You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian Glazer.Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.About the TechnologyThink of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.About the BookOAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.What's InsideCovers OAuth 2 protocol and designAuthorization with OAuth 2OpenID Connect and User-Managed AccessImplementation risksJOSE, introspection, revocation, and registrationProtecting and accessing REST APIsAbout the ReaderReaders need basic programming skills and knowledge of HTTP and JSON.About the AuthorJustin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.Table of ContentsPart 1 - First stepsWhat is OAuth 2.0 and why should you care?The OAuth dance Part 2 - Building an OAuth 2 environmentBuilding a simple OAuth clientBuilding a simple OAuth protected resourceBuilding a simple OAuth authorization serverOAuth 2.0 in the real world Part 3 - OAuth 2 implementation and vulnerabilitiesCommon client vulnerabilitiesCommon protected resources vulnerabilitiesCommon authorization server vulnerabilitiesCommon OAuth token vulnerabilities Part 4 - Taking OAuth furtherOAuth tokensDynamic client registrationUser authentication with OAuth 2.0Protocols and profiles using OAuth 2.0Beyond bearer tokensSummary and conclusions

    Now you can get in on the action as well. This book describes metaprogramming as an essential component of Ruby. Once you understand the principles of Ruby, including the object model, scopes, and eigenclasses, you're on your way to applying metaprogramming both in your daily work and in your fun, after-hours projects. Learning metaprogramming doesn't have to be difficult or boring. By taking you on a Monday-through-Friday workweek adventure with a pair of programmers, Paolo Perrotta helps make mastering the art of metaprogramming both straightforward and entertaining. The book is packed with:Pragmatic examples of metaprogramming in action, many of which come straight from popular libraries or frameworks, such as Rails. Programming challenges that let you experiment and play with some of the most fun, "out-there" metaprogramming concepts. Metaprogramming spells--34 practical recipes and idioms that you can study and apply right now, to write code that is sure to impress. Whether you're a Ruby apprentice on the path to mastering the language or a Ruby wiz in search of new tips, this book is for you.

    As a modern application developer you need to understand the emerging field of data management, both RDBMS and NoSQL. Seven Databases in Seven Weeks takes you on a tour of some of the hottest open source databases today. In the tradition of Bruce A. Tate's Seven Languages in Seven Weeks, this book goes beyond your basic tutorial to explore the essential concepts at the core each technology. Redis, Neo4J, CouchDB, MongoDB, HBase, Riak and Postgres. With each database, you'll tackle a real-world data problem that highlights the concepts and features that make it shine. You'll explore the five data models employed by these databases-relational, key/value, columnar, document and graph-and which kinds of problems are best suited to each. You'll learn how MongoDB and CouchDB are strikingly different, and discover the Dynamo heritage at the heart of Riak. Make your applications faster with Redis and more connected with Neo4J. Use MapReduce to solve Big Data problems. Build clusters of servers using scalable services like Amazon's Elastic Compute Cloud (EC2). Discover the CAP theorem and its implications for your distributed data. Understand the tradeoffs between consistency and availability, and when you can use them to your advantage. Use multiple databases in concert to create a platform that's more than the sum of its parts, or find one that meets all your needs at once.Seven Databases in Seven Weeks will take you on a deep dive into each of the databases, their strengths and weaknesses, and how to choose the ones that fit your needs.What You Need: To get the most of of this book you'll have to follow along, and that means you'll need a *nix shell (Mac OSX or Linux preferred, Windows users will need Cygwin), and Java 6 (or greater) and Ruby 1.8.7 (or greater). Each chapter will list the downloads required for that database.

    It took the open source world by storm since its inception in 2005, and is used by small development shops and giants like Google, Red Hat, and IBM, and of course many open source projects.A book by Git experts to turn you into a Git expert. Introduces the world of distributed version control Shows how to build a Git development workflow.

    Frustrated by the lack of well-written essays on software engineering, Joel Spolsky (of www.joelonsoftware.com fame) has put together a collection of his favorite writings on the topic.With a nod to both the serious and funny sides of technical writing, The Best Software Writing I: Selected and Introduced by Joel Spolsky is an entertaining read and a guide to the technical writing literati.The Best Software Writing I contains writings from:Ken Arnold Leon Bambrick Michael Bean Rory Blyth Adam Bosworth danah boyd Raymond Chen Kevin Cheng and Tom Chi Cory Doctorow ea_spouse Bruce Eckel Paul Ford Paul Graham John Gruber Gregor Hohpe Ron Jeffries Eric Johnson Eric Lippert Michael Lopp Larry Osterman Mary Poppendieck Rick Schaut Aaron Swartz Clay Shirky Eric Sink why the lucky stiff

    It also contains the easy to follow instructions on how to analyze and compute the structural design of critical building parts such as: reinforced concrete slabs, beams, columns and footings. There are also simple designs and floor plans for a variety of building types to be found in this book.BUILDING DESIGN AND CONSTRUCTION should be of interest to architects, engineers, contractors, developers and allied professionals who are engaged in building design, planning and construction. Students and graduates reviewing for the board examinations for architects and engineers would find in this book valuable practical knowledge to supplement the theories learned in their classrooms.Project owners studying this book would appreciate and get a clear understanding of how their envisioned pet project, which sprang only from a mere idea - is transformed slowly step-by-step - into concrete form.Explanations and instructions in BUILDING DESIGN AND CONSTRUCTION are conveyed in direct and simple language for easy understanding even by the layman. Plans and drawings are clearly presented, to be easily interpreted by construction workers.

    Even though most engineers don't think much about them, this short book shows you why logs are worthy of your attention.Based on his popular blog posts, LinkedIn principal engineer Jay Kreps shows you how logs work in distributed systems, and then delivers practical applications of these concepts in a variety of common uses--data integration, enterprise architecture, real-time stream processing, data system design, and abstract computing models.Go ahead and take the plunge with logs; you're going love them.Learn how logs are used for programmatic access in databases and distributed systemsDiscover solutions to the huge data integration problem when more data of more varieties meet more systemsUnderstand why logs are at the heart of real-time stream processingLearn the role of a log in the internals of online data systemsExplore how Jay Kreps applies these ideas to his own work on data infrastructure systems at LinkedIn

    JPA provides Java developers with both the knowledge and insight needed to write Java applications that access relational databases through JPA.Authors Mike Keith and Merrick Schincariol take a hands-on approach to teaching by giving examples to illustrate each concept of the API and showing how it is used in practice.All of the examples use a common model from an overriding sample application, giving readers a context from which to start and helping them to understand the examples within an already familiar domain.After completing the book, you will have a full understanding and be able to successfully code applications using JPA. The book also serves as a reference guide during initial and later JPA application experiences.Hands-on examples for all the aspects of the JPA specification, based on the reference implementation of this specification A special section on migration to JPA Expert insight about various aspects of the API and when they are useful Portability hints to provide increased awareness of the potential for non-portable JPA code

    On the other hand, if you're not well versed in the theory, you can fall into several traps. In SQL and Relational Theory, author C.J. Date demonstrates how you can apply relational theory directly to your use of SQL. With numerous examples and clear explanations of the reasoning behind them, you'll learn how to deal with common SQL dilemmas, such as:Should database access granted be through views instead of base tables? Nulls in your database are causing you to get wrong answers. Why? What can you do about it? Could you write an SQL query to find employees who have never been in the same department for more than six months at a time? SQL supports "quantified comparisons," but they're better avoided. Why? How do you avoid them? Constraints are crucially important, but most SQL products don't support them properly. What can you do to resolve this situation? Database theory and practice have evolved since Edgar Codd originally defined the relational model back in 1969. Independent of any SQL products, SQL and Relational Theory draws on decades of research to present the most up-to-date treatment of the material available anywhere. Anyone with a modest to advanced background in SQL will benefit from the many insights in this book.

    This is why it is imperative to build systems that are flexible and can adapt to changing requirements, both expected and (more often) unexpected. That is why I've written this book.From 2009 to 2014, I traveled the world working with software developers, both individually and in teams, to improve their craft. Primarily, I did this through a training workshop format called coderetreat. Over those years, I had the opportunity to watch 1000's of pairs of programmers work on exactly the same system, Conway's Game of Life. As time progressed, I began to see patterns arise. I noticed common techniques and designs that spanned languages and companies and crossed national borders.As co-founder and a facilitator of coderetreat workshops, I had the unique opportunity to provide feedback, both direct and through questions, on improving the act of writing adaptable, simple code. Through the day, we worked on improving our ability to make good choices around the minute-by-minute decisions made while writing code.This book is about those things I learned from watching these 1000's of pairs working on the same problem. It contains a large part of the feedback that I provide during a typical coderetreat. The primary focus is on the thought process behind refactoring, and how that is influenced by the 4 rules of simple design.This book is not about Conway's Game of Life. Instead, it uses its domain as a backdrop to discuss the thoughts and ideas behind the 4 rules of simple design. It focuses on the small decisions made while designing your code with the goal of building robust, adaptable codebases that can stand the test of time.

    They go far beyond generic implementation guidelines, demonstrating exactly how to make lean work in real projects, environments, and companies.The Poppendiecks organize this book around the crucial concept of frames, the unspoken mental constructs that shape our perspectives and control our behavior in ways we rarely notice. For software leaders and team members, some frames lead to long-term failure, while others offer a strong foundation for success. Drawing on decades of experience, the authors present twenty-four frames that offer a coherent, complete framework for leading lean software development. You'll discover powerful new ways to act as competency leader, product champion, improvement mentor, front-line leader, and even visionary.Systems thinking: focusing on customers, bringing predictability to demand, and revamping policies that cause inefficiency Technical excellence: implementing low-dependency architectures, TDD, and evolutionary development processes, and promoting deeper developer expertise Reliable delivery: managing your biggest risks more effectively, and optimizing both workflow and schedules Relentless improvement: seeing problems, solving problems, sharing the knowledge Great people: finding and growing professionals with purpose, passion, persistence, and pride Aligned leaders: getting your entire leadership team on the same page From the world's number one experts in Lean software development, Leading Lean Software Development will be indispensable to everyone who wants to transform the promise of lean into reality--in enterprise IT and software companies alike.

    But which claims are verifiable, and which are merely wishful thinking? In this book, leading thinkers such as Steve McConnell, Barry Boehm, and Barbara Kitchenham offer essays that uncover the truth and unmask myths commonly held among the software development community. Their insights may surprise you.Are some programmers really ten times more productive than others?Does writing tests first help you develop better code faster?Can code metrics predict the number of bugs in a piece of software?Do design patterns actually make better software?What effect does personality have on pair programming?What matters more: how far apart people are geographically, or how far apart they are in the org chart?Contributors include:Jorge Aranda Tom Ball Victor R. Basili Andrew Begel Christian Bird Barry Boehm Marcelo Cataldo Steven Clarke Jason Cohen Robert DeLine Madeline Diep Hakan Erdogmus Michael Godfrey Mark Guzdial Jo E. Hannay Ahmed E. Hassan Israel Herraiz Kim Sebastian Herzig Cory Kapser Barbara Kitchenham Andrew Ko Lucas Layman Steve McConnell Tim Menzies Gail Murphy Nachi Nagappan Thomas J. Ostrand Dewayne Perry Marian Petre Lutz Prechelt Rahul Premraj Forrest Shull Beth Simon Diomidis Spinellis Neil Thomas Walter Tichy Burak Turhan Elaine J. Weyuker Michele A. Whitecraft Laurie Williams Wendy M. Williams Andreas Zeller Thomas Zimmermann

    You will be able to look over the shoulder of major coding and design experts to see problems through their eyes.This is not simply another design patterns book, or another software engineering treatise on the right and wrong way to do things. The authors think aloud as they work through their project's architecture, the tradeoffs made in its construction, and when it was important to break rules. Beautiful Code is an opportunity for master coders to tell their story. All author royalties will be donated to Amnesty International.

    Concurrency and parallelism are the keys, and Seven Concurrency Models in Seven Weeks equips you for this new world. See how emerging technologies such as actors and functional programming address issues with traditional threads and locks development. Learn how to exploit the parallelism in your computer's GPU and leverage clusters of machines with MapReduce and Stream Processing. And do it all with the confidence that comes from using tools that help you write crystal clear, high-quality code. This book will show you how to exploit different parallel architectures to improve your code's performance, scalability, and resilience. Learn about the perils of traditional threads and locks programming and how to overcome them through careful design and by working with the standard library. See how actors enable software running on geographically distributed computers to collaborate, handle failure, and create systems that stay up 24/7/365. Understand why shared mutable state is the enemy of robust concurrent code, and see how functional programming together with technologies such as Software Transactional Memory (STM) and automatic parallelism help you tame it. You'll learn about the untapped potential within every GPU and how GPGPU software can unleash it. You'll see how to use MapReduce to harness massive clusters to solve previously intractible problems, and how, in concert with Stream Processing, big data can be tamed. With an understanding of the strengths and weaknesses of each of the different models and hardware architectures, you'll be empowered to tackle any problem with confidence.What You Need: The example code can be compiled and executed on *nix, OS X, or Windows. Instructions on how to download the supporting build systems are given in each chapter.

    In Enterprise Architecture as Strategy: Creating a Foundation for Business Execution, authors Jeanne W. Ross, Peter Weill, and David C. Robertson show you how.The key? Make tough decisions about which processes you must execute well, then implement the IT systems needed to digitize those processes. Citing numerous companies worldwide, the authors show how constructing the right enterprise architecture enhances profitability and time to market, improves strategy execution, and even lowers IT costs. Though clear, engaging explanation, they demonstrate how to define your operating model—your vision of how your firm will survive and grow—and implement it through your enterprise architecture. Their counterintuitive but vital message: when it comes to executing your strategy, your enterprise architecture may matter far more than your strategy itself.