Disclaimer: I'm just splashing in the notes I'm talking while listening to the talks here. All notes are not stated facts. Just stuff I manage to pick up.
Keynote by former Apache foundation chairman Roy T Fielding about the ideas and origin of REST, the re-discovery of REST (after SOA/SOAP). Fielding published the REST architecture in his dissertation 7 years ago, and advises us to be aware of buzz.
Second part of the keynote was an ELCA talk about integration between heterogenous systems and how Spring has helped them with that.. Very 2004'ish.
Glassfish V3 talk.
V1 was released at JavaOne last year. V2 is still in development (clustering, load balancing), most development will happen in V3. Lotsa changes going on.
It is essentially the same demo that was held at JavaOne some weeks ago.
Quickly in demo. Startup is in 800 ms and still able to serve static pages. Started off with deploying a RoR application.
asadmin deploy -- path ~/ror/mephisto
Deploying a RoR application starts the RoR container.
Same for a webapp, starts the web container
asadmin undeploy --name mpehisto
When killing and starting v3 with war still deployed startup time is 2.3 seconds. Undeploying returns the startup to 800 ms.
The architecture is based on maven and OSGi. The kernel is 50KB. Runs on SE.
The module control is meant to be handled with jsr277 due in java se 7.
Went on to talk about modules, classloaders and libraries, garbage collection. We have to be carfeul with use of threadlocal to let the GC run. Repositories hold modules. Eventually they want to tap into OSGi to add and remove repos at runtime. Already done in maven/directories.
Bootstrapping is done by implementating ApplicationStartup (interface). Dependencies can be declared in the manifest (that can be generated from the pom). But they do skip the POM file for performance. Use MF instead
Dependencies are package type "hk2-jar".
V3 is still not JEE compliant, but they're getting there.
Services. Annotation based service declaration. @Contract and @Service. Glassfish will find it and initialize it on startup.
Nice way of annotating actions, like "deploy".
Grizzly best web container on performance.
Dependency Injection. Looks like Google Guice.
Extraction. Lets objects produce ouput. @Extract on getter methods.
But how do they order of instantiation. It does inheritied componend dependencies with "cascading".
Good talk, very interesting even if I heard a run-through of the content before.
On to a SOA talk by Patrick Steger. Trip through WS* standards.
Nice and relaxed tone on the speaker. He's very concise and knows very well what he is talking about. Probably the most professionaly executed talk I've seen here so far (first guy who finished on time).
I've been lagging behind on ye old SOAP stack so its nice to get an update on the standards.
Starting off with WS-SecurityPolicy. Draft standard, suppotrted by some java and MS. Its an extension of the WS-Policy standard. It is done by OASIS
WS-MEX (metadata exchange) is used for getting policies over to the client.
SAML assertions are passports. WSDL get over http can be used to get the metadata used for future transaction. also supported by MS and some Java frameworks. Still protocol independent. It's based on WS-Transfer. Great for flexible endpoints. XML standard, draft review.
SAML is an OASIS standard. Used for key exchange.
The SAML is gotten hold of with a SecurityTokenService (running a dedicated server). Communication with this one is done with WS-trust.
Its basically key exchange mechanics done in WS. WS-Trust is an established OASIS standard supported by MS and Java projects.
WS-Trust is based on WS-Security. There are different token profiles for various security methods (kerbroros, user/pass, SAML, x509).
Passports are used for establishing secutiry for short intervals (40 secs). WS-ServiceConvercation is used for establishing longer sessions. This is done by getting a SecurityContextToken.
Finally the conversation can begin and SOAP messages are exchanged, client using service. All well authenticated, signed and encrypted.
WS-SecureExchange is an integration of all the mentioned standards into one standard.
Goes on to extend the example with an Authentication Service server. XACML is used for communicating with this server. This is the authorization part of the security. This is a mature OASIS standard with good access control.
Java vs MS on this one. WS-Security is supported in Axis 2, also lotsa support in proprietary products. There is a WS02 framework on the way.
Very little happening in the Java community for supporting the above standards, while the standards are already part of the platform in MS Communication Foundation.
Good slide in the end there, good talk. Very clear on what the facts are and what his personal opinions are.
Key findings include that these standards put a heavy load on developers. Best for Jva/MS integration is to use WCF on MS side and WSIT on the Java side.
Good idea to extract all this security into xml-firewalls, and reuse authentication/authorization mechanics across projects.
Question about whether it is difficult to deploy on IBM Websphere. It is a problem, but using WSIT instead of webpshere WS framework.
WSIT is a framework, project Tango. Spinoff from Sun. The aim is to provide a WS framework that interoperates with the MS world.