming from Anders >>>>>>>>>>> Helsjberg creator of Turbo Pascal, Delphi, VisualJ++, C#. He is a >>>>>>>>>>> great >>>>>>>>>>> language designer... 😉 >>>>>>>>>>> >>>>>>>>>>> But actually you could use GWT to build an Electron app as you >>>>>>>>>>> don't need to have a Java server for the transpiled code... or did >>>>>>>>>>> you have >>>>>>>>>>> something extra? >>>>>>>>>>> *@Frankhossfeld* told me that he has done Electron app with >>>>>>>>>>> GWT, very easy 😉 Maybe he could elaborate here... >>>>>>>>>>> >>>>>>>>>>> I never use GXT but I've used GWTBootstrap3 (Open-Source) and >>>>>>>>>>> actually it was very easy to use, quite the same with using the >>>>>>>>>>> integrated >>>>>>>>>>> GWT widgets. Today Dmitrii has migrated *GWTBootstrap3 to >>>>>>>>>>> Elemental2* (https://github.com/treblereel/gwtbootstrap3). And >>>>>>>>>>> the cool thing is that for the app devs, it doesn't change >>>>>>>>>>> anything. You >>>>>>>>>>> could use the same components and nothing has changed, only deep in >>>>>>>>>>> the >>>>>>>>>>> framework itself it uses Elemental2 instead the older technology... >>>>>>>>>>> Maybe >>>>>>>>>>> *@Dmitrii* could elaborate this... >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Lofi >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> [email protected] schrieb am Montag, 28. September 2020 um >>>>>>>>>>> 12:36:03 UTC+2: >>>>>>>>>>> >>>>>>>>>>>> Hello Lofi, >>>>>>>>>>>> >>>>>>>>>>>> Java + GWT + GXT + Eclipse was my main toolkit for over a >>>>>>>>>>>> decade. When Sencha went crazy with the price of license renewals, >>>>>>>>>>>> I >>>>>>>>>>>> started looking for alternatives. >>>>>>>>>>>> >>>>>>>>>>>> Today my toolkit has changed to Java for backend/server side, >>>>>>>>>>>> TypeScript for client side and Visual Studio Code for code >>>>>>>>>>>> development. >>>>>>>>>>>> Communication between Java server and TypeScript UI is handled via >>>>>>>>>>>> REST >>>>>>>>>>>> interface. >>>>>>>>>>>> >>>>>>>>>>>> Now I'm free to choose any UI style I like, my code has >>>>>>>>>>>> simplified a lot and there is a clearer separation between server >>>>>>>>>>>> and >>>>>>>>>>>> client code. There are no license costs and I don't have to deal >>>>>>>>>>>> with GWT >>>>>>>>>>>> and GXT, except for an old project I still have to maintain. >>>>>>>>>>>> >>>>>>>>>>>> The switch to JavaScript/TypeScript gave me a huge advantage: >>>>>>>>>>>> now I can use ElectronJS to create cross-platform desktop apps >>>>>>>>>>>> that are >>>>>>>>>>>> actually web apps running on a local Java server. >>>>>>>>>>>> >>>>>>>>>>>> I don't regret moving away from GWT + GXT. Actually, I'm quite >>>>>>>>>>>> happy with the refreshed coding experience. >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> Rodolfo M. Raya >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Sep 24, 2020 at 4:02 PM [email protected] < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> I would like to know, what are the *obstacles* for you as *Java >>>>>>>>>>>>> developers* not using *Java as programming language for >>>>>>>>>>>>> writing Web browser apps*. Web browser apps are client-side >>>>>>>>>>>>> and *not server-side* Web apps. >>>>>>>>>>>>> >>>>>>>>>>>>> - Open discussion at >>>>>>>>>>>>> https://bit.ly/HackerNewsTypeScriptJavaGWT >>>>>>>>>>>>> - Article at https://bit.ly/TypeScriptVsJavaGWT >>>>>>>>>>>>> >>>>>>>>>>>>> I would like to know from you... Java developers... >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, Lofi >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>> Google Groups "GWT Users" group. >>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>>> https://groups.google.com/d/msgid/google-web-toolkit/b099f262-5a83-4a1e-83d8-5cc6ef336e53n%40googlegroups.com >>>>>>>>>>>>> <https://groups.google.com/d/msgid/google-web-toolkit/b099f262-5a83-4a1e-83d8-5cc6ef336e53n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>>>>> . >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "GWT Users" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/d/msgid/google-web-toolkit/8dc3253a-a818-49b1-8e63-65492fb39d90n%40googlegroups.com >>>>>>>>>>> <https://groups.google.com/d/msgid/google-web-toolkit/8dc3253a-a818-49b1-8e63-65492fb39d90n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Rodolfo M. Raya <[email protected]> >>>>>>>>>> http://www.maxprograms.com >>>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "GWT Users" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> >>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/google-web-toolkit/01f21223-57f0-472b-831f-a213478d426en%40googlegroups.com >>>>>>>>> <https://groups.google.com/d/msgid/google-web-toolkit/01f21223-57f0-472b-831f-a213478d426en%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rodolfo M. Raya <[email protected]> >>>>>>>> http://www.maxprograms.com >>>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "GWT Users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> >>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/google-web-toolkit/06eaa3dd-33bf-4545-8e85-6b22d3e3f595n%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/google-web-toolkit/06eaa3dd-33bf-4545-8e85-6b22d3e3f595n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Rodolfo M. Raya <[email protected]> >>>>>> http://www.maxprograms.com >>>>>> >>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "GWT Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/google-web-toolkit/887eea2e-3d0a-465e-94c6-e855e0e80e2bn%40googlegroups.com >>> <https://groups.google.com/d/msgid/google-web-toolkit/887eea2e-3d0a-465e-94c6-e855e0e80e2bn%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> Rodolfo M. Raya <[email protected]> >> http://www.maxprograms.com >> > -- > You received this message because you are subscribed to the Google Groups > "GWT Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/google-web-toolkit/194c697d-c90a-4e17-8e92-36bd16a3e2ean%40googlegroups.com > <https://groups.google.com/d/msgid/google-web-toolkit/194c697d-c90a-4e17-8e92-36bd16a3e2ean%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Rodolfo M. Raya <[email protected]> http://www.maxprograms.com -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/CALr%2Bh%2BuxZXJgd%3Dmc%3DVfRUWvaQARZ%3DNBWvjVATphvXpDmyfNQcw%40mail.gmail.com.
