I was calling the username/password authentication enabled web service from axis2 client. To pass the username and password to request header I was looking for solution and found many ways to pass username and password to header like rampart, OMElement using java code:
Below is some code snippet that shows how to pass username and password to service call:
Read the rest of this entry »
A few days ago I was proposed to develop a POC for JAAS Authentication for Web-Application with jobs. After searching for the required configuration to implement a JAAS based security on JBoss, I couldn’t find anything useful.
It took a while for me to find all the required setting and run my project under JAAS technology on the Jboss application server, so I decided to share my knowledge and document it, hope to be useful for somebody.
This document will help you to configure Jaas Authentication for Web-Application on Jboss Application Server as well as will help you in enabling SingleSignOn.
Below are the steps to configure jaas Authentication for Web-application on jboss:
Step-1: Define a new application policy in login-config.xml (C:\Software\jboss-4.2.3.GA\server\default\conf\login-config.xml)
To define an application policy, you need to modify login-config.xml to add the application policy: Below is the example policy.
<application-policy name = “web-console”>
<authentication>
<login-module code=”org.jboss.security.auth.spi.UsersRolesLoginModule”
flag = “required”>
<module-option name=”usersProperties”>props/web-console-users.properties</module-option>
<module-option name=”rolesProperties”>props/web-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
In this article I am going explain SSO and how to setup SSO in JBoss.
Single Sign On (SSO) is a specialized form of user authentication that enables a user to be authenticated once, and gain access to resources on multiple systems/web applications during that session.
The JBoss SSO framework is combination of three components:
1. Federation Server
2. Token Marshalling Framework
3. Identity Connector Framework
Following are the steps to setup JBoss SSO:
Step-1: Installation
Download JBoss from here : Download
Unzip/Untar the distribution on your machine e.g.: C:/jboss
Download JBoss Federated SSO from here : Download
Unzip/Untar the distribution on your machine egg C:/Jboss Federated SSO
Copy the jboss-sso.sar and jboss-federation-server.ear file from the C:/Jboss Federated SSO /components/jboss_federation_server*/bin directory to the deploy directory of your JBoss Application Server
I have been following cloud computing for quite some time. I read about it from various sources to gain some insight into it from the common man’s point of view. Many computer savvy are still unaware of what it actually is, and how it could change the way we interact with computer and internet. Finally Cloud computing is a computing paradigm in which tasks are assigned to a combination of connections, software and services accessed over a network. The network of servers and connections is collectively known as “the cloud”. Or we can say cloud computer is internet-based computing device.
Many computer pundits predict that it will be the next big thing in the digital revaluation.
Applications in the cloud: this is what almost everyone has already used in the form of gmail, yahoo mail, the rest of google apps, the various search engines, wikipedia, etc
Platforms in the cloud: this is the newest innovation where an application platform is offered to developers in the cloud. Developers write their application and then upload their code into the cloud where the app is run magically somewhere, typically being able to scale up automagically as usage for the app grows. Example: Mosso, Google App Engine, etc
Infrastructure in the cloud: this is the most general offering that Amazon has pioneered and where RightScale offers its management platform. Developers and system administrators obtain general compute, storage, queueing, and other resources and run their applications with the fewest limitations. This is the most powerful type of cloud in that virtually any application and any configuration that is fit for the internet can be mapped to this type of service.
Here i am providing some other useful hints for developers who considering the EC2 service:
1. “Before spending too much time configuring and customizing an AMI, find one that suits your needs from the start so you won’t have to redo any work later on down the road. Check out the list of public AMIs in Amazon’s resource center for something that is more suitable for your needs”
2. “When packaging up your own image using the ‘ec2-bundle-vol’ command, make sure you specify a clean folder using the ‘–d’ flag otherwise bundling the same image twice will result in an error due to the conflicting sets of temporary files.”
3. “When working with your image, note that the main drive/partition (where the system files are) has a very limited capacity (10 GB in our case). So when dealing with large files/directories use ‘/mnt’ as it has over 100 GB.
4. “If a machine is terminated, all your data will be lost except for what was backed up from the last time you ran an ‘ec2-bundle-vol’”
If you have any query/suggestion please feel free to write a comment on this blog.
Thanks,
~Kumar
Well now a day all big organizations/executives have been talking about SAO as a buzzword (For one thing, it’s three word) and SOA enabled Architecture. Here I am sharing my learning and experience from SOA…
SOA (Service Oriented Architecture) is an application development methodology that leverages lightweight, well-designed “Services” (The means by which the needs of a consumer are brought together with capabilities of a provider). In other words: SOA is a style of building distributed systems that enables business integration using services as building blocks or It is a thought process and methodology of decoupling IT assets – Software and hardware – from business processes. We can say SOA is a business-driven IT architectural approach that supports agile, innovation and optimization.
Building blocks of SOA:
· Business level Services
· Infrastructure level services
· Services Management
· Security
· Services Directory
Earlier SOA used DCOM or ORB based on CORBA specifications and recent SOA stresses on web services using standard description (WSDL), discovery (UDDI) and messaging (SOAP). Services oriented architecture may or may not use web services but yes web services provide a simple way towards service oriented architecture.
Service-oriented architecture
Services is a unit of work done by service provider to achieve desired business for a service consumer
Service provider is the individual or organizations who create the service and publish that in service directory (Registry)
Service Directory is a well-known directory of available services. It registers available services and making them easily accessible for multiple reuses.
Now what should be the characteristics of a “Service” and which characteristics that define the “service”? Service should have Syntax, Semantics, QoS and Business Traceability. Below are the lists of characteristics of a “Service”:
· Well defined interface
· Modular
· Stateless
· Connectionless
· Coarse grained
· Location transparent
Here is the list of design principles that drive SOA:
1. Modularity
2. Encapsulation
3. Loose coupling
4. Separation of Concerns
5. Compos ability
6. Single Implementation
Loose coupling is a type of coupling that describes how multiple computer systems, even those using incompatible technologies, can be joined together for transactions, regardless of hardware, software and other functional components. Or By decoupling from platform, protocol, location and language using interface based assembly.
SOA resolves four important dependencies that are:
· Platform Dependence
· Location Dependence
· Implementation Dependence
· Information Format Dependence
Benefits of SOA:
Service-oriented architectures offer the promise of business agility and resilience through reuse, loose coupling, flexibility, interoperability, integration and governance. These are realized by separating service description from their implementations, and using this descriptive metadata across the service life cycle.
· Increased business responsibilities and agility
· Ability to transcend organizational boundaries
· Reduces product development cycle times
· Exposes commodities in business processes
SOA Governance: Governance is the overarching accountability framework that supports an organization’s strategies and objectives by encouraging desired behaviors that add value and which provides control mechanism to ensure compliance.
”Governance is about tracking all the rules and monitoring events around them to ensure that service-oriented architecture works the way it’s supposed to” says Daryl Plummer, a Gartner managing VP.
We should address following technical issues while designing SOA:
1. Interoperability
2. Loose Coupling
3. Location transparency
4. Modular issues
5. Reuse focus
6. Integration issues
7. Granularity
8. Application assembly to model business process
9. Intra company solutions using existing components
10. External integration solutions using web-services
Service Modeling Techniques:
· Top down approach
· Bottoms up approach
· Middle-out approach
I will keep writing about SOA and other learning and experience. You can write you valuable comment over it.
Thanks,
~Kumar
AOP is all about adding aspects to your code. So what are aspects? The code that we apply on Cross Cutting Concerns. Then what is Cross Cutting Concerns? Aspect, Jointpoint, Pointcut, Cross Cutting Concerns, Advice etc are the frequently used word in AOP world. AOP decomposes a system into concerns, instead of objects.
Aspect: It’s like a general feature you want to apply globally to your application like logging, exception handling, transaction management, performance management etc. It is also called Cross Cutting Concerns.
Advice: It is a piece of code/logic for implementing your advice.
Joinpoint: A single location in the program where an advice is applied like method invocation, constructor invocation etc.
Pointcut: A pointcut is set of Joinpoint where an advice is applied. In Spring set of method invocation is called Pointcut. There are different types of pointcut in spring like Regular Expression Pointcut, Attribute Driven Pointcut, and Dynamic Pointcut etc
Targets/Target Objects: The objects you want to apply an aspect or set of aspects.
As per me advice is very similar to Decorator. You can implement an advice by implementing org.aopalliance.intercept.MethodIntercept interface of spring. The MethodInterceptor interface is actually a child of the org.aopalliance.intercept.Interceptor interface, which is a child of another interface org.aopalliance.aop.Advice. In spring we generally use method interceptor. That is designed for method-invocation style advice. The MethodIntercept is really simple
public interface MethodInterceptor extends Interceptor {
Object invoke(MethodInvocation invocation) throws Throwable;
}
Basically, when you write an advice for intercepting a method, you have to implement one method - the invoke method, and you are given a MethodInvocation object to work with. The MethodInvocation object tells us a bunch of stuff about the method that we’re intercepting, and also gives a hook to tell the method to go ahead and run.
public class LoginInterceptor implements MethodInterceptor {
public Object invoke(MethodInvocation methodInvocation) throws Throwable {
Log logger = LogFactory.getLog(methodInvocation.getClass());
long startTime = System.currentTimeMillis();
try {
Object[] args = methodInvocation.getArguments();
if (logger.isDebugEnabled()) {
logger.debug(”Beginning method: ” +
methodInvocation.getMethod().getDeclaringClass() + “::” +
methodInvocation.getMethod().getName());
if (null != args) {
logger.debug(” with arguments: ” + args.toString());
} else {
logger.debug(” with no arguments”);
}
logger.debug(System.getProperty(”line.separator”));
} else if (logger.isInfoEnabled()) {
logger.info(”Beginning method: ” + methodInvocation.getMethod().getDeclaringClass()
+ “::” + methodInvocation.getMethod().getName());
logger.info(System.getProperty(”line.separator”));
}
Object retVal = methodInvocation.proceed();
return retVal;
} finally {
if (logger.isInfoEnabled()) {
logger.info(”Ending method: ” + methodInvocation.getMethod().getDeclaringClass() + “::” +
methodInvocation.getMethod().getName());
logger.info(”Method invocation time: ” + (System.currentTimeMillis() - startTime) + ”
msecs.”);
logger.info(System.getProperty(”line.separator”));
}
}
}
}
XML configuration for above interceptor is given below:
<bean id=”studentServiceTarget” class=”com.example.StudentServiceImpl”/>
<bean id=”myLogger” class=”com.example.LoginInterceptor”/>
<bean id=”studentService”
class=”org.springframework.aop.framework.ProxyFactoryBean”>
<property name=”proxyInterfaces”><value>com.example.StudentService</value></property>
<property name=”target”><ref local=”studentServiceTarget”/></property>
<property name=”interceptorNames”>
<list>
<value>myAdvisorLogger</value>
</list>
</property>
</bean>
Spring has multiple alternatives to the basic MethodInterceptor , however, (which is referred to in the Spring documentation as an ‘around’ advice) so that if you want to do more specific things, you can with less complication - these extensions come in the form of Spring-specific extensions to the Advice interface (siblings to the MethodInterceptor interface), and they include:
· org.springframework.aop.MethodBeforeAdvice - Implementations of this interface have to implement this before method:
void before(Method method, Object[] args, Object target) throws Throwable;
· org.springframework.aop.AfterReturningAdvice - This interface’s method will be called on the return from the invocation of a method. Implementation of this interface have to implement this afterReturning method:
void afterReturning(Object returnValue, Method method, Object[] args, Object target) throws Throwable;
· org.springframework.aop.ThrowsAdvice – Implementation of this interface havt to implement this afterThrowing method:
void afterThrowing([Method], [args], [target], [some type of throwable] subclass)
Below are hierarchy of Advice class:
In above article I have given only basic information about AOP.
Reference Material:
· http://static.springframework.org/spring/docs/1.2.x/reference/aop.html.
· Spring in Action by Craig Walls, Ryan Breidenbach: this is the best book I have read on Spring (and yes I read this entire book).
The basic concept of the Inversion of Control pattern (dependency injection) is that programmers don’t need to create your objects but describe how they should be created. Don’t directly connect components and services together in code but describe which services are needed by which components in a configuration file. A container (in the case of the Spring framework, the IOC container) is responsible for all this. In a IOC scenario, the container creates all the objects, connects them together by setting the necessary properties, and determines when methods will be invoked. The implementation pattern types for IOC used by SpringFramework are as follows:
Ø Dependencies can be assigned through JavaBeans properties (setter methods).
Ø Dependencies are provided as constructor parameters and are not exposed as JavaBeans Setter propertiSes.
Spring IOC Container
Big advantages I have seen with inversion of control, that we don’t directly connect with services but we configure that. Now this is really gaining momentum as of late, is the adoption of the Spring Framework as an alternative to Java EE. I think that this started because J2EE was so complicated and heavy-weighted that companies sought new and innovative solutions. Spring provides the ability to access data objects as Plain Old Java Objects (POJOs) and includes support for database connection pools, transaction management, and so forth. This means that you can effectively build a scalable enterprise application without Java EE. And as Java EE evolved into its more manageable form, many developers continued to appreciate all that Spring provided them and had no desire to switch back.
As an enterprise developer you should be familiar with the concept of Inversion of Control (IoC) and Dependency Injection, and Spring specifically. Whether you decide to embrace Java EE and EJB 3.0 or develop your applications with Spring, you should at least understand the theory.
Book Recommendations:
· Spring in Action by Craig Walls, Ryan Breidenbach: this is the best book I have read on Spring (and yes I read this entire book).
What a feeling damn excited about finally getting down to pen my first blog……Doesn’t take much to excite this enthu cutlet, I guess : )
Was wondering why a simple thing like starting off a blog could get me so pumped up and a little bit of soul searching…..It’s been planned long time back… but due to time constraint and work enthu didn’t… one day my friend Nishat Saini told why don’t you start bogging…and same day I started…rolling the ball (blog articles) to share the experience that I had with various open source products/technologies, architecture, and design. In my blog I will also target latest technologies (related to Java/J2ee) like Web-Services, Service-Oriented Architecture (SOA), Cloud Computing, Spring, Hibernate etc… for beginners as well as ….
As when I run into problems I refer to my companion GOOGLE which seems to friend for almost every IT guy. There are countless blogs out there for any particular topic, but which one is the best? Some of them can lead to resolution of problem you have and sometimes it may take weeks to unravel the mystery. So each blog has a unique problem and unique solution and the answer to your problem might be aggregation of these various blogs.
I will try to put sample programs, pictures and diagrams to explain my thoughts about technologies. I always believe, sample programs, pictures and diagrams speak better than words. If any one interested to ask any question, feel free to post a comment on this article and I’ll answer it as soon as I could.
Thanks,
~Kumar
