We don't have much knowledge about who in our community works for a big company, who's still in development, etc. We do know from the questions we've been answering that there are a bunch of people building very large scale applications (multi-year development efforts with teams of at least 4 developers) and have not hit a wall yet in terms of scalability of the programming model.
I'll have to leave the questions of "big company" and "in production" for others to answer.
As for the OWASP Top 10, Errai is really a framework for programming your own application. I don't believe that anything inherent to the Errai framework would make it impossible for an application built within it to comply with the recommendations from OWASP. On the other hand, nothing about the Errai framework will guarantee you're compliant with OWASP: you still have to be careful in handling logins, session expiration, be diligent in your use of GWT's SafeHtml features, and so on. Ultimately, it's up to you to ensure your application is as secure as it can be. Errai will not guarantee your security.
I hope that helps, and good luck in your selection process.
Thanks for your quick and clear reply & feedback.
Do you know if JBOSS or Red-Hat are using this Framework for internal use & products ?
What about compliance with JBOSS 7.2.1 in full-ha mode ? Do you know anybody that would already have tested this cluster topology ?
1 of 1 people found this helpful
Oh, sorry I forgot to respond to the JBoss AS 7.x part of your question.
We have tested Errai against EAP 6.1, which I guess is the productized version of 7.2.1 (correct me if I'm wrong there!). We've also done a lot of testing against JBoss AS 7.1.1. We have not built the AS 7.2.1 binaries to test against those, but I guess if it works in the corresponding EAP, you have a pretty good chance.
About clustering, we have done some work in that regard. When in a clustered environment, ErraiBus uses JGroups to ensure server-to-client communication works seamlessly across cluster nodes. Everything else (session replication, failover, etc) is left to the app server to manage as usual in any Java EE app. I'm not sure if this has been tested in full-ha mode. In any case, ErraiBus will not guarantee delivery of messages during a failover. In fact, you are likely to miss a message when a client fails over from one node to the other.
Finally, about Errai in JBoss products: yes, we're aware of two products which rely on Errai:
https://github.com/droolsjbpm/jbpm-console-ng -- the new JBPM Console
https://github.com/Governance/s-ramp-ui -- the UI for the SOA repository manager
People who work on these two projects regularly hang out in the #errai IRC channel on Freenode, if you want to chat with them.
Hope that helps!
Thanks a lot for you very usefull response !
Hope to see in this forum other companies declaring using ERRAI in production ...
As i remember, for Seam 2 projects there has exist a site with references of companies and projects, where Seam 2 was / is in use. In my opinion it would be a very helpful information at least for a framework evaluation.
A year ago, as we has evaluated our techs i fought for a complete JBoss stack (and won ). But if there had been any references, this had helped me. Because at the moment are there no informations about. I think many people would offer this information. I can imagine that a feature like that can bring much more weight for JBoss in tech. evaluations.
It's clear ... with Weld JBoss has a very heavy argument as root of a stack, because is a reference implementation of a standard. But since JEE is no more soo young and in my experience it needs maybe more than this ... people are creatures of habit