A SOA Prototype in 15 minutes with Apache Tuscany

Posted In: SOA , Technology , Tools , Trends
By Vishal Sharma

SOA is getting lot of traction from CTO's and CIO's across the globe for its obvious benefits. Not only that there's an attempt to define a maturity model for SOA on the lines of Carnegie-Mellon Software Engineering Institute's CMMI model. So the point I'm making here is that there are lot things happening in this space and the toolsets to achieve this business vision, esp in open source space, are not behind as well. In a recent presentation at Java One Conference, in a presentation using Apache Tuscany 1.2 a small live prototype was developed and deployed in 15 minutes.
I'm posting the excerpt here from the reported presentation via Michael Meehaan's blog

Version 1.2 of Tuscany (which also leverages the Service Data Objects specification) has added distributed SCA domain management, an Eclipse plug-in, Atom binding through Apache Abdera project, improved JMS binding and an OSGi runtime. Delfino used Tuscany for a demo of a fruit store which starts with an online catalog and shopping cart. For those functions he used carrot tags to name the components and declare their implementations, properties and bindings. The transport protocols could be switched just by changing a tag, Delfino chose Atompub and JSON-RPC. He noted that he was running the service a Java SE environment, saying “It doesn’t have to run in a big app server. … Basically you have an Ajax app designed as a set of SCA components.” He added the whole process takes about 15 minutes.

Then he showed how to add a new component class (vegetables in this case) and a database, the latter of which involved another Atompub feed. After that he added a third-party supplier to the service by inserting a single SOAP binding line. “You can point to a WSDL if you want or specify policies,” he said.

Finally he showed off some widget functionality Tuscany has added to the SCA process, allowing the service to communicate with HTML.

Antipatterns in Software Architecture

Posted In: Architecture , Enterprise , IT , Software , Solutions
By Vishal Sharma

This is a repost from my technology trends blog here

I have been putting together solutions in IT enterprise space for quite a while now. Some of the frameworks used over the years, for example are

While TOGAF is a really a promising and an Agile way of doing things, I need to get more handle on this though.
One of the things, which amazes me while designing a solution or replying to an RFP, is heavy use of architectural and deign patterns. Using Patterns is not bad, but over the years i have found sometimes a simple solution become quit complex and bloated. I have burned my fingers in the past with this and have stared using some antipatterns approach as well. For those who are interested, I'm linking some of the architectural antipatterns here, I do refer them from time to time for my solutions.

What do you guys do, any thoughts?

Up?

Basic Network Computer Security Interview Questions

Posted In: Interview , Networking , Questions , Security , Web
By Vishal Sharma

Continuing our interview question and answer series, today's questions are based on network security.

Q1 What is "private key"/"symmetric"/"secret key" cryptography?
A1. A private key cryptography algorithm uses the same key for encryption and decryption. Since the key is the only data required to decrypt the ciphertext, it must be kept private/secret.
Encryption; creating cipher text from plain text with a specific encryption algorithm and an encryption key
Decryption; recovering plain text from cipher text using a specific encryption algorithm and a decryption key

Q2 What is "public key"/"asymmetric" cryptography?
A2. A public key cryptography algorithm uses two different (but related) keys for encryption and decryption. The key used for decryption is kept secret (Private) whereas the encryption key can be distributed openly (Public). Thus, anyone in possession of the public encryption key may encrypt and send a message to the holder of the private decryption key. However,
only the holder of the private decryption key may decipher the message. Both keys must be created and used in conjunction, and are often referred to as a key pair.

Q3 What is hybrid cryptography?
A3. A Combination of public and private key cryptography, where the exchange of an encrypted session key is done using public key cryptography. The following encrypted session is then pursued with private/symmetric key cryptography. The main reason is that private key cryptography is generally much quicker than public key cryptography.

Q4 What is a Message Digest?
A4. A Message Digest is a digitally created hash (fingerprint) created from a plain text block. All the information of the message is used to construct the Message Digest hash, but the message cannot be recovered from the hash. For this reason, Message Digests are also known as one way hash functions.
The size of a Message Digest is always the same, independent of the size or content of the message from which it was created. Generally, the size of a Message Digest is fairly short ( 1024 bits). The ideal Message Digest algorithm would possibly alter 50% of the bits in the resulting hash if one bit was altered in the plain text message.

Q5 What is a Digital Signature?
A5. Digital Signatures are used to ensure the identity of a sender. In conjunction with Message Digests, Digital Signatures prevents someone from altering a message and falsely claiming you wrote the altered message. Digital Signatures are a byproduct of public key cryptography, as demonstrated below. (Believe me, it is simpler to describe the concept of a Digital Signature by taking an example)

Q6 What is SSL?
A6. SSL stands for Secure Socket Layer. It is a protocol developed by Netscape for encrypting information sent between processes over TCP/IP sockets. It sits between application software and the TCP/IP sockets. You'll find it frequently used between web browsers and web servers using the https URL prefix, providing encryption, integrity, authentication, and non-repudiation.

Q7. How can I support HTTPS (SSL) in a servlet?
A7. The servlet technology by design already supports https (SSL). However, the way this works is not through the servlet technology but through the Web Server. The web server controls whether information is done securely (https) versus non-securely (http).
One way to force servlets to go down the https path is to define your web server to only allow secure connections when accessing servlets. In IIS this can be accomplished through the definition if ISAPI filters. The ISAPI filter can instruct the web server to route all requests that end with a pre-defined prefix to the servlet engine. The trick is to then define files, with the predefined extension, in the web servers directory. For example, if the servlet's name is MyServlet a file with the name MyServlet.xxx would be placed on the web server. All calls to this file would be routed to the servlet engine. And IIS would be used to force all calls to the MyServlet.xxx file to go through https. The JRun servlet engine has examples of how to do this documented on their web page.

Other useful tips

Up?

Top 5 Technology Tips of 2007

Posted In: 2007 , Posts , Tips , Top
By Vishal Sharma

It's time for top 5 enterprise tech tips of the year. I have published top 5 posts of 2007 on my main blog. I was hoping to get few guest writers to write here, but only few have come forward as all of them seem to have a blog. Anyway I will continue keep adding the enterprise tips and solutions here as I come across something worth mentioning. If anyone is interested in exploring how to join here details can be found here. Now let's look at the top 5 enterprise tech tips of the year on this blog

Other top posts which nearly missed out are :