Skip to main content

Jazoon 2007: Day two half done

Disclaimer: I'm just splashing in the notes I'm talking while listening to the talks here. All notes are not stated facts. Just stuff I manage to pick up.

Keynote by former Apache foundation chairman Roy T Fielding about the ideas and origin of REST, the re-discovery of REST (after SOA/SOAP). Fielding published the REST architecture in his dissertation 7 years ago, and advises us to be aware of buzz.

Second part of the keynote was an ELCA talk about integration between heterogenous systems and how Spring has helped them with that.. Very 2004'ish.

...

Glassfish V3 talk.

V1 was released at JavaOne last year. V2 is still in development (clustering, load balancing), most development will happen in V3. Lotsa changes going on.

It is essentially the same demo that was held at JavaOne some weeks ago.

Quickly in demo. Startup is in 800 ms and still able to serve static pages. Started off with deploying a RoR application.

asadmin deploy -- path ~/ror/mephisto

Deploying a RoR application starts the RoR container.

Same for a webapp, starts the web container

asadmin undeploy --name mpehisto

When killing and starting v3 with war still deployed startup time is 2.3 seconds. Undeploying returns the startup to 800 ms.

The architecture is based on maven and OSGi. The kernel is 50KB. Runs on SE.

The module control is meant to be handled with jsr277 due in java se 7.

Went on to talk about modules, classloaders and libraries, garbage collection. We have to be carfeul with use of threadlocal to let the GC run. Repositories hold modules. Eventually they want to tap into OSGi to add and remove repos at runtime. Already done in maven/directories.

Bootstrapping is done by implementating ApplicationStartup (interface). Dependencies can be declared in the manifest (that can be generated from the pom). But they do skip the POM file for performance. Use MF instead

Dependencies are package type "hk2-jar".

V3 is still not JEE compliant, but they're getting there.

Services. Annotation based service declaration. @Contract and @Service. Glassfish will find it and initialize it on startup.

Nice way of annotating actions, like "deploy".

Grizzly best web container on performance.

Dependency Injection. Looks like Google Guice.

Extraction. Lets objects produce ouput. @Extract on getter methods.

But how do they order of instantiation. It does inheritied componend dependencies with "cascading".

Good talk, very interesting even if I heard a run-through of the content before.

...


On to a SOA talk by Patrick Steger. Trip through WS* standards.

Nice and relaxed tone on the speaker. He's very concise and knows very well what he is talking about. Probably the most professionaly executed talk I've seen here so far (first guy who finished on time).

I've been lagging behind on ye old SOAP stack so its nice to get an update on the standards.

Starting off with WS-SecurityPolicy. Draft standard, suppotrted by some java and MS. Its an extension of the WS-Policy standard. It is done by OASIS

WS-MEX (metadata exchange) is used for getting policies over to the client.

SAML assertions are passports. WSDL get over http can be used to get the metadata used for future transaction. also supported by MS and some Java frameworks. Still protocol independent. It's based on WS-Transfer. Great for flexible endpoints. XML standard, draft review.

SAML is an OASIS standard. Used for key exchange.

The SAML is gotten hold of with a SecurityTokenService (running a dedicated server). Communication with this one is done with WS-trust.

Its basically key exchange mechanics done in WS. WS-Trust is an established OASIS standard supported by MS and Java projects.

WS-Trust is based on WS-Security. There are different token profiles for various security methods (kerbroros, user/pass, SAML, x509).

Passports are used for establishing secutiry for short intervals (40 secs). WS-ServiceConvercation is used for establishing longer sessions. This is done by getting a SecurityContextToken.

Finally the conversation can begin and SOAP messages are exchanged, client using service. All well authenticated, signed and encrypted.

WS-SecureExchange is an integration of all the mentioned standards into one standard.

Goes on to extend the example with an Authentication Service server. XACML is used for communicating with this server. This is the authorization part of the security. This is a mature OASIS standard with good access control.

Java vs MS on this one. WS-Security is supported in Axis 2, also lotsa support in proprietary products. There is a WS02 framework on the way.

Very little happening in the Java community for supporting the above standards, while the standards are already part of the platform in MS Communication Foundation.

Good slide in the end there, good talk. Very clear on what the facts are and what his personal opinions are.

Key findings include that these standards put a heavy load on developers. Best for Jva/MS integration is to use WCF on MS side and WSIT on the Java side.

Good idea to extract all this security into xml-firewalls, and reuse authentication/authorization mechanics across projects.

Question about whether it is difficult to deploy on IBM Websphere. It is a problem, but using WSIT instead of webpshere WS framework.

WSIT is a framework, project Tango. Spinoff from Sun. The aim is to provide a WS framework that interoperates with the MS world.

Comments

Popular posts from this blog

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities. It "was decided" that we'd be doing AES with a key-length of 256, and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet!

The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE in order to do 256 bits. It's a fascinating story, the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them.

Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password and sa…

Managing dot-files with vcsh and myrepos

Say I want to get my dot-files out on a new computer. Here's what I do:

# install vcsh & myrepos via apt/brew/etc
vcsh clone https://github.com/tfnico/config-mr.git mr
mr update

Done! All dot-files are ready to use and in place. No deploy command, no linking up symlinks to the files. No checking/out in my entire home directory as a Git repository. Yet, all my dot-files are neatly kept in fine-grained repositories, and any changes I make are immediately ready to be committed:

config-atom.git
    -> ~/.atom/*

config-mr.git
    -> ~/.mrconfig
    -> ~/.config/mr/*

config-tmuxinator.git  
    -> ~/.tmuxinator/*

config-vim.git
    -> ~/.vimrc
    -> ~/.vim/*

config-bin.git   
    -> ~/bin/*

config-git.git          
    -> ~/.gitconfig

config-tmux.git  
    -> ~/.tmux.conf    

config-zsh.git
    -> ~/.zshrc

How can this be? The key here is to use vcsh to keep track of your dot-files, and its partner myrepos/mr for operating on many repositories at the same time.

I discovere…

The End of GitMinutes (my podcast)

I'm just about ship GitMinutes episode 46, which is going to be the final episode. I'll just paste the outro script here, as it sums up the sentimental thoughts pretty well:

I’m happy to have finally finished [publishing the last episodes from Git-Merge 2017], just in time before Git-Merge 2018 takes place in March. I won’t be going there myself, so I’m counting on someone else to pick up the mic there.

It’s sad to be shipping this one as it is probably the last GitMinutes episode ever. To go a bit down memory lane, 6 years ago, my daughter was born, and as I used a little of that paternity leave to set up my podcasting infrastructure and produce the first few episodes. Initially it was just going to be 10 episodes and call the experiment finished. Instead, I got to 46 episodes, the last dozen or so lazily tailing the last few Git-Merge conferences.

To every one of my guests, thank you so much again for coming on to share your passion in this little niche of computer science a…

Joining eyeo: A Year in Review

It's been well over a year since I joined eyeo. And 'tis the season for yearly reviews, so...

It's been pretty wild. So many times I thought "this stuff really deserves a bloggin", but then it was too inviting to grab onto the next thing and get that rolling.

Instead of taking a deep dive into some topic already, I want to scan through that year in review and think for myself, what were the big things, the important things, the things I achieved, and the things I learned. And then later on, if I ever get around to it, grab one of these topics and elaborate in a dedicated blog-post. Like a bucket-list of the blog posts that I should have written. Here goes:
How given no other structures, silos will grow by themselves This was my initial shock after joining the company. Only a few years after taking off as a startup, the hedges began growing, seemingly almost by themselves, and against the will of the founders. I've worked in silos, and in companies without the…

Always use git-svn with --prefix

TLDR: I've recently been forced back into using git-svn, and while I was at it, I noticed that git-svn generally behaves a lot better when it is initialized using the --prefix option.

Frankly, I can't see any reason why you would ever want to use git-svn without --prefix. It even added some major simplifications to my old git-svn mirror setup.

Update: Some of the advantages of this solution will disappear in newer versions of Git.

For example, make a standard-layout svn clone:

$ git svn clone -s https://svn.company.com/repos/project-foo/

You'll get this .git/config:

[svn-remote "svn"]
        url = https://svn.company.com/repos/
        fetch = project-foo/trunk:refs/remotes/trunk
        branches = project-foo/branches/*:refs/remotes/*
        tags = project-foo/tags/*:refs/remotes/tags/*

And the remote branches looks like this (git branch -a):
    remotes/trunk
    remotes/feat-bar

(Compared to regular remote branches, they look very odd because there is no remote name i…