New features in Project Zero Core
Core - The core Project Zero platform and programming model.
Groovy enhancements
New
script bindings and
log support have been added.
Groovy classes may now obtain the default Zero support for scripts. Specifically, Groovy classes that extend
ZeroObject obtain the default Zero bindings and print/println support bound to the Zero writer.
XML Renderer
The
XML Renderer serializes Java objects to XML, with optional XSLT transformation.
URIUtils
URIUtils is a set of APIs that simplify generation of absolute and page-relative URIs.
RESTdoc
RESTdoc simplifies interactions with Zero-based resource handlers by generating documentation and HTML forms for direct testing of CRUD interactions.
Caching and ETags for static-file serving
Static-file serving in Zero now supports ETags and caching (Cache-Control, max-age). These features may be
configured via settings in
zero.config.
Path info matching in selector patterns
Optional path info may be
specified in selector patterns with the pipe character ('|').
Additional HTTP support
HTTP HEAD
Zero services HEAD requests as GET requests without a response body. Thus, HEAD responses are guaranteed to have the same headers as a GET response.
Note that Zero internally converts HEAD to GET internally for request processing. This means that all GET handlers and GET-related configuration (e.g. security) will be invoked.
Validators and validation
Zero offers
utilities for application developers to leverage ETags and last-modified dates.
Categorized JavaDoc
Core APIs have been categorized as
public APIs and
public SPIs.
Note that the categorization is not a guarantee of API/SPI stability.
Data - Database access using Project Zero.
This milestone includes the draft documentation for the upcoming Zero Resource Manager (ZRM). ZRM is an extension to Project Zero that provides the Zero developer with a simple way to model and present data as RESTful resources. The goals of the ZRM extension are:
- Provide an easy mechanism to create resource types and to share these type definitions across applications.
- Provide a simple interface to create, access and manage resources within server applications and via HTTP.
- Limit interactions with resources to a well-define set of operations, thus encouraging RESTful application architecture.
Most Zero applications are very "resource-centric". The common ZRM resource model provides the developers with many conveniences besides the simple API. Some of these include:
- Expose as REST data service
- Allow clients to create and manipulate resource types and data
- Managed revisions, ETags, cache, content negotiation
- Forms library
- User UI scaffolding, admin UI
- Javascript Client API
- Model API proxy, offline/replication
- Robust frameworks for
- Persistence, validation, serialization (JSON, XML, Feeds/Atom, HTML)
Security - Core security and the user service.
Active Content Filtering (ACF) integration with Zero
There is now support for ACF based filtering in Zero. The zero.acf package provides an active content filter that supports:
- built in support to remove active content from an outbound response message based on the set of filter rules.
- programmatic APIs to validate whether or not an inbound request parameter includes active content, such as JavaScript, Applet, and ActiveX objects, based on a set of filter rules.
- programmatic APIs to remove (via the process method) active content from an inbound request parameter that includes active content, such as JavaScript, Applet, and ActiveX objects, based on a set of filter rules.
Encoding of sensitive information in zero.config
Project Zero's XOREncoder library provides a simple encoding API to allow applications to not have to store passwords in clear text. Depending upon whether a library supports encoding of a property in zero.config, a developer may use the command line or eclipse to encode the password using XOR encoding.
Support for authorizing by roles
There is now support for Role based authorization, in addition to the previously supported users and groups, developers may not authorize based upon whether a user or group is a member of a role defined in the zero.config.
Support for additional security token and trust providers
There is now support for additional security tokens based upon libraries that exist in WebSphere currently. Now users of WebSphere and Zero can share LTPA tokens between both application servers and provide Single Sign On support both between applications and application servers. In addition, initial support has been provided for users of WebSphere's Trust Association Interceptor (TAI) that will be able to leverage various third party trust providers. Currently, there are no TAI implementations available for Zero but the framework has been developed to allow the porting of existing TAI implementations to Zero in the future.
Enhancements for Form-Based Authentication
There is now support for the various ways a user can login using Form-Based Login. In addition to the previous flow of Form-Based login where a user requests a protected resource and is then directed to a form login page, a user may now navigate directly to the login page. Upon successful login, the user can then be redirected to either a resource specified in the login form or back to the default page for the application.
Improved integration with PHP
There is now support for programmatically calling such public APIs as programmatic login, programmatic logout, ACF validation and ACF processing inside of PHP scripts.
Tooling - Eclipse and Command Line tooling for Project Zero.
New standalone packaging option
You can now export a Project Zero application in standalone mode which will package all of the dependencies and generate a run script so the package can be unzipped and run with not prereqs except for a JRE.
CLI resolver
When resolving from the command-line, dependencies can be directly resolved from the current working directory. At the time of resolution the dependencies are compiled if needed. This is analogous to Eclipse resolver which resolves directly to projects in the workspace.
Improved CLI error messages
CLI/Eclipse interoperability
The Eclipse and CLI resolve is now compatible, so that switching between the two does not require re-resolving.
Moved CLI up to Ant 1.7
The command-line now includes ANT 1.7 instead of ANT 1.6.5.
Moved PHP Eclipse plug-in up to PDT 1.0
The Eclipse PHP plug-in now works with PDT 1.0 RC2, instead of the previous PDT 0.7
Libraries versioned independently
The libraries and applications in the repository are now versioned independently, so the version of the packages is only updated if there was a change specific to the module being packaged. The version format was also changed in M1 from the previous:
major.minor.fix.[P]
- - e.g. 1.0.0.P20070904-3207
to:
major.minor.svn[.milestone] - e.g. 1.0.3207.M1
Catalog - A catalog for sharing Project Zero services.
Catalog Zero is a sample Project Zero application that allows users to share packaged Project Zero applications and services. Anyone using the Catalog Zero Web interface can browse, download, rate, and comment on packages. Authorized users can upload and manage packages. Catalog Zero provides an easy-to-use interface tailored to the Project Zero experience. It includes support for standalone and shared packages as well as an Ivy repository interface.
Package upload/download
Catalog Zero allows users to upload Zero applications exported from Eclipse or packaged from the Command Line Interface as ZIP files. The ZIP files can be created in shared mode (without dependenices) or standalone mode (with dependencies). Uploaded packages can be modified or deleted by their owner. New releases are automatically detected during the upload process. Catalog Zero support anonymous download of packages through either Ivy dependency resolution or file download.
File-based security
Catalog Zero uses the Project Zero file-based Single Sign On security to protect the service APIs. Only authorized users are permitted to upload and manage packages. Only authenticated users are permitted to rate and comment on packages.
Commenting and Rating
Authenticated users can rate hosted packages using a 1-5 star rating system. Authenticated users can also post comments on any package.
Filtered browsing
The main page of Catalog Zero shows a list of available packages. The list can be filtered by package name, rating, or owner.
Services - Reusable services for Project Zero, such as reviewing, blogging, and tagging
A number of sample social networking services provides the foundation for the Zile.Community sample application. These services including the associated Dojo custom widgets that are ready to be "plug" into any application.
Profile service
Profiles are the central elements of collaboration. They represent the identifiable individuals in the community with attributes that are conducive to social networking such as credentials, areas of expertise, organization, professional publications (such as blogs and articles), and group affiliations.
Blogging service
Blogging is one of the key features of community; it enables users to collaborate with self-publishing, cross referencing, and commenting (on other's blogs) to enrich personal profile and improving each users online presence. The Zile blog component will include an integrated tagging capability.
Tagging service
The tagging component provides tagging capability of any resource. User selects a resource and creates a tag for that resource. The service keeps track of the associations and feeds the Tag Cloud user interface, which is a Dojo widget.
Rating service
This component provides both UI and back end implementation to support the creation of ratings of arbitrary things.
Commenting service
This component provides both UI and back end implementation to support the creation of comments on arbitrary things.
File sharing service
Using the file upload pattern, this component provides user interface and storage to upload and share files with other members.
Samples - Example code, including Zile, the Employee Demo and tutorials.
The Employee and tutorials have been updated to the latest changes in the Core. Zile continues to evolve as a sample social networking application integrating available services.
