SlideShare uma empresa Scribd logo

Domain Primitives In Action - Explore DDD 2017

Omegapoint Academy
Omegapoint Academy

(Video included as last slide. Also available at https://www.youtube.com/watch?v=ogjOKlXHi08) What are the basic blocks of which you build a domain? It is probably not integers, strings, and floats. Instead it might be things such as “room number,” “track,” or “time slot.” They might be simple, they might be complex, but they are the simplest things that still makes sense in your domain - these are your domain primitives. Obviously, value objects are a feasible way of implementing many domain primitives. But certainly not all value objects are primitives. In this session, we’ll dive into what domain primitives are and how they enable solutions that make your code secure by design. In addition, we’ll show how domain primitives in combination with context mapping gives a powerful way to clean up legacy code. We cover some concrete patterns that you can start using immediately. This presentation is partly based on material from upcoming book Secure by Design by Dan Bergh Johnsson, Daniel Deogun, and Daniel Sawano.

Software
1 de 25
Baixar para ler offline
Domain Primitives in Action - Making it Secure by Design @DanielDeogun @danbjson Explore DDD, Denver 2017
@DanielDeogun @danbjson #SecureByDesign #EDDD About Us… Dan Bergh Johnsson Secure Domain Philosopher Omegapoint, Sweden Umeå Malmö Göteborg Falun New York Stockholm Daniel Deogun Coder and Quality Defender
@DanielDeogun @danbjson #SecureByDesign #EDDD Key Take Aways Domain Primitives - are native to your domain - form a conceptual whole - easy way to improve and secure existing code
@DanielDeogun @danbjson #SecureByDesign #EDDD Modeling a Hotel Room
@DanielDeogun @danbjson #SecureByDesign #EDDD Peano's Axioms 1. Zero is a number 2. If n is a number, the successor of n is a number 3. Zero isn’t the successor of a number 4. Two numbers of which the successors are equal are themselves equal 5. If a set S of numbers contains zero and also the successor of every number in S, then every number is in S Abelian group • Closure: a + b = integer • Associativity: a + (b + c) = (a + b) + c • Commutativity: a + b = b + a • Identity: a + 0 = a • Inverse: a + (−a) = 0 It’s “just” an Integer?
@DanielDeogun @danbjson #SecureByDesign #EDDD …or is it a String? • What characters are legal? • Which operations are allowed? • Does this make sense?
@DanielDeogun @danbjson #SecureByDesign #EDDD Math and Hotel are different Contexts Math Domain Integer Hotel Domain Room Number Hotel Domain Math Domain Integer (a.k.a Room Number)
@DanielDeogun @danbjson #SecureByDesign #EDDD Room Number public final class RoomNumber { private final int value; public RoomNumber(final int value) { isTrue(Floor.isValid(value)); inclusiveBetween(1, 50, value % 100); this.value = value; } public Floor floor() { return new Floor(value); } // other logic … }
@DanielDeogun @danbjson #SecureByDesign #EDDD Definition of Domain Primitive • Building block that’s native to your domain • Valid in your context • Immutable and resemble a value object “A value object so precise in its definition that it, by its mere existence, manifests its validity is called a Domain Primitive.” - Secure by Design
@DanielDeogun @danbjson #SecureByDesign #EDDD Less Simple Domain Primitive public void pay(final double money, final int recipientId) { final String currency = CurrencyService.currencyFor(recipientId); BankService.transfer(money, currency, recipientId); } public void pay(final Money money, final Recipient recipient) { notNull(money); notNull(recipient); BankService.transfer(money, recipient); } But Money is a conceptual whole and should be modeled as a domain primitive
@DanielDeogun @danbjson #SecureByDesign #EDDD Intelligent Machines - not just values class Rate {
 private final Currency from;
 private final Currency to;
 
 Rate(Currency from, Currency to) {
 this.from = notNull(from);
 this.to = notNull(to);
 } 
 Money exchange(Money from) { notNull(from); isTrue(this.from .equals(from.currency)); BigDecimal converted = . . .
 return new Money(converted, to);
 }
 }
@DanielDeogun @danbjson #SecureByDesign #EDDD Standing on the Shoulders of Giants • Domain Primitives act as building blocks • Guy L. Steele Jr. “Growing a Language” • Abelson, Sussman “Structure and Interpretation of Computer Programs” https://flic.kr/p/8cc44h https://creativecommons.org/licenses/by/2.0/
@DanielDeogun @danbjson #SecureByDesign #EDDD … In Action https://flic.kr/p/Q7zV https://creativecommons.org/licenses/by-sa/2.0/ vs https://flic.kr/p/djYc9H https://creativecommons.org/licenses/by/2.0/ Green Field Brown Field
@DanielDeogun @danbjson #SecureByDesign #EDDD “Draw the Line” - Find a Semantic Border https://flic.kr/p/nEZKMd https://creativecommons.org/licenses/by/2.0/ public void checkout(final int roomNumber) { new RoomNumber(roomNumber); //throws exception if invalid houseKeepingService.registerForCleaning(roomNumber); minibarService.replenish(roomNumber); // other operations ... } public void checkout(final int roomNumber) { if (!RoomNumber.isValid(roomNumber)) { reporter.logInvalidRoomNumber(roomNumber); } houseKeepingService.registerForCleaning(roomNumber); minibarService.replenish(roomNumber); // other operations ... }
@DanielDeogun @danbjson #SecureByDesign #EDDD Hardening your APIs - Enforce Data Quality Generic Specific public void checkout(final int roomNumber) public void checkout(final RoomNumber roomNumber) Enforce data quality
@DanielDeogun @danbjson #SecureByDesign #EDDD Cluttered Entity class Order { private ArrayList<Object> items; private boolean paid;
 
 public void addItem(String isbn, int qty) { if(this.paid == false) { notNull(isbn); inclusiveBetween(10, 10, isbn.length()); isTrue(isbn.matches("[0-9X]*")); isTrue(isbn.matches("[0-9]{9}[0-9X]"));
 Book book = bookCatalogue.findByISBN(isbn);
 if (inventory.availableBooks(isbn) >= qty) { items.add(new OrderLine(book, qty)); } } } //Other logic... }
@DanielDeogun @danbjson #SecureByDesign #EDDD De-Cluttered Entity class Order { private ArrayList<Object> items; private boolean paid;
 public void addItem(ISBN isbn, Quantity qty) { notNull(isbn); notNull(qty); if(this.paid == false) { Book book = bookCatalogue.findByISBN(isbn);
 if (inventory.availableBooks(isbn).greaterOrEqualTo(qty)) { items.add(new OrderLine(book, qty)); } } } //Other logic... }
@DanielDeogun @danbjson #SecureByDesign #EDDD Renovating Services
@DanielDeogun @danbjson #SecureByDesign #EDDD Renovating Services public interface ExchangeService {
 double rate(String from, String to);
 }
 private double convertForeignPrice(
 double priceForeignCurrency,
 String foreignCurrency) {
 
 double rate = exchange.rate(foreignCurrency, "USD");
 double priceUSD = priceForeignCurrency * rate;
 // … and some rounding return priceUSD;
 }
 public interface ExchangeService {
 Rate rate(Currency from, Currency to);
 }
 private Money convertForeignPrice(
 Money priceForeignCurrency,
 Currency foreignCurrency) {
 
 Rate rate = exchange.rate(foreignCurrency, USD);
 Money priceUSD = rate.exchange(priceForeignCurrency);
 return priceUSD;
 }
@DanielDeogun @danbjson #SecureByDesign #EDDD But… https://flic.kr/p/eGYhMw https://creativecommons.org/licenses/by/2.0/ … what about performance? https://flic.kr/p/2pvb2T https://creativecommons.org/licenses/by/2.0/ … it becomes a lot of classes! … isn’t it overly complex? https://flic.kr/p/7Ro4HU https://creativecommons.org/licenses/by/2.0/
@DanielDeogun @danbjson #SecureByDesign #EDDD … Making it Secure by Design OWASP: • Injection Flaw • Cross-site scripting (XSS) Seals lots of small holes https://flic.kr/p/85qctm https://creativecommons.org/licenses/by/2.0/ Confidentiality Integrity Availability
@DanielDeogun @danbjson #SecureByDesign #EDDD Contains several concepts from DDD 40% Discount code ctweddd17 Design secure software without “thinking” about security There’s a Book… Shameless plug…
@DanielDeogun @danbjson #SecureByDesign #EDDD Key Take Aways Domain Primitives - are native to your domain - form a conceptual whole - easy way to improve and secure existing code
@DanielDeogun @danbjson #SecureByDesign #EDDD Q&A https://flic.kr/p/9ksxQa https://creativecommons.org/licenses/by-nc-nd/2.0/
Thanks @DanielDeogun @danbjson #SecureByDesign #EDDD

Recomendados

Kotlinアンチパターン
KotlinアンチパターンKotlinアンチパターン
KotlinアンチパターンRecruit Lifestyle Co., Ltd.
 
Jetpack Compose beginner.pdf
Jetpack Compose beginner.pdfJetpack Compose beginner.pdf
Jetpack Compose beginner.pdfAayushmaAgrawal
 
DI(依存性注入)について
DI(依存性注入)についてDI(依存性注入)について
DI(依存性注入)についてYui Ito
 
怖くないSpring Bootのオートコンフィグレーション
怖くないSpring Bootのオートコンフィグレーション怖くないSpring Bootのオートコンフィグレーション
怖くないSpring Bootのオートコンフィグレーション土岐 孝平
 
Introduction to Spring's Dependency Injection
Introduction to Spring's Dependency InjectionIntroduction to Spring's Dependency Injection
Introduction to Spring's Dependency InjectionRichard Paul
 
Alasql fast JavaScript in-memory SQL database
Alasql fast JavaScript in-memory SQL databaseAlasql fast JavaScript in-memory SQL database
Alasql fast JavaScript in-memory SQL databaseAndrey Gershun
 
Advanced javascript
Advanced javascriptAdvanced javascript
Advanced javascriptDoeun KOCH
 
Kotlin for Android Development
Kotlin for Android DevelopmentKotlin for Android Development
Kotlin for Android DevelopmentSpeck&Tech
 

Recomendados

Kotlinアンチパターン
KotlinアンチパターンKotlinアンチパターン
KotlinアンチパターンRecruit Lifestyle Co., Ltd.
 
Jetpack Compose beginner.pdf
Jetpack Compose beginner.pdfJetpack Compose beginner.pdf
Jetpack Compose beginner.pdfAayushmaAgrawal
 
DI(依存性注入)について
DI(依存性注入)についてDI(依存性注入)について
DI(依存性注入)についてYui Ito
 
怖くないSpring Bootのオートコンフィグレーション
怖くないSpring Bootのオートコンフィグレーション怖くないSpring Bootのオートコンフィグレーション
怖くないSpring Bootのオートコンフィグレーション土岐 孝平
 
Introduction to Spring's Dependency Injection
Introduction to Spring's Dependency InjectionIntroduction to Spring's Dependency Injection
Introduction to Spring's Dependency InjectionRichard Paul
 
Alasql fast JavaScript in-memory SQL database
Alasql fast JavaScript in-memory SQL databaseAlasql fast JavaScript in-memory SQL database
Alasql fast JavaScript in-memory SQL databaseAndrey Gershun
 
Advanced javascript
Advanced javascriptAdvanced javascript
Advanced javascriptDoeun KOCH
 
Kotlin for Android Development
Kotlin for Android DevelopmentKotlin for Android Development
Kotlin for Android DevelopmentSpeck&Tech
 
Java 9 Module System Introduction
Java 9 Module System IntroductionJava 9 Module System Introduction
Java 9 Module System IntroductionDan Stine
 
Kotlin Jetpack Tutorial
Kotlin Jetpack TutorialKotlin Jetpack Tutorial
Kotlin Jetpack TutorialSimplilearn
 
Java Serialization
Java SerializationJava Serialization
Java Serializationimypraz
 
Jetpack Compose.pptx
Jetpack Compose.pptxJetpack Compose.pptx
Jetpack Compose.pptxGDSCVJTI
 
C#のキモイ高速プログラミング
C#のキモイ高速プログラミングC#のキモイ高速プログラミング
C#のキモイ高速プログラミングKaisei Sunaga
 
CloudWatch(+sns+sqs)で障害対応を自動化してみた
CloudWatch(+sns+sqs)で障害対応を自動化してみたCloudWatch(+sns+sqs)で障害対応を自動化してみた
CloudWatch(+sns+sqs)で障害対応を自動化してみたTerui Masashi
 
async/await のしくみ
async/await のしくみasync/await のしくみ
async/await のしくみ信之 岩永
 
今日こそ理解するHot / Cold @社内RxSwift勉強会
今日こそ理解するHot / Cold @社内RxSwift勉強会今日こそ理解するHot / Cold @社内RxSwift勉強会
今日こそ理解するHot / Cold @社内RxSwift勉強会Yuki Takahashi
 
RxSwift to Combine
RxSwift to CombineRxSwift to Combine
RxSwift to CombineBo-Young Park
 
파이썬 생존 안내서 (자막)
파이썬 생존 안내서 (자막)파이썬 생존 안내서 (자막)
파이썬 생존 안내서 (자막)Heungsub Lee
 
マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!mosa siru
 
RedisConf17 - Distributed Java Map Structures and Services with Redisson
RedisConf17 - Distributed Java Map Structures and Services with RedissonRedisConf17 - Distributed Java Map Structures and Services with Redisson
RedisConf17 - Distributed Java Map Structures and Services with RedissonRedis Labs
 
Django の認証処理実装パターン / Django Authentication Patterns
Django の認証処理実装パターン / Django Authentication PatternsDjango の認証処理実装パターン / Django Authentication Patterns
Django の認証処理実装パターン / Django Authentication PatternsMasashi Shibata
 
Clean Architecture Applications in Python
Clean Architecture Applications in PythonClean Architecture Applications in Python
Clean Architecture Applications in PythonSubhash Bhushan
 
楽天トラベルとSpring(Spring Day 2016)
楽天トラベルとSpring(Spring Day 2016)楽天トラベルとSpring(Spring Day 2016)
楽天トラベルとSpring(Spring Day 2016)Rakuten Group, Inc.
 
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)fisuda
 
Apache Pulsarの概要と近況
Apache Pulsarの概要と近況Apache Pulsarの概要と近況
Apache Pulsarの概要と近況Yahoo!デベロッパーネットワーク
 
Spring Boot in Action
Spring Boot in Action Spring Boot in Action
Spring Boot in Action Alex Movila
 
3.Java EE7 徹底入門 CDI&EJB
3.Java EE7 徹底入門 CDI&EJB3.Java EE7 徹底入門 CDI&EJB
3.Java EE7 徹底入門 CDI&EJBTsunenaga Hanyuda
 
Jetpack Compose a new way to implement UI on Android
Jetpack Compose a new way to implement UI on AndroidJetpack Compose a new way to implement UI on Android
Jetpack Compose a new way to implement UI on AndroidNelson Glauber Leal
 
Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018Omegapoint Academy
 
Devoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure SoftwareDevoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure SoftwareDaniel Sawano
 

Mais conteúdo relacionado

Mais procurados

Java 9 Module System Introduction
Java 9 Module System IntroductionJava 9 Module System Introduction
Java 9 Module System IntroductionDan Stine
 
Kotlin Jetpack Tutorial
Kotlin Jetpack TutorialKotlin Jetpack Tutorial
Kotlin Jetpack TutorialSimplilearn
 
Java Serialization
Java SerializationJava Serialization
Java Serializationimypraz
 
Jetpack Compose.pptx
Jetpack Compose.pptxJetpack Compose.pptx
Jetpack Compose.pptxGDSCVJTI
 
C#のキモイ高速プログラミング
C#のキモイ高速プログラミングC#のキモイ高速プログラミング
C#のキモイ高速プログラミングKaisei Sunaga
 
CloudWatch(+sns+sqs)で障害対応を自動化してみた
CloudWatch(+sns+sqs)で障害対応を自動化してみたCloudWatch(+sns+sqs)で障害対応を自動化してみた
CloudWatch(+sns+sqs)で障害対応を自動化してみたTerui Masashi
 
async/await のしくみ
async/await のしくみasync/await のしくみ
async/await のしくみ信之 岩永
 
今日こそ理解するHot / Cold @社内RxSwift勉強会
今日こそ理解するHot / Cold @社内RxSwift勉強会今日こそ理解するHot / Cold @社内RxSwift勉強会
今日こそ理解するHot / Cold @社内RxSwift勉強会Yuki Takahashi
 
파이썬 생존 안내서 (자막)
파이썬 생존 안내서 (자막)파이썬 생존 안내서 (자막)
파이썬 생존 안내서 (자막)Heungsub Lee
 
マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!mosa siru
 
RedisConf17 - Distributed Java Map Structures and Services with Redisson
RedisConf17 - Distributed Java Map Structures and Services with RedissonRedisConf17 - Distributed Java Map Structures and Services with Redisson
RedisConf17 - Distributed Java Map Structures and Services with RedissonRedis Labs
 
Django の認証処理実装パターン / Django Authentication Patterns
Django の認証処理実装パターン / Django Authentication PatternsDjango の認証処理実装パターン / Django Authentication Patterns
Django の認証処理実装パターン / Django Authentication PatternsMasashi Shibata
 
Clean Architecture Applications in Python
Clean Architecture Applications in PythonClean Architecture Applications in Python
Clean Architecture Applications in PythonSubhash Bhushan
 
楽天トラベルとSpring(Spring Day 2016)
楽天トラベルとSpring(Spring Day 2016)楽天トラベルとSpring(Spring Day 2016)
楽天トラベルとSpring(Spring Day 2016)Rakuten Group, Inc.
 
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)fisuda
 
Spring Boot in Action
Spring Boot in Action Spring Boot in Action
Spring Boot in Action Alex Movila
 
3.Java EE7 徹底入門 CDI&EJB
3.Java EE7 徹底入門 CDI&EJB3.Java EE7 徹底入門 CDI&EJB
3.Java EE7 徹底入門 CDI&EJBTsunenaga Hanyuda
 
Jetpack Compose a new way to implement UI on Android
Jetpack Compose a new way to implement UI on AndroidJetpack Compose a new way to implement UI on Android
Jetpack Compose a new way to implement UI on AndroidNelson Glauber Leal
 

Mais procurados (20)

Java 9 Module System Introduction
Java 9 Module System IntroductionJava 9 Module System Introduction
Java 9 Module System Introduction
 
Kotlin Jetpack Tutorial
Kotlin Jetpack TutorialKotlin Jetpack Tutorial
Kotlin Jetpack Tutorial
 
Java Serialization
Java SerializationJava Serialization
Java Serialization
 
Jetpack Compose.pptx
Jetpack Compose.pptxJetpack Compose.pptx
Jetpack Compose.pptx
 
C#のキモイ高速プログラミング
C#のキモイ高速プログラミングC#のキモイ高速プログラミング
C#のキモイ高速プログラミング
 
CloudWatch(+sns+sqs)で障害対応を自動化してみた
CloudWatch(+sns+sqs)で障害対応を自動化してみたCloudWatch(+sns+sqs)で障害対応を自動化してみた
CloudWatch(+sns+sqs)で障害対応を自動化してみた
 
async/await のしくみ
async/await のしくみasync/await のしくみ
async/await のしくみ
 
今日こそ理解するHot / Cold @社内RxSwift勉強会
今日こそ理解するHot / Cold @社内RxSwift勉強会今日こそ理解するHot / Cold @社内RxSwift勉強会
今日こそ理解するHot / Cold @社内RxSwift勉強会
 
RxSwift to Combine
RxSwift to CombineRxSwift to Combine
RxSwift to Combine
 
파이썬 생존 안내서 (자막)
파이썬 생존 안내서 (자막)파이썬 생존 안내서 (자막)
파이썬 생존 안내서 (자막)
 
マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!マイクロにしすぎた結果がこれだよ!
マイクロにしすぎた結果がこれだよ!
 
RedisConf17 - Distributed Java Map Structures and Services with Redisson
RedisConf17 - Distributed Java Map Structures and Services with RedissonRedisConf17 - Distributed Java Map Structures and Services with Redisson
RedisConf17 - Distributed Java Map Structures and Services with Redisson
 
Django の認証処理実装パターン / Django Authentication Patterns
Django の認証処理実装パターン / Django Authentication PatternsDjango の認証処理実装パターン / Django Authentication Patterns
Django の認証処理実装パターン / Django Authentication Patterns
 
Clean Architecture Applications in Python
Clean Architecture Applications in PythonClean Architecture Applications in Python
Clean Architecture Applications in Python
 
楽天トラベルとSpring(Spring Day 2016)
楽天トラベルとSpring(Spring Day 2016)楽天トラベルとSpring(Spring Day 2016)
楽天トラベルとSpring(Spring Day 2016)
 
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 3.2.0対応)
 
Apache Pulsarの概要と近況
Apache Pulsarの概要と近況Apache Pulsarの概要と近況
Apache Pulsarの概要と近況
 
Spring Boot in Action
Spring Boot in Action Spring Boot in Action
Spring Boot in Action
 
3.Java EE7 徹底入門 CDI&EJB
3.Java EE7 徹底入門 CDI&EJB3.Java EE7 徹底入門 CDI&EJB
3.Java EE7 徹底入門 CDI&EJB
 
Jetpack Compose a new way to implement UI on Android
Jetpack Compose a new way to implement UI on AndroidJetpack Compose a new way to implement UI on Android
Jetpack Compose a new way to implement UI on Android
 

Semelhante a Domain Primitives In Action - Explore DDD 2017

Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018Omegapoint Academy
 
Devoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure SoftwareDevoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure SoftwareDaniel Sawano
 
DevDays LT 2017 - Secure by Design
DevDays LT 2017 - Secure by DesignDevDays LT 2017 - Secure by Design
DevDays LT 2017 - Secure by DesignDaniel Sawano
 
GeeCon Prague 2017 - Cracking the Code to Secure Software
GeeCon Prague 2017 - Cracking the Code to Secure SoftwareGeeCon Prague 2017 - Cracking the Code to Secure Software
GeeCon Prague 2017 - Cracking the Code to Secure SoftwareDaniel Sawano
 
Domain driven security_java_zone2016
Domain driven security_java_zone2016Domain driven security_java_zone2016
Domain driven security_java_zone2016Omegapoint Academy
 
Secure by Design - Jfokus 2018 tutorial
Secure by Design - Jfokus 2018 tutorialSecure by Design - Jfokus 2018 tutorial
Secure by Design - Jfokus 2018 tutorialOmegapoint Academy
 
Building a Location-based platform with MongoDB from Zero.
Building a Location-based platform with MongoDB from Zero.Building a Location-based platform with MongoDB from Zero.
Building a Location-based platform with MongoDB from Zero.Ravi Teja
 
Designing software with security in mind?
Designing software with security in mind?Designing software with security in mind?
Designing software with security in mind?Omegapoint Academy
 
Designing software with security in mind
Designing software with security in mindDesigning software with security in mind
Designing software with security in mindOmegapoint Academy
 
Fast REST APIs Development with MongoDB
Fast REST APIs Development with MongoDBFast REST APIs Development with MongoDB
Fast REST APIs Development with MongoDBMongoDB
 
Managing complexity
Managing complexityManaging complexity
Managing complexitySmartLogic
 
MongoDB, PHP and the cloud - php cloud summit 2011
MongoDB, PHP and the cloud - php cloud summit 2011MongoDB, PHP and the cloud - php cloud summit 2011
MongoDB, PHP and the cloud - php cloud summit 2011Steven Francia
 
MongoDB and PHP ZendCon 2011
MongoDB and PHP ZendCon 2011MongoDB and PHP ZendCon 2011
MongoDB and PHP ZendCon 2011Steven Francia
 
What do you mean, Backwards Compatibility?
What do you mean, Backwards Compatibility?What do you mean, Backwards Compatibility?
What do you mean, Backwards Compatibility?Trisha Gee
 
MongoDB .local London 2019: Realm: The Secret Sauce for Better Mobile Apps
MongoDB .local London 2019: Realm: The Secret Sauce for Better Mobile AppsMongoDB .local London 2019: Realm: The Secret Sauce for Better Mobile Apps
MongoDB .local London 2019: Realm: The Secret Sauce for Better Mobile AppsMongoDB
 
MongoDB .local Chicago 2019: REST-less Mobile Apps: Why Offline-first & Sync ...
MongoDB .local Chicago 2019: REST-less Mobile Apps: Why Offline-first & Sync ...MongoDB .local Chicago 2019: REST-less Mobile Apps: Why Offline-first & Sync ...
MongoDB .local Chicago 2019: REST-less Mobile Apps: Why Offline-first & Sync ...MongoDB
 
Working with the Web: 
Decoding JSON
Working with the Web: 
Decoding JSONWorking with the Web: 
Decoding JSON
Working with the Web: 
Decoding JSONSV.CO
 
San Francisco Java User Group
San Francisco Java User GroupSan Francisco Java User Group
San Francisco Java User Groupkchodorow
 

Semelhante a Domain Primitives In Action - Explore DDD 2017 (20)

Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018
 
Devoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure SoftwareDevoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure Software
 
DevDays LT 2017 - Secure by Design
DevDays LT 2017 - Secure by DesignDevDays LT 2017 - Secure by Design
DevDays LT 2017 - Secure by Design
 
GeeCon Prague 2017 - Cracking the Code to Secure Software
GeeCon Prague 2017 - Cracking the Code to Secure SoftwareGeeCon Prague 2017 - Cracking the Code to Secure Software
GeeCon Prague 2017 - Cracking the Code to Secure Software
 
Domain driven security_java_zone2016
Domain driven security_java_zone2016Domain driven security_java_zone2016
Domain driven security_java_zone2016
 
Secure by Design - Jfokus 2018 tutorial
Secure by Design - Jfokus 2018 tutorialSecure by Design - Jfokus 2018 tutorial
Secure by Design - Jfokus 2018 tutorial
 
Building a Location-based platform with MongoDB from Zero.
Building a Location-based platform with MongoDB from Zero.Building a Location-based platform with MongoDB from Zero.
Building a Location-based platform with MongoDB from Zero.
 
Designing software with security in mind?
Designing software with security in mind?Designing software with security in mind?
Designing software with security in mind?
 
Designing software with security in mind
Designing software with security in mindDesigning software with security in mind
Designing software with security in mind
 
Fast REST APIs Development with MongoDB
Fast REST APIs Development with MongoDBFast REST APIs Development with MongoDB
Fast REST APIs Development with MongoDB
 
Managing complexity
Managing complexityManaging complexity
Managing complexity
 
Minds-on DDD
Minds-on DDDMinds-on DDD
Minds-on DDD
 
MongoDB, PHP and the cloud - php cloud summit 2011
MongoDB, PHP and the cloud - php cloud summit 2011MongoDB, PHP and the cloud - php cloud summit 2011
MongoDB, PHP and the cloud - php cloud summit 2011
 
MongoDB and PHP ZendCon 2011
MongoDB and PHP ZendCon 2011MongoDB and PHP ZendCon 2011
MongoDB and PHP ZendCon 2011
 
What do you mean, Backwards Compatibility?
What do you mean, Backwards Compatibility?What do you mean, Backwards Compatibility?
What do you mean, Backwards Compatibility?
 
MongoDB .local London 2019: Realm: The Secret Sauce for Better Mobile Apps
MongoDB .local London 2019: Realm: The Secret Sauce for Better Mobile AppsMongoDB .local London 2019: Realm: The Secret Sauce for Better Mobile Apps
MongoDB .local London 2019: Realm: The Secret Sauce for Better Mobile Apps
 
MongoDB .local Chicago 2019: REST-less Mobile Apps: Why Offline-first & Sync ...
MongoDB .local Chicago 2019: REST-less Mobile Apps: Why Offline-first & Sync ...MongoDB .local Chicago 2019: REST-less Mobile Apps: Why Offline-first & Sync ...
MongoDB .local Chicago 2019: REST-less Mobile Apps: Why Offline-first & Sync ...
 
Clean Code 2
Clean Code 2Clean Code 2
Clean Code 2
 
Working with the Web: 
Decoding JSON
Working with the Web: 
Decoding JSONWorking with the Web: 
Decoding JSON
Working with the Web: 
Decoding JSON
 
San Francisco Java User Group
San Francisco Java User GroupSan Francisco Java User Group
San Francisco Java User Group
 

Mais de Omegapoint Academy

Making Software Secure by Design
Making Software Secure by DesignMaking Software Secure by Design
Making Software Secure by DesignOmegapoint Academy
 
Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016Omegapoint Academy
 
Arm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsArm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsOmegapoint Academy
 
Failing Continuous Delivery, Devoxx Poland, 2015
Failing Continuous Delivery, Devoxx Poland, 2015Failing Continuous Delivery, Devoxx Poland, 2015
Failing Continuous Delivery, Devoxx Poland, 2015Omegapoint Academy
 
Studentkonferens 2015 - Alla pratar om risker, men vad är det?
Studentkonferens 2015 - Alla pratar om risker, men vad är det?Studentkonferens 2015 - Alla pratar om risker, men vad är det?
Studentkonferens 2015 - Alla pratar om risker, men vad är det?Omegapoint Academy
 
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)Omegapoint Academy
 
Studenkonferens 2015 - Craftsmanship
Studenkonferens 2015 - CraftsmanshipStudenkonferens 2015 - Craftsmanship
Studenkonferens 2015 - CraftsmanshipOmegapoint Academy
 
Agile Enterprise: frukostseminarium
Agile Enterprise: frukostseminariumAgile Enterprise: frukostseminarium
Agile Enterprise: frukostseminariumOmegapoint Academy
 

Mais de Omegapoint Academy (9)

Making Software Secure by Design
Making Software Secure by DesignMaking Software Secure by Design
Making Software Secure by Design
 
Designing Testable Software
Designing Testable SoftwareDesigning Testable Software
Designing Testable Software
 
Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016
 
Arm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsArm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trolls
 
Failing Continuous Delivery, Devoxx Poland, 2015
Failing Continuous Delivery, Devoxx Poland, 2015Failing Continuous Delivery, Devoxx Poland, 2015
Failing Continuous Delivery, Devoxx Poland, 2015
 
Studentkonferens 2015 - Alla pratar om risker, men vad är det?
Studentkonferens 2015 - Alla pratar om risker, men vad är det?Studentkonferens 2015 - Alla pratar om risker, men vad är det?
Studentkonferens 2015 - Alla pratar om risker, men vad är det?
 
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
 
Studenkonferens 2015 - Craftsmanship
Studenkonferens 2015 - CraftsmanshipStudenkonferens 2015 - Craftsmanship
Studenkonferens 2015 - Craftsmanship
 
Agile Enterprise: frukostseminarium
Agile Enterprise: frukostseminariumAgile Enterprise: frukostseminarium
Agile Enterprise: frukostseminarium
 

Último

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 

Último (20)

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 

Domain Primitives In Action - Explore DDD 2017

  • 1. Domain Primitives in Action - Making it Secure by Design @DanielDeogun @danbjson Explore DDD, Denver 2017
  • 2. @DanielDeogun @danbjson #SecureByDesign #EDDD About Us… Dan Bergh Johnsson Secure Domain Philosopher Omegapoint, Sweden Umeå Malmö Göteborg Falun New York Stockholm Daniel Deogun Coder and Quality Defender
  • 3. @DanielDeogun @danbjson #SecureByDesign #EDDD Key Take Aways Domain Primitives - are native to your domain - form a conceptual whole - easy way to improve and secure existing code
  • 4. @DanielDeogun @danbjson #SecureByDesign #EDDD Modeling a Hotel Room
  • 5. @DanielDeogun @danbjson #SecureByDesign #EDDD Peano's Axioms 1. Zero is a number 2. If n is a number, the successor of n is a number 3. Zero isn’t the successor of a number 4. Two numbers of which the successors are equal are themselves equal 5. If a set S of numbers contains zero and also the successor of every number in S, then every number is in S Abelian group • Closure: a + b = integer • Associativity: a + (b + c) = (a + b) + c • Commutativity: a + b = b + a • Identity: a + 0 = a • Inverse: a + (−a) = 0 It’s “just” an Integer?
  • 6. @DanielDeogun @danbjson #SecureByDesign #EDDD …or is it a String? • What characters are legal? • Which operations are allowed? • Does this make sense?
  • 7. @DanielDeogun @danbjson #SecureByDesign #EDDD Math and Hotel are different Contexts Math Domain Integer Hotel Domain Room Number Hotel Domain Math Domain Integer (a.k.a Room Number)
  • 8. @DanielDeogun @danbjson #SecureByDesign #EDDD Room Number public final class RoomNumber { private final int value; public RoomNumber(final int value) { isTrue(Floor.isValid(value)); inclusiveBetween(1, 50, value % 100); this.value = value; } public Floor floor() { return new Floor(value); } // other logic … }
  • 9. @DanielDeogun @danbjson #SecureByDesign #EDDD Definition of Domain Primitive • Building block that’s native to your domain • Valid in your context • Immutable and resemble a value object “A value object so precise in its definition that it, by its mere existence, manifests its validity is called a Domain Primitive.” - Secure by Design
  • 10. @DanielDeogun @danbjson #SecureByDesign #EDDD Less Simple Domain Primitive public void pay(final double money, final int recipientId) { final String currency = CurrencyService.currencyFor(recipientId); BankService.transfer(money, currency, recipientId); } public void pay(final Money money, final Recipient recipient) { notNull(money); notNull(recipient); BankService.transfer(money, recipient); } But Money is a conceptual whole and should be modeled as a domain primitive
  • 11. @DanielDeogun @danbjson #SecureByDesign #EDDD Intelligent Machines - not just values class Rate {
 private final Currency from;
 private final Currency to;
 
 Rate(Currency from, Currency to) {
 this.from = notNull(from);
 this.to = notNull(to);
 } 
 Money exchange(Money from) { notNull(from); isTrue(this.from .equals(from.currency)); BigDecimal converted = . . .
 return new Money(converted, to);
 }
 }
  • 12. @DanielDeogun @danbjson #SecureByDesign #EDDD Standing on the Shoulders of Giants • Domain Primitives act as building blocks • Guy L. Steele Jr. “Growing a Language” • Abelson, Sussman “Structure and Interpretation of Computer Programs” https://flic.kr/p/8cc44h https://creativecommons.org/licenses/by/2.0/
  • 13. @DanielDeogun @danbjson #SecureByDesign #EDDD … In Action https://flic.kr/p/Q7zV https://creativecommons.org/licenses/by-sa/2.0/ vs https://flic.kr/p/djYc9H https://creativecommons.org/licenses/by/2.0/ Green Field Brown Field
  • 14. @DanielDeogun @danbjson #SecureByDesign #EDDD “Draw the Line” - Find a Semantic Border https://flic.kr/p/nEZKMd https://creativecommons.org/licenses/by/2.0/ public void checkout(final int roomNumber) { new RoomNumber(roomNumber); //throws exception if invalid houseKeepingService.registerForCleaning(roomNumber); minibarService.replenish(roomNumber); // other operations ... } public void checkout(final int roomNumber) { if (!RoomNumber.isValid(roomNumber)) { reporter.logInvalidRoomNumber(roomNumber); } houseKeepingService.registerForCleaning(roomNumber); minibarService.replenish(roomNumber); // other operations ... }
  • 15. @DanielDeogun @danbjson #SecureByDesign #EDDD Hardening your APIs - Enforce Data Quality Generic Specific public void checkout(final int roomNumber) public void checkout(final RoomNumber roomNumber) Enforce data quality
  • 16. @DanielDeogun @danbjson #SecureByDesign #EDDD Cluttered Entity class Order { private ArrayList<Object> items; private boolean paid;
 
 public void addItem(String isbn, int qty) { if(this.paid == false) { notNull(isbn); inclusiveBetween(10, 10, isbn.length()); isTrue(isbn.matches("[0-9X]*")); isTrue(isbn.matches("[0-9]{9}[0-9X]"));
 Book book = bookCatalogue.findByISBN(isbn);
 if (inventory.availableBooks(isbn) >= qty) { items.add(new OrderLine(book, qty)); } } } //Other logic... }
  • 17. @DanielDeogun @danbjson #SecureByDesign #EDDD De-Cluttered Entity class Order { private ArrayList<Object> items; private boolean paid;
 public void addItem(ISBN isbn, Quantity qty) { notNull(isbn); notNull(qty); if(this.paid == false) { Book book = bookCatalogue.findByISBN(isbn);
 if (inventory.availableBooks(isbn).greaterOrEqualTo(qty)) { items.add(new OrderLine(book, qty)); } } } //Other logic... }
  • 18. @DanielDeogun @danbjson #SecureByDesign #EDDD Renovating Services
  • 19. @DanielDeogun @danbjson #SecureByDesign #EDDD Renovating Services public interface ExchangeService {
 double rate(String from, String to);
 }
 private double convertForeignPrice(
 double priceForeignCurrency,
 String foreignCurrency) {
 
 double rate = exchange.rate(foreignCurrency, "USD");
 double priceUSD = priceForeignCurrency * rate;
 // … and some rounding return priceUSD;
 }
 public interface ExchangeService {
 Rate rate(Currency from, Currency to);
 }
 private Money convertForeignPrice(
 Money priceForeignCurrency,
 Currency foreignCurrency) {
 
 Rate rate = exchange.rate(foreignCurrency, USD);
 Money priceUSD = rate.exchange(priceForeignCurrency);
 return priceUSD;
 }
  • 20. @DanielDeogun @danbjson #SecureByDesign #EDDD But… https://flic.kr/p/eGYhMw https://creativecommons.org/licenses/by/2.0/ … what about performance? https://flic.kr/p/2pvb2T https://creativecommons.org/licenses/by/2.0/ … it becomes a lot of classes! … isn’t it overly complex? https://flic.kr/p/7Ro4HU https://creativecommons.org/licenses/by/2.0/
  • 21. @DanielDeogun @danbjson #SecureByDesign #EDDD … Making it Secure by Design OWASP: • Injection Flaw • Cross-site scripting (XSS) Seals lots of small holes https://flic.kr/p/85qctm https://creativecommons.org/licenses/by/2.0/ Confidentiality Integrity Availability
  • 22. @DanielDeogun @danbjson #SecureByDesign #EDDD Contains several concepts from DDD 40% Discount code ctweddd17 Design secure software without “thinking” about security There’s a Book… Shameless plug…
  • 23. @DanielDeogun @danbjson #SecureByDesign #EDDD Key Take Aways Domain Primitives - are native to your domain - form a conceptual whole - easy way to improve and secure existing code
  • 24. @DanielDeogun @danbjson #SecureByDesign #EDDD Q&A https://flic.kr/p/9ksxQa https://creativecommons.org/licenses/by-nc-nd/2.0/