Tuesday Apr 17, 2012

Programmatically Provisioning Users via Oracle Identity Manager's Java API

Ultimate control over your identities

Oracle Identity Manager (OIM) 11gR1 provides complete life-cycle management of user identities. Identity life-cycle management includes the creation, modification and termination of user access to provisioned resources. Organizations have specific requirements for how they need to manage both internal users and external users (citizens, customers, students, etc.). A provisioning solution needs to be flexible so that it can integrate into the various parts of an organization. OIM 11gR1 provides a range of options for how it can be customized. One of the most powerful and flexible ways of extending a solution is through the use of a Application Programming Interface (API). OIM 11gR1 provides a Java API which can be used to interface with multiple aspects of identity life-cycle management.

The examples covered, in these procedures, only demonstrate a select set of capabilities (basic User management) from a larger collection of interfaces and methods provided by the OIM 11gR1 Client Java API.  Organizations have used these OIM 11gR1 Java APIs for unique integration with their processes, and to support specialized user interface requirements.

User Management

The OIM 11gR1 Java APIs support searching, creating, reading, updating and deleting of Users. This procedure will cover how to use the OIM 11gR1 Java APIs to perform these operations.

Reference

Getting Started

OIM 11gR1 leverages a new Java API. The previous API (Thor) is still available. But, it is recommended that new projects use the OIM 11gR1 Client API.

Create a directory for downloading the required OIM files and sample source files. This procedure will use a directory/folder called examples.

Required server files

You will need to obtain the following files from the OIM 11gR1 server:

oimclient.zip
  • The OIM 11gR1 Java API classes are packaged as a jar file called oimclient.jar. This jar file is packaged within the oimclient.zip file. The oimclient.zip file is located in the OIM_ORACLE_HOME/server/client folder, on the OIM 11gR1 server.
  • Copy oimclient.zip from the OIM 11gR1 server:
    scp user@oimserver:/OIM_ORACLE_HOME/server/client/oimclient.zip .
  • Expand the oimclient.zip file:
    unzip oimclient.zip
  • The oimclient.zip file contains the following items:

    README text file containing information on using the bundled sample program
    oimclient.jar JAR file containing the OIM 11gR1 classes
    conf Sub-folder containing auth files
    lib Sub-folder containing jar files required by the OIM 11gR1 API
    sample Sub-folder containing bundled sample source code (not used)
wlfullclient.jar
  • Access the Weblogic Server system
    ssh user@wlserver
  • Change directories to the server/lib directory.
    cd WL_HOME/server/lib
  • Use the following command to create the wlfullclient.jar file in the server/lib directory:
    java -jar wljarbuilder.jar
  • Copy the wlfullclient.jar file.

Get the samples

This procedure will use a collection of samples that can be downloaded from a svn (subversion) repository, associated with Project OpenPTK. The following command will download the sample source code into a directory structure named oim:

svn export https://svn.java.net/svn/openptk~svn/branches/Oracle/OIM11gR1/examples/java/OIMClient/src/oim oim --username guest

Note: If you do not have svn (or a similar client subversion tool) you can get a "snap shot" of the source files as a downloadable zip file.

When the required jar files and the example code have been downloaded, the folder/directory structure should look like the following diagram.

folder structure

Review the samples

The sample source code leverages a Java packaging name-space starting with oim.client. At this level, you will find the following items:

Client.java Abstract class that contains OIM 11gR1 Server connection information. This class is used by all of the sample programs.
You will need to edit this file and change the OIM 11gR1 Server connection information.
organization Sub-folder for the package oim.client.organization which contains sample Java code that leverages some of the organization related capabilities of the OIM 11gR1 Client API. This folder and its samples are not used as part of this procedure.
request Sub-folder for the package oim.client.request which contains sample Java code that leverages some of the request related capabilities of the OIM 11gR1 Client API. This folder and its samples are not used as part of this procedure.
role Sub-folder for the package oim.client.role which contains sample Java code that leverages some of the role related capabilities of the OIM 11gR1 Client API. This folder and its samples are not used as part of this procedure.
user Sub-folder for the package oim.client.user which contains sample Java code that leverages some of the user related capabilities of the OIM 11gR1 Client API. We will be using some of these files to demonstrate basic operations related to a user:

ClientUser.java Abstract class, extends Client. It provides "User" specific capabilities.
UserChangePassword.java Not used as part of this procedure
UserCreate.java Demonstrates the creating of a user. Extends ClientUser
UserDelete.java Demonstrates the deleting of a user. Extends ClientUser
UserRead.java Demonstrates the reading of a user. Extends ClientUser
UserRegister.java Not used as part of this procedure
UserSearch.java Demonstrates the searching of users. Extends ClientUser
UserUnauthChallenge.java Not used as part of this procedure
UserUnauthSelfService.java Not used as part of this procedure
UserUpdate.java Demonstrates the updating of a user. Extends ClientUser

Class structure

The following diagram illustrates the class structure used by the samples. This procedure will cover many of the classes in the user package.

class structure

Source code

Client.java

This is an abstract class. It provides common methods that are used by all of the sub-categories; organization, request, role and user. For this procedure, we will focus on the user sub-category. This class establishes the connection to the OIM 11gR1 Server. It performs the following tasks:

  1. Creates a HashTable containing connection data
  2. Creates a OIMClient object using the HashTable
  3. Executes the OIMClinet.login(...) method to login as the proxy (admin) user

You will need to edit this file and set the OIM 11gR1 Server connection information. The URL, Admin UserId, and Admin Password will need to be set.

   private static final String OIM_URL = "t3://localhost:14000"; // OIM 11g deployment
   ...
   protected static final String OIM_USERNAME = "xelsysadm";
   protected static final String OIM_PASSWORD = "Passw0rd"; // "Passw0rd"
OIM_URL t3://hostname:port The url for connecting to the OIM 11gR1 server
OIM_USERNAME xelsysadm The login id of a user that has admin privileges to manage user accounts
OIM_PASSWORD password The password for the admin user

Note: The above example "hard codes" the proxy user's id and password.  The "hard coding" of these values is NOT recommended and is NOT secure.  The source code and techniques covered in these procedures are for demonstration purposes only and should NOT be used in a production environment.  The proxy user id and password should be accessible to the program at runtime and securely controlled.

ClientUser.java

This is an abstract class that extends Client and provides methods that can be used by sub-classes which need to leverage the User APIs. For example, The User APIs need the UserManager class to execute operations. This class performs the following tasks:

  1. Gets a UserManager object via the OIMClient.getService(UserManager.class) method.
  2. Gets a UnauthenticatedSelfService object via the OIMClient.getService(UnauthenticatedSelfService.class) method.(not used in this procedure)

UserCreate.java

This class extends ClientUser and demonstrates how a user can be "directly" created in the OIM 11gR1 user repository. Note: OIM 11gR1 also provides a "registration" facility for creating users. This procedure does not cover the registration mechanism (topic for another blog). This class performs the following tasks:

  1. Gets the UserManager
  2. Creates a HashMap, to hold attributes
  3. Adds attributes (name/value) to the HashMap
  4. Creates a User object using an accountId and adds the HashMap of attributes.
  5. Calls the UserManager create() method to create the new user.
  6. A UserManagerResult object is returned. It is evaluated.

NOTICE: If you plan on running this sample, you may need to update some of the variables. Check the following variables and make sure the values will work in your environment:
      String accountId = "jhomer";
      String first = "John";
      String last = "Homer";

UserSearch.java

This class extends ClientUser and demonstrates how to search for users in the OIM 11gR1 user repository. This class performs the following tasks:

  1. Gets the UserManager
  2. Creates a "simple" SearchCriteria object using an attribute name, attribute value and a SearchCriteria.Operator.
  3. Creates a HashSet of attribute names (what attributes to return in the search results).
  4. Creates a HashMap for search parameters. Parameters can include how to sort the search results and how many (rows) to return. This example uses a NULL HashMap which means that default parameters will be used.
  5. Calls the UserManager search() method. The method uses the Search Criteria, Attribute Names, and Parameters to perform the search.
  6. A List of User objects is return.
    For each user, its Attributes name and value are obtained. The user data is displayed.

NOTICE: If you plan on running this sample, you may need to update the source file. Uncomment and/or update one of the SearchCriteria items:
      criteria = new SearchCriteria("First Name", "John", SearchCriteria.Operator.EQUAL);
//      criteria = new SearchCriteria("Email", "John.Wayne@openptk.org", SearchCriteria.Operator.EQUAL);
//      criteria = new SearchCriteria("First Name", "scott", SearchCriteria.Operator.EQUAL);
//      criteria = new SearchCriteria("User Login", "*", SearchCriteria.Operator.EQUAL);
//      criteria = new SearchCriteria("usr_key", "*", SearchCriteria.Operator.EQUAL);

UserUpdate.java

This class extends ClientUser and demonstrates how to update a user in the OIM 11gR1 user repository. This class performs the following tasks:

  1. Gets the UserManager
  2. Creates a HashMap, to hold attributes (that will be updated)
  3. The attributes to be modified (name and value), are added to the HashMap
  4. Creates a User object using an accountId and adds the HashMap of attributes.
  5. Calls the UserManager modify() method to update the existing user.
  6. A UserManagerResult object is returned. It is evaluated.

NOTICE: If you plan on running this sample, you may need to update the "login id" to match the "login id" that was used to create the user. Check the following lines of code and make sure the values will work in your environment:
      user = new User("jhomer", mapAttrs);
      result = umgr.modify("User Login", "jhomer", user);

UserRead.java

This class extends ClientUser and demonstrates how to read a user in the OIM 11gR1 user repository. This class performs the following tasks:

  1. Gets the UserManager
  2. Creates a HashMap, to hold attributes (which ones to return)
  3. The attributes to be returned (name and value), are added to the HashMap
  4. Creates a User object using an accountId and adds the HashMap of attributes. In this example, the HashMap is null, all of the available/allowed attributes will be returned.
  5. Calls the UserManager getDetails() method to read the existing user.
  6. A User object is returned.
  7. The attributes can be obtained by calling the "getter" methods or by obtaining a HashMap of the attributes and iterating through it. Both techniques are used.

NOTICE: If you plan on running this sample, you may need to update the "login id" to match the "login id" that was used to create the user. Check the following lines of code and make sure the values will work in your environment:
      user = umgr.getDetails("jhomer", attrNames, true);

UserDelete.java

This class extends ClientUser and demonstrates how to delete a user in the OIM 11gR1 user repository. This class performs the following tasks:

  1. Gets the UserManager
  2. Calls the UserManager delete() method to delete the existing user.
  3. A UserManagerResult object is returned. It is evaluated.

NOTICE: If you plan on running this sample, you may need to update the "login id" to match the "login id" that was used to create the user. Check the following lines of code and make sure the values will work in your environment:
      result = umgr.delete("User Login", "jhomer");

Compile samples

Compile the Java code from the directory where the jar files and source files where downloaded. Set the CLASSPATH and run javac

export CLASSPATH=.:oimclient.jar:wlfullclient.jar
javac oim/client/*/*

Run samples

Create

A new user will be created with the login id of "jhomer".

java oim/client/user/UserCreate

LOG: __BEGIN__
LOG: UserManager ready
LOG: User object created: 'jhomer'
LOG: Creation status: 'COMPLETED'
LOG: __END__

Search

The new user is in the search output, lastname="John".

java oim/client/user/UserSearch

LOG: __BEGIN__
LOG: UserManager ready
LOG: search results, quantity=8
LOG: EntityId: 214, Id: 214, Attributes: Email='John.Homer@oracle.com', usr_key='214', User Login='JHOMER', Last Name='Homer', First Name='John', 
LOG: EntityId: 8, Id: 8, Attributes: Email='John.Smith@oracle.com', usr_key='8', User Login='JSMITH1', Last Name='Smith', First Name='John', 
LOG: EntityId: 27, Id: 27, Attributes: Email='John.Wayne@openptk.org', usr_key='27', User Login='JWAYNE', Last Name='Wayne', First Name='John', 
LOG: EntityId: 12, Id: 12, Attributes: Email='john.thompson@email.com', usr_key='12', User Login='JTHOMPSON', Last Name='Thompson', First Name='John', 
LOG: EntityId: 83, Id: 83, Attributes: Email='John.Simpson@openptk.org', usr_key='83', User Login='JSIMPSON', Last Name='Simpson', First Name='John', 
LOG: EntityId: 10, Id: 10, Attributes: Email='John.Smith3@oracle.com', usr_key='10', User Login='JSMITH3', Last Name='Smith', First Name='John', 
LOG: EntityId: 14, Id: 14, Attributes: Email='John.Hope@openptk.org', usr_key='14', User Login='JHOPE', Last Name='Hope', First Name='John', 
LOG: EntityId: 17, Id: 17, Attributes: Email='test@test.com', usr_key='17', User Login='JHENRY2', Last Name='Henry', First Name='John', 
LOG: __END__

Read

The new user, "jhomer" has the following details.

java oim/client/user/UserRead

LOG: __BEGIN__
LOG: UserManager ready
LOG: Got user detail
LOG: 
Id                            : 214
Entity Id                     : 214
Login                         : JHOMER
First Name                    : John
Middle Name                   : (null)
Last Name                     : Homer
Common Name                   : JHOMER
Display Name                  : John Homer
Employee Number               : (null)
Employee Type                 : Full-Time
Email                         : John.Homer@oracle.com
User Type                     : End-User
Country                       : (null)
Description                   : (null)
Status                        : Active
Generation Qualifier          : (null)
Account Status                : 0
Manager Key                   : (null)
Manually Locked               : (null)
User Disabled                 : 0
Policy Update Enabled         : (null)
Change Password At Next login : 1
Password Cant Change          : (null)
Password Expired              : (null)
Password Generated            : (null)
Password Must Change          : (null)
Password Never Expires        : (null)
Password Warned               : (null)
Attributes                    : 
FA Territory=
usr_pwd_warn_date='Tue Aug 07 22:23:17 CDT 2012
Employee Number=
usr_locale=
Middle Name=
Manually Locked=
usr_disabled='0
usr_update='Mon Apr 16 22:23:17 CDT 2012
Date Format=
Display Name='{base=John Homer}
Mobile=
usr_timezone=
LDAP Organization=
usr_locked='0
usr_pwd_reset_attempts_ctr='0
Currency=
End Date=
Pager=
usr_deprovisioned_date=
Time Format=
usr_created=
usr_deprovisioning_date=
Color Contrast=
PO Box=
usr_create='Mon Apr 16 22:23:17 CDT 2012
LDAP GUID=
Full Name='{base=null}
Accessibility Mode=
Country=
Xellerate Type='End-User
usr_change_pwd_at_next_logon='1
usr_pwd_expire_date='Tue Aug 14 22:23:17 CDT 2012
usr_pwd_cant_change=
Email='John.Homer@oracle.com
usr_provisioned_date='Mon Apr 16 22:23:16 CDT 2012
usr_data_level=
Common Name='JHOMER
Automatically Delete On=
Locked On=
Start Date=
Last Name='Homer
usr_login_attempts_ctr='0
First Name='John
Locality Name=
usr_manager_key=
Number Format=
usr_policy_update=
Street=
Embedded Help=
usr_pwd_expired=
Department Number=
Hire Date=
usr_createby='1
usr_pwd_warned=
Telephone Number=
Home Postal Address=
Font Size=
usr_updateby='1
Description=
Home Phone=
LDAP Organization Unit=
usr_pwd_min_age_date=
Assurance Level='1
Fax=
Postal Code=
act_key='1
usr_key='214
User Login='JHOMER
Title=
Status='Active
Generation Qualifier=
State=
Postal Address=
Initials=
usr_pwd_never_expires=
usr_pwd_must_change=
LDAP DN=
Role='Full-Time
FA Language=
Password Generated=
usr_provisioning_date=

LOG: __END__

Update

The new user, "jhomer" will be updated. You can see the modified email address in the Search output and the updated title in the Read output.

java oim/client/user/UserUpdate

LOG: __BEGIN__
LOG: UserManager ready
LOG: User object created
LOG: Modification status: 'COMPLETED'
LOG: __END__
java oim/client/user/UserSearch

LOG: __BEGIN__
LOG: UserManager ready
LOG: search results, quantity=8
LOG: EntityId: 214, Id: 214, Attributes: Email='jhomer@oracle.com', usr_key='214', User Login='JHOMER', Last Name='Homer', First Name='John', 
LOG: EntityId: 8, Id: 8, Attributes: Email='John.Smith@oracle.com', usr_key='8', User Login='JSMITH1', Last Name='Smith', First Name='John', 
LOG: EntityId: 27, Id: 27, Attributes: Email='John.Wayne@openptk.org', usr_key='27', User Login='JWAYNE', Last Name='Wayne', First Name='John', 
LOG: EntityId: 12, Id: 12, Attributes: Email='john.thompson@email.com', usr_key='12', User Login='JTHOMPSON', Last Name='Thompson', First Name='John', 
LOG: EntityId: 83, Id: 83, Attributes: Email='John.Simpson@openptk.org', usr_key='83', User Login='JSIMPSON', Last Name='Simpson', First Name='John', 
LOG: EntityId: 10, Id: 10, Attributes: Email='John.Smith3@oracle.com', usr_key='10', User Login='JSMITH3', Last Name='Smith', First Name='John', 
LOG: EntityId: 14, Id: 14, Attributes: Email='John.Hope@openptk.org', usr_key='14', User Login='JHOPE', Last Name='Hope', First Name='John', 
LOG: EntityId: 17, Id: 17, Attributes: Email='test@test.com', usr_key='17', User Login='JHENRY2', Last Name='Henry', First Name='John', 
LOG: __END__


java oim/client/user/UserRead

LOG: __BEGIN__
LOG: UserManager ready
LOG: Got user detail
LOG: 
Id                            : 214
Entity Id                     : 214
Login                         : JHOMER
First Name                    : John
Middle Name                   : (null)
Last Name                     : Homer
Common Name                   : JHOMER
Display Name                  : John Homer
Employee Number               : (null)
Employee Type                 : Full-Time
Email                         : jhomer@oracle.com
User Type                     : End-User
Country                       : (null)
Description                   : (null)
Status                        : Active
Generation Qualifier          : (null)
Account Status                : 0
Manager Key                   : (null)
Manually Locked               : (null)
User Disabled                 : 0
Policy Update Enabled         : (null)
Change Password At Next login : 1
Password Cant Change          : (null)
Password Expired              : (null)
Password Generated            : (null)
Password Must Change          : (null)
Password Never Expires        : (null)
Password Warned               : (null)
Attributes                    : 
FA Territory=
usr_pwd_warn_date='Tue Aug 07 22:23:17 CDT 2012
Employee Number=
usr_locale=
Middle Name=
Manually Locked=
usr_disabled='0
usr_update='Mon Apr 16 22:24:19 CDT 2012
Date Format=
Display Name='{base=John Homer}
Mobile=
usr_timezone=
LDAP Organization=
usr_locked='0
usr_pwd_reset_attempts_ctr='0
Currency=
End Date=
Pager=
usr_deprovisioned_date=
Time Format=
usr_created=
usr_deprovisioning_date=
Color Contrast=
PO Box=
usr_create='Mon Apr 16 22:23:17 CDT 2012
LDAP GUID=
Full Name='{base=null}
Accessibility Mode=
Country=
Xellerate Type='End-User
usr_change_pwd_at_next_logon='1
usr_pwd_expire_date='Tue Aug 14 22:23:17 CDT 2012
usr_pwd_cant_change=
Email='jhomer@oracle.com
usr_provisioned_date='Mon Apr 16 22:23:16 CDT 2012
usr_data_level=
Common Name='JHOMER
Automatically Delete On=
Locked On=
Start Date=
Last Name='Homer
usr_login_attempts_ctr='0
First Name='John
Locality Name=
usr_manager_key=
Number Format=
usr_policy_update=
Street=
Embedded Help=
usr_pwd_expired=
Department Number=
Hire Date=
usr_createby='1
usr_pwd_warned=
Telephone Number=
Home Postal Address=
Font Size=
usr_updateby='1
Description=
Home Phone=
LDAP Organization Unit=
usr_pwd_min_age_date=
Assurance Level='1
Fax=
Postal Code=
act_key='1
usr_key='214
User Login='JHOMER
Title='Engineer
Status='Active
Generation Qualifier=
State=
Postal Address=
Initials=
usr_pwd_never_expires=
usr_pwd_must_change=
LDAP DN=
Role='Full-Time
FA Language=
Password Generated=
usr_provisioning_date=

LOG: __END__

Delete

The new user, "jhomer" will be deleted. The search output no longer contains the user.

java oim/client/user/UserDelete

LOG: __BEGIN__
LOG: UserManager ready
LOG: Delete status: 'COMPLETED'
LOG: __END__


java oim/client/user/UserSearch

LOG: __BEGIN__
LOG: UserManager ready
LOG: search results, quantity=7
LOG: EntityId: 8, Id: 8, Attributes: Email='John.Smith@oracle.com', usr_key='8', User Login='JSMITH1', Last Name='Smith', First Name='John', 
LOG: EntityId: 27, Id: 27, Attributes: Email='John.Wayne@openptk.org', usr_key='27', User Login='JWAYNE', Last Name='Wayne', First Name='John', 
LOG: EntityId: 12, Id: 12, Attributes: Email='john.thompson@email.com', usr_key='12', User Login='JTHOMPSON', Last Name='Thompson', First Name='John', 
LOG: EntityId: 83, Id: 83, Attributes: Email='John.Simpson@openptk.org', usr_key='83', User Login='JSIMPSON', Last Name='Simpson', First Name='John', 
LOG: EntityId: 10, Id: 10, Attributes: Email='John.Smith3@oracle.com', usr_key='10', User Login='JSMITH3', Last Name='Smith', First Name='John', 
LOG: EntityId: 14, Id: 14, Attributes: Email='John.Hope@openptk.org', usr_key='14', User Login='JHOPE', Last Name='Hope', First Name='John', 
LOG: EntityId: 17, Id: 17, Attributes: Email='test@test.com', usr_key='17', User Login='JHENRY2', Last Name='Henry', First Name='John', 
LOG: __END__

YouTube Video

Summary

These procedures used a collection of Java sample programs to demonstrate some of the "User" capabilities of the OIM 11gR1 Java API. These samples merely provide an introduction into how Oracle Identity 11gR1 can be extended.

Thursday Jan 05, 2012

CAPTCHA and Identity Manager

Wrote a blog entry on my team's SecureGov site the other day.  It's an overview of how we built a custom registration interface for Oracle Identity Manager (OIM) 11g.  What was unique about this solution is that it integrated the reCAPTCHA service into the registration process.

Monday Jan 05, 2009

Project OpenPTK 2.0.0 development has started

This past weekend, we Checked In the initial development code for Release 2.0.0 of Project OpenPTK. This code is a re-design of the Framework to support new features. The new code is available from the main SVN trunk ...

svn checkout https://openptk.dev.java.net/svn/openptk/trunk/openptk openptk --username guest

The latest stable build of release 1.1.0 is available from the release-1.1 SVN tag ...

svn checkout https://openptk.dev.java.net/svn/openptk/tags/release-1.1/openptk openptk-1.1 --username guest

As we work on this release, we'll update the documentation. The What's New page is updated as the features are completed.

Monday May 12, 2008

CommunityOne JavaOne Summary

I attended JavaOne (and CommunityOne) last week. I was basically "drinking from the fire hose". There were more sessions to attend then what I had time for. The Technical Sessions and Labs are on-line so I have no reason to not review the ones I missed ... except for time. I was focused on a few specific topics:

  • opensolaris
  • NetBeans
  • RESTful web services
  • AJAX enabled user interfaces

opensolaris:

The first opensolaris distribution (2008.05) was relased. The use of LiveCD for installation made things very simple and easy. There's a lots of new features, besides the new installer. The most obvious new features include a new user interface (gnome based), ZFS root filesystem and a new package management system. I downloaded the latest release (1.6) of Sun xVM VirtualBox for my Mac and installed the opensolaris distribution. very cool!

www.opensolaris.com

NetBeans:

Release 6.1 added more support for technologies that I've been researching: ajax frameworks and RESTful web services. I was't going to upgrade from 6.0 until I attended sessions during NetBeans Day (part of CommmunityOne). Check out the new features on the NetBeans site. During lunch I installed 6.1. It installed just fine. I had it use my 6.0 preferences. The only plug-in I had to manually add was "JAX-RPC" for a legacy web service project that I have.

NetBeans has come a long way from when I first used it three years ago. The performance, integration with App Servers (Glassfish), editor features, and collection of plugins has made this an awesome tool. I'm not the only one who must think so ... I've been seeing less-and-less of Eclipse on people's laptops and used within the Vendor booths.

NetBean 6.1 Download

RESTful web services:

One of the features on the roadmap for Project OpenPTK is a RESTful web service. My personal observation is that the RESTful tools are almost there. The spec JSR-311 JAX-RS: The JavaTM API for RESTful Web Services, is in review and Jersey is available for testing. I starting writing RESTful-type Servlets from scratch and it's a lot of work ... I'll let the RESTful tools make this easier.

AJAX enabled user interfaces:

There's lots of choices (maybe too many). I've not made a decision. But, since Java is my first language i'm leaning toward the options that don't require me to learn something new like Ruby, PHP, or JavaScript (I do know a little JavaScript). I liked what I saw from the jMaki client-server framework for building Ajax enabled applications. I also like Project Woodstock which is focused on developing the next generation of User Interface Components for the web, based on Java Server Faces and AJAX.

Other observations:

The most widely used OS by the presenters was MacOS X, second was Solaris/Linux and third was Windows (at least for the sessions I attended). I've noticed that the laptop of choice for JavaOne attendees (most likely developers) is shifting to Apple. I'll estimate that 50% of the people I noticed made Apple MacBook (Pro)'s. Last year that number was about 25%-30% and two years ago it was around 10%-15%.

Notes:

Here are my notes from each day:

Thursday May 08, 2008

JavaOne Day Three

Day three ... here's my notes from todays sessions that I attended, more good stuff.

GWT and jMaki: Expending the GWT Universe

  • Why use jMaki
    • Hide compexity of JS / CSS
    • portable library
    • standarized event / data model: JSON
    • easy integration of 3rd party tech
    • encourage re-usable JS tech
    • integrates with existing applications
  • jMaki widgets: component.htm, component.css, component.js
  • Hello World widget
  • jMaki events: pub /sub mechanism, declarative events, programmtic events
  • jMaki Application Recipe
  • Demo: (sumltron)
  • jMaki-store on java.net has all the demo code
  • What is GWT
    • Framework for building Ajax apps
    • open source (Apache 2.0)
    • targeted at Java Lang users
    • java src is compiled to browsers compliant JS code
  • Why use GWT
    • brower issues
    • integrated client - server debugging
    • tool of your choice
    • no need to learn another language
    • hides complexity of JS
  • GWT model
    • generate skelaton app
    • set layout
    • add container or components
  • Component configuration
  • Adding a widget
  • Demo: NetBeans with GWT plug-in
  • Marry the best of both worlds
  • jMaki Charting for GWT
  • jmaki.org
  • code.google.com/webtoolkit

Advanced Web Application Security

  • Speakers: Jeremiah Grossman, Whitehat Security; Joe Walker, Sitepen
  • Learn how to keep the bad guys out of your website
  • Web Hacking today
    • Past two years, web sites are lot less secure than we thought
    • over 90% of websites have serious security issues
  • The Attackers, being more organized, not just hacking for fun
    • Who is the target: you, company, others
    • Who is the attacker: troublemakers, theives
    • Who is the victim: data, users, partners
  • Cross Site Request Forgery
    • Cross-Domain Rules: browsers job to enforce cookie usage
    • How to abuse a cookie without reading it
    • evil.com sends request to bank.com
    • all you need is iframe src to bad url, or img or script
    • cant use XMLHttpRequest because cross-domain rules not allowed
    • are write-only
    • GET and POST can be forged
    • Reffer checking is not a complete fix
    • Not just cookies that get stolen
  • Demo: CSRF: bladder.sitepen.com
  • How to protect yourself
    • Force users to logout
    • check referrer headers
    • include authen toketn with every request, cookie is not enough
    • security tokens in GET requests are not a great idea
    • POST means forms with hidden fields: OWASP servlet filter www.owasp.org
    • Double-submit cookie pattern (Ajax requests only), read in JS and submit in the body
  • JavaScript hijacking
    • using "script" auto evals the returned script
    • might be able to setup the env to get information from the script
    • JS lets you redefine anything, Object, Getters and Setters, reading data from a script service
    • use JSON properly; wrap data with { ... } anr wrap keys in ''
    • use unpredictable URLs or other authen
    • deny GET requests
  • Cross Site Scripting
    • allow content that could contain scripts from someone untrusted into pages from your domain
    • 3 types:
      1. reflected script embedded in the request is 'relfected' in the response
      2. stored: input is stored and played back in alter page
      3. DOM: script injected into document
    • scenario: let the user enter their name
    • make user input safe
      • need to filter lots of things
      • could put scripts in css files
      • browsers try to understand anything
      • flash, svg, .htc XML
    • web developers get lazy ... browsers make it look good, they get lazier
  • Demo: XSS
  • How to fix XSS
    • filter input by white-listing input characters, "a-z, A-Z",etc
    • filter outputs for display environment
      • well formed HTML
      • validate as HTML and throw away
      • take extra care over attributes
    • use AntiSamy
    • hacking RSS Readers
    • RSS feeds -- aggregator generally change the domain -- browser
    • Hacking RSS and Atom Feed Implementations
    • www.cgisecurity.com/papers/HackingFeeds.pdf
    • restrict input as much as possible, whenever possible
    • ensure output encoding is correct
  • Combination attacks
    • small holes multiple
    • web worms
      • grow faster than email worms
      • XHR/Flash/Quicktime
      • www.whitehatsec.com/downloads/WHXSSThreats.pdf
      • users can attack their 'friends' with scripts
  • Demo: web worm

Using DTrace with Java apps: bridging the observability

  • How to use dtrace in java
  • Introduction to DTrace
    • available in Jan 2005
    • dynamic instrumentation of the whole software system - top to bottom
    • use in production; safe, zero disabled overhead, minimal enabled overhead
    • powerful interpreted language
    • Probes: place of interest in the system where we can make observations
    • Aggregations: patterns are more interesting than individual datum, look for trends
    • jstack() Action: prints mix mode stack trace
    • Demo: dtrace
  • DVM provider
    • java.net project to add DTrace support
    • solaris10-dtrace-vm-agents.dev.java.net
    • download shared libs
    • lots of new probes, alloc, methods, time spent
    • Demo:
  • hotspot provider
    • Dtrace in JDK 6 "out of the box"
    • implements all dvm probes plus extensions
    • JNI method probes: entry/return points
    • certain probes are expensive, some off by default
    • Demo: cokeandcoffee.com space invader game
  • Visualization and project DAVE
    • Dtrace Advanced Visualization Environment
    • uses D script and method probes
  • JSDT
    • Java Env Statically Defined Tracing
    • Java SE 7
    • com.sun.tracing.\*;
    • @ProviderName() @ProbeName()
    • public interace MyProvder implements Provider {}

JSF 2.0: Insight and Opinion

  • Where is JSF today:
    • latest 1.2 maint release 1
    • Glassfish v2
    • Apache MyFaces 1.2.2 / Tomcat 6.0
    • Component Libraries
    • JSF is everywhere
    • Every app server, except Geronimo, use Sun impl
    • What should be in Java EE 6 Web Profile ... JSF 2.0 and Web Beans (the web profile debate)
  • Where are we going:
    • JSF 1.0, 1.1 planted the seed; lots of opinions, tool support limited
    • JSF 1.2, mostly planting, some harvesting; fixed JSP, little easier, more opinions
    • How we listened; mostly harvesting, tool vendors are building on JSF
    • Keep current on web trends; Rails (focus on CRUD), Rich Internet Apps
    • JSF still lives in the "Desktop" space: ServerSide UI Framework
    • Top Five Goals
      • Components easier to deploy
      • Ajax support
      • Page Description Lang
      • Reduce config burden
      • Compat between component libs with vendors
    • Other Goals
      • state mgmt redo
      • bookmark urls (evetything is now a PORT)
      • zero deploy
      • tree traversal
      • scopes
      • better error reporting
  • What are we doing:
    • Easier to develop components: repackage as a single config, support locales, versions.
    • Facelets now core part of JSF
    • Template based Renderers and events from JSFTemplating
    • Should new components be added, maybe a component compat kit
    • Partial Tree Traversal
    • Partial PAge Update
  • Demo

Design Patterns Reconsidered

  • What is a Design Pattern: describe a problem that occurs over and over again. Don't do the same thing twice
  • Gang Of Four, Design Patterns
  • Creation, Structural, Behavioral
  • Patterns Backlash:
    • copy/paste, design by template, cookbook, stops people from thinking
    • Aren't patterns, workaround to lang missing features
    • Overuse; do a pattern just because it's there
  • Practical Patterns: a vocabulary, expose real issues, compare design choices
  • Singleton:
    • there can be only one
    • hard to know what they are really doing
    • hidden coupling
    • testing issues
    • Just one? it's a lie
    • possible memory leak
    • dependancy issues
    • Use interface and implementation
    • Control by configuration not by pattern
  • Template Method:
    • Pluggable Algorithm
    • usually abstracted methods
    • fighting over your inheritance
    • poorly documents intent to framework user
    • hard to maintain and evolve
    • use composition, context classes to expose state
    • Can closures help?
    • prefer composition to inheritance; easier to maintain, understand
  • Proxy
  • Vistor
    • operations over a composite heirarchy
    • tree / node example
    • one generic method which takes a "visitor"
    • define new visitors as needed
    • "The Expresion Problem"
      • add new cases to a data type
      • add new functions over data type
      • don't recompile when adding
      • don't lose static type safety
    • Where does navigation code live:
      • In node: limited to one navigaton strategy
      • In navigation node:
    • Common visitor types
      • Collector
      • Finder
      • Event:
      • Transform: modify the tree
      • Validation: verify structure
    • Problem: need to return a value, option: use Generics
    • Exception handling, store it in the visitor, generics
    • Can closures help
    • Learned: expression problem hard to solve. ngenerics add precision
  • Principles:
    • use interfaces and dependency injection
    • favor compostion over inheritance
    • leverage static typing and generics

Wednesday May 07, 2008

JavaOne Day Two

Here's my notes from another long day at the Moscone Center ... more great sessions

Ten ways to destroy your community

  • How to open source a project or how not to
  • When working on a open source project, you contract a diese ... a community
    • kiss your marketing plan good bye
    • mess up your product plans, unexpected innovation
    • they're never satisfied by any amount of quality ... no satisfying them
    • re-define who's a customer / partner, relationships change
    • you have to communicate all the time, who has time for that
  • Is there a way to address the menace: 10 steps to make it fail:
    1. difficult tools
      • issue trackers
      • weird build tools
      • single platform
    2. poisonous people; trolls, damage they can do
      • argue with them at length
      • denounce them public
      • ban them
      • argue in other forums
      • then allow them back in
    3. no documentation
      • no code
      • build methods
      • submission process
      • release process
      • how to install it
    4. Closed-Door Meetings
      • on-line, short notice
      • telephone meetings
      • meet in person, in secure office
    5. Legalese, legalese, legalese
      • the longer more complex the better
      • contributor, website, non-disclosure, trademark
      • change these docs all the time
    6. Bad liaison
      • someone reclusive
      • someone with no time
      • someone with no authority
      • someone unfamiliar with the technology
      • don't assign one at all
    7. Governance obfuscation
      • follow United Natations model
      • decision / election should be complex and lengthy
      • unclear what powers community have
      • rules nearly impossible to change
    8. Screw around with licenses
      • License == Identity
      • Developers have attachment to licenses (emotional)
      • Changing it or threaten to change it
    9. No outside committers
      • only employees get to be committers
      • if they ask, be evasive about it
      • have no written rules about how someone becomes a committer, or criteria is impossible to fulfill
      • promtoe an employee who doesn't code to be a committer
    10. Be silent: this is the most powerful of all
      • don't do anything
      • this is the easiest one
  • Ten ways to be successful:
    1. familiar tools
    2. discourage poisonous people
    3. document everything
    4. accessible meetings
    5. minize legalese
    6. expert liason
    7. governance simplification
    8. treat licenses with respect
    9. promote outside commtters
    10. communicate

Growing Open Source Developer Communities

  • goal / expectations
    • what are you building
    • different projects attract different contributors
    • product or platform
    • products extend
    • platforms are core
    • great projects do both aspects well, rare
  • code is king
    • starts with code and documentation
    • source code basic unit of open source
    • collaboration
    • first barrier is getting the source
    • make accessible
  • buildability
    • ensure builds for others
    • avoid unfamiliar, complicated tools
    • use open source build tools
    • document dependencies
    • make build work or fail fast
    • first impression, is important
  • tell the world about it
    • announce widely
    • freshmeat, osnews, slashdot, digg, reddit
    • development blogs
    • use blog aggregator / planet
    • use hackergotchis - recognition factor at conferences
    • who's the public face for the project
  • sharing wisdom
    • blogs have shared narratives
    • communities form around stories
    • how you write about yourself is how the world will see you
    • remains searchable forever
    • don't market project by slagging your peers
  • multimedia
    • podcasts let people hear your voice
    • get ideas into the ears
    • developer interviews
    • showcase people behind the code
    • screencasts, see features in actions
    • archive conference presentations
    • associate faces to a project
  • ubiquity
    • available to play with
    • Live CD, VMware images
    • success attracts success
    • present at local conferences
    • talk to press and analysts
  • the first patch is the hardest
    • smaller barrier to entry
    • make code build well
    • learn contributor interests
    • first impression matters a lot
  • converting volunteers into contributors
    • sources: porters, software distros, integrtors
    • work in other env
    • likely to become power users, try to tie them into the project
    • development is based on social trust networks
    • trust is earned through ood contribution
    • delegate early and often
    • encourgage good contributions
    • grow the developer pool
  • a bit of communication theory
    • two-step flow theory
    • info moves in two stages
    • mass media transmits
    • leaders pick it up, break it down, recombine it and disseminate it further
    • word-of-mouth
    • trust
  • the distribution model
    • linux distro aggregates open source
  • packaging
    • power users and marketers
  • tearing down the fourth wall
    • need infrastructure for collaboration
    • remove the committer access barrier to entry
    • mailing lists ( developers, users, announce)
    • IRC
    • bugtracker
    • setting priorities right
    • review tools
    • share results with everyone
  • ambient findability
    • serarhc engines drive a lot
  • social engineering
    • people are different
    • different strokes for different folks
    • keep out trolls
    • recognize through their posting behavior
    • encourage developers to take over responsibilities
    • volunteers to self-organize
    • developer audience is largely self-selecting
    • responses need to matter, even to the rude
    • avoid belittlement, hosility
  • it's not all code
    • non-programmers may want to help
    • docs, web site, marketng
    • low barrier to contrib
    • real world meetings and conferences
  • Governance
    • first time, join a foundation FSF, ASF, Eclipse, etc.
    • provide framework, legal and admin issues
    • pick an initial model (dictator, cliques, voters)
    • everyone different
    • expect to change over time
  • don't
    • mastermind and control the project
    • they to make everyone happy
  • don't fear the fork
    • experimental (good) and hostile (bad)
    • maybe for marketing
    • trademark assurance of code pedigree
    • best discouragement is a well-run project
  • dealing with legalese
    • don't create own license
    • stick with what developers know
    • prepare to change it
    • copyright assignments lets you change your mind
    • trademarks
    • patents

JRuby on Rails: Web Development Evolved

  • Overview of Ruby features
  • Overview of JRuby
    • Started in 2001
    • Java impl of the Ruby language
    • Opensource
    • Commercail backing, Sun, Thoughtworks
  • Why JRuby over Ruby
    • performance, scalability, native threads
    • integrate with Java libraries
  • Easy to use Java
    • require 'java'
  • Use juby within a Java program
  • Ruby on Rails:
    • web dev framework
    • single threaded, shared-nothing design
    • convention over configuration, common case should be the easiest
    • don't repeat yourself (dry)
    • agile development
  • Demo: create a blog application
  • Why JRuby on Rails
    • Ruby
    • Java app server, Java EE platform
  • Real world
    • mix.oracle.com
    • mediacast.sun.com
    • mingle, first JRoR product
  • Future: Ruby
    • rework integration feature
    • public api
    • better performance
    • light weight objects?
  • JRuby on Rails
    • mutltithreaded rails
    • runtime info sharing, avoid memory hit

Ajax and JSF: Natural Synergy

  • How to support Ajax without javascript guru
  • JSF in action book
  • What is JSF, standard framework for web user interfaces
  • JSF is a specification, component and event model, basic ui components, application infrastructure
  • Extensive tool support, RAD style design
  • third party component market
  • on top of Servlet API
  • Compare JSF and Struts
  • IDE effect; different levels and styles, not required
  • JSF programming model: View, Event, Backing Bean, out come, navigation
  • Pluggable Extension points: Resolver, View, Navigation, Action, State, Render
  • Ajaxian Faces: components and renders can be seperated, PhaseListeners can be modified, transparent Ajax support
    • JavaScript bridge sends request
    • PhaseListener sends changes
    • JavaScript Bridge updates page
    • some components may not be compatible
    • no standard for bridging, resource resolution
  • Sprinkling on Ajax
    • JSF event listener executed async
    • Ajax4jsf (RichFaces), AjaxAnywhere, DynaFaces
    • Ajax4jsf: add ajax support to JSF component with javascript events
    • Demo: apache myfaces tomahawk
  • Ajax inside
    • ECruiser Ajax Suite for JSF
    • ICEfaces, innovative take on ajax browser/server integration, direct-to-DOM, supports Comet
    • Infragistics NetAdvantage for JSF, full ajax support
    • Sun Project Woodstock
    • Apache MyFaces
  • Ajax on the outside:
    • what about those cool pure widgets
    • jMaki, wrqppers popular widgets, easy to create
    • YUI4JSF
    • DojoFaces
    • Mojarra Scales
  • Which one to pick
    • pick a component suite
    • myfaces tomahawk has some ajax support
    • has good JSF support
    • how much ajax do i need
    • use jMaki for eye candy or Web 2.0 components
    • don't forget tool support
  • rolling your own, use toolkits to build components
  • JSF 1.2: improve ajax support
  • JSF 2.0: late 2008, Java EE 6, incorporate more features, bookmarkable

What's new in Ajax

  • not long ago the web was not a fun place
  • now really nice interfaces
  • creating compelling user experiences
  • four main frameworks
    • jQuery, high level components
    • ext JS, thin ajax layer
    • dijit, on top of dojo
    • script.aculo.us , it's all about the interface
  • browser, is a single threaded process
  • access to threads outside the browser, google gears; worker pools (message passing)
  • Fluid, Mozilla Prism, Adobe Air; access to the desktop
  • Fluid: demo with campfire
  • userscripts.org uses greasemonkey, lots of javascript
  • problem wih ajax, need javascript and another language
  • how to create a better developer experience
  • Atana Jaxer - javascript on the server
  • netscape livewire (javascript on the server)
  • deployment
    • the cloud services - amazon EC2
    • Google App Engine - build code, hit the deploy button
    • Aptana Cloud - make cloud computing easy
    • moving your apps to a web service
  • how do we choose
    • dojo / dijit
    • jquery / jQueryUI
    • google widgit toolkit
    • prototype / script.aculo.us
  • The New Java Plug-in, 1.6 update 10
    • plug-in now out-of-process
    • improved applet deployment
    • smaller JDK, micro-kernel
  • Look into the future
    • Safari: css animation, reflections and masks
    • Mozilla monkeys, javascript runtime compiling, javascript two plugin for explorer, iron monkey (python)
    • constrant to browsers

How to build RESTful Clients with the JavaScript, Ruby, and JavaFX Programming Languages

  • RESTful web services
    • services are stateless
    • have unitform interface
    • built from resources via URIs
    • exchange representations of the resources
  • Building the client
    1. create request data
    2. send request
    3. parse the reponse
      • code, header, body
      • formats: xml, json, kml, taml, rss, etc.
  • Debuging RESTful client
    • PUT and DELETE is idempotent
    • non-connected
    • PUT vs POST
    • use POST if URI length issue
    • async issues, use XHR
    • authen
    • caching,
    • overloaing POST
  • Demo: JavaFX with flickr
  • Demo: Javascript with Amazon S3

Monday May 05, 2008

notes from community one

Community One:

Got up early in San Francisco, stopped one of the many Starbucks on the way to Mosconne Center and registered for CommunityOne and JavaOne. Here's my notes from a full day of sessions that I attended.

General Session:

  • Open source is at the core of Sun's business
  • Sun is about open standards, formats, and systems
  • Innovation happens everywhere, not in one place
  • The number of communities has tripled since last year
  • Things are increasingly interconnected.
  • What is community ... it's about people, people are passionate about things they do.
  • Move from monolithic to modular (hardware / software) ... solutions assembled from commodity components.
  • Customers demand choice, reduce lock-in to a vendor ... increases competition.
  • Market place still wants solutions (not pieces) based on these compenents.
  • Simplify the community and technology adoption.
  • panel discussion
  • opensolars release ... source code open a couple of years ago. How to involve the community. All activity is done in the open. How do people now consume the innovation. First fully supported release of opensolaris, a distribution ... new logo.
  • Various Solaris demos: install, zfs, D-Light

NetBeans Day

  • Demos being done on OpenSolaris, very cool
  • Release v6.1
  • JasperSoft, iReport ... opensource business analysis tools front-end to jasper reports, netbeans plugin, #1 download demo of the tool
  • early access to PHP plugin
  • GSF ... language editing infrastructure
  • NB 6.5 adding PHP and Groovy, also ading other languages.
  • PHP/GSF demo, today small plugin for PHP
  • NetBeans ALM Integration, Intland software bring collabrative features to the developer

jMaki: The Power of Ajax Made Easy

  • jMaki Framework:
  • Demo, NetBeans 6.1, GlassFish v3 ... built an app with two maps and geocoder
  • Miso/jMaki Demo: search and indexing services exposes RESTful web services. The demo shows ways to search mail files looking for documents, images, etc.
  • Demo: Travelmuse Inc.

The NetBeans 6.1 IDE, Faster Than Ever

  • Flower shop demo using RESTful web servces
  • RESTful leverages EJB interfaces
  • use strikeiron webservice
  • Jonathan Schwartz: comments about NetBeans community. Sun listened and responded.
  • soapUI testing tool ... integrated into NetBeans 6.1 focus is to make testing fast and fun. create a new testing project. realy nice integration! Pluggin creates a test suite. load test generation with this functional tests.
  • Spring ramework support, selectable as an option to new Web Project
  • Hibernate suport, bundle 3.2.5
  • Axis2 Web Services stack, create fro pojo or wsdl
  • JSF CRUD editor/generator

NetBeans, developing Ajax applications

  • Javascript editor, variable highlighting, code completion, knows about browser supported features
  • Javascript debugger ( technology review ) on top of NB 6.1 debugs with firefox browser / firebug
  • jMaki demonstration, charting library.
  • Woostock ... component / widget library http://woodstock.dev.java.net components on the NB Visual web pack, built-in ajax support
  • External AJAX Libraries
  • RichFacesL AJAX Extensions to JSF, open source from RH
  • Wicket: AJAX Library for Java Developers

Asynchronous AJAX for Revolutiontary Web Applications

  • ICEfaces / Glassfish
  • Push AJAX / Comet
  • Web2.0 ... out of information age ... to the participation age. Users are creating the applications (ebay; users submit actions). treat the user as an http client.
  • AJAX is a state of mind ... want the server to send a message into the browser, not initiated by the user
  • Called "Ajax push", "Comet", or "Reverse Ajax" full async to the web. (jMail, yahoo mail)
  • responsive low-latency interaction for the web, event driven browser applications
  • no polling overhead
  • NIO non-blocking threads.
  • traditional servers are blocking
  • Servlet 3.0, spec to support true async

Thursday Mar 20, 2008

An Overview of Project OpenPTK

logo

OpenPTK is an open source project that provides a collection of tools and sample applications that Web and Java developers can use to integrate custom applications with user provisioning systems. Using industry standard interfaces, developers can build flexible user management applications that support Enterprise-class, department/group level and Web 2.0 type user provisioning environments.

Organizations:

Most intranet and Internet applications require user authentication. Applications either have an intergrated data store (e.g. RDBMS) or leverage an network service (e.g. LDAP) for validating users. Managing the "life cycle" of user data has become challenging. There are different user provisioning strategies:

  • An enterprise typically implements a provisioning solution such as Sun's Identity Manager to manage user data across multiple applications and services.
  • Departments (or group level) many only have a single application that has a dedicated user data store. The volume of user management activities is usually small.
  • Web 2.0, Internet facing, applications typically leverage a scaleable / available network service for storing user information.

Requirements:

Organizations need to implement a set of basic user management capabilities. For End Users, a solution needs to provide; "Forgotten Password" and "Self Service" functionality. For User Administration, a solution needs to provide fundemental Create, Read, Update, Delete and Password operations. Provisioning solutions and user data stores most likely provide these basic user management capabilities through their native interfaces. The problem is that these native interfaces may not meet the organization's requirements. Organizations have expressed the need to intergrate user management systems with different custom "End User" experiences/interfaces. Commonly requested interfaces include:

Remote Web Interface: Organizations need a Web interface, for user provisioning, that can be deployed remotely from the system that host the provisioning solution.
Command Line Interface: Administrators need an interface that allows them to perform provisioning from a comamnd-line interface, either interactively or from a shell script.
Portal / Portlet Interface: Enterprise and Departmental organizations may have to provide user provisioning interfaces into an existing Portal infrastructure.
WSDL-based Web Service: Developers need to integrate user provisioning into a SOA environment and are requiring Web Services that can be used by SOA development tools.

Because of these requirements for custom end-user experiences, organizations will build applications that leverage different types of development environments. The "End User" application (experience) may need to support a rich-native desktop interface, a browser-based interface, a Web Service or a command-line interface. Developers will design solutions that integrate an orgaization's interface experience with the various user data stores. Developers will most likely have to learn the details related to interacting with the various user data stores. Web developers may not be prepared to deal with Java APIs that are need to access the data store(s).

Solution:

Project OpenPTK is a three-tier architecture which enables developers to focus on the business application interface, not on the underlying user data store. There's a number of "Consumer Tier" interfaces which address various development options. The "back-end" user data store is abstracted through the "Service Tier". The "Framework Tier" integrates the Consumer and Service tiers while also managing configurations, logging/debugging and provisioning operations.

Project OpenPTK Architecture

Consumer Tier interfaces/examples:

User Management Lite (UML): A JSPs/Taglib-based web application which provides basic user administration, and self-service functions.
Command Line Interface (CLI): Provides basic provisioning operations. The CLI can be part of custom scripts that administrators can use to automate provisioning tasks.
JSR-168 Portlets: Provides "Forgotten Password", "Self Service" and "User Administration" capabilities. These portlets can be integrated into a customers existing JSR-168 compliant Portal server.
WSDL-based Web Service: Provides User provisioning operations. Web Service clients (e.g. Java CAPS and soapUI) can reference the WSDL from this service and create custom integration solutions.

Service Tier implementations:

SPML: The Service Provisioning Markup Language is the external interface used by Sun's Identity Manager user provisioning solution.
SPE: Sun's Identity Manager, user provisioning solution, contains a Service Provider Edition interface for user provisioning.
JNDI: The Java Naming and Directory Interface API is used to access LDAP-based (e.g. OpenDS) user data stores.
JDBC: The Java Database Connectivity API is used to access Relational Database user data stores (e.q. MySQL).

Developers can use Project OpenPTK's interfaces and APIs to handle user provisioning operations without having to worry about the back-end user data stores. User provisioning applications that leverage Project OpenPTK can easily support multiple different user data stores through the use of its flexible configuration mechanism.

Project OpenPTK is a formal open source project hosted on Java.net and is part of the Identity Management community. Project OpenPTK founders: Scott Fehrman, Derrick Harcey and Terry Sigle are Pre-Sales Systems Engineers supporting Sun's Identity Management products.

The Project OpenPTK site contains source code (via svn), documentation, distributions and tracks issues. Anyone is welcome to join the community as an Observer and please subscribe to the "user" and "announce" mailing lists.

Saturday Nov 17, 2007

NetBeans 6.0 (Beta 2) Java Editor ... you need to take look

I installed NetBeans 6.0 (Beta 2) on my Mac about a month ago. I didn't do much with it until last week. One of my TODO's has been: "work on Javadocs" for Project OpenPTK. I know ... I know ... we should have been writing the Javadocs as we wrote code, just like every good developer does :-).

I decided to use NetBeans 6.0 (Beta 2), instead of my NetBeans 5.5 install. I'm really happy I did ... the new editor ROCKS. There's a ton of new features, I'm sure i'll get to use them all eventually. Did I say the new editor "JUST ROCKS".

As I was adding Javadoc comments "/\*\*", the NetBeans Editor started a nice template for me with @param, @throws, @return elements as necessary. This made it easier for me to "Fill-In-The-Blanks" with notations. As I went through all the Java files in Project OpenPTK's public api code, I noticed that the Editor was flagging different things in the code. It highlighted methods that should have @Override, include lines not being used, local variable that were conflicting with global fields and few other things. I decided to open every Java source file in the project and see what the editor found. I removed a lot of include lines that were not need being used.

There's a lot of other cool features in this new Editor. Here's a just few things that I played with:

  • I really like the new diff features, especially when you delete lines and the icon lets you see what was removed, compared to what's in SVN.
  • The default colorizing is a lot nicer.
  • The highlighting is very useful, double-click on a variable and it's highlighted everywhere, the right-side margin shows a little "tick" mark where that variable is used thoughout your source file.
  • I needed to use the Instant Renaming feature a couple of times (when a local variable name was the same as a global field ... oops). Just start changing the local variable where it's defined and it will dynamically change everywhere in the method.

There's many more new features. Take a look at this NetBeans wiki site, it's a good summary of the Editor's features.

Monday Nov 12, 2007

Source Code Posted

Last Friday the Project OpenPTK team (Derrick, Terry and I) did an initial check-in of the source code. You can download the pre-built samples and browse the source code. Details related to the source code can be found on http://www.ohloh.net. Our initial check-in was about 120 files and included over 15,000 lines of code (that's minus blank lines and comments). The Javadocs for the Java API are available on http://www.openptk.org.

Wednesday Jun 14, 2006

I discovered the Future (and FutureTask)

I'm working on updating a Java program that has to call a Web Service. The application is a Corporate phonebook (white pages) that uses the Sun LDAP Directory server. One option in the program calls a Web Service to get external (non-LDAP) data about a person. The application would wait if the Web Service was either slow or not available, eventually timing out. The timeout was too long for the end-user.

The requirement was to have the application call the Web Service with the option of setting a specific timeout.

I reviewed my Java books on threading, searched the web and tried to write a test Java app that would create a Thread, have the new Thread call the Web Service and stop if the Thread took too long. I tried using various combinations of

wait(millseconds)

and

notify()

to make something happen. No luck. I asked a friend "What am I doing wrong"?

His anwser was

java.util.concurrent.FutureTask

Thanks again to Brian Doherty for the advise.

The java.util.concurrent.\* package is new in the Java SE 5.0 release. I found a great example of using FutureTask in Core Java 2 Volume II - Advanced Features, Seventh Edition Chapter 1. Multithreading. The get(timeout_value,timeout_unit) method was exactly what I needed. It was soooooo much easier to implement a test program with the java.util.concurrrent package then by manually trying to make wait()/notify() work. Here's my test program which has a timeout value set to expire before the work (sleeping) is complete:

import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.FutureTask;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;

public class testFutureTask
{
   Perform perform = null;
   FutureTask task = null;
   Thread thd = null;
   
   public testFutureTask()
   {
   }
   
   public static void main(String[] args)
   {
      testFutureTask test = new testFutureTask();
      test.begin();
   }
   
   private void begin()
   {
      String answer = null;
      perform = new Perform("what is the question");
      task = new FutureTask(perform);
      thd = new Thread(task);
      thd.start();
      System.out.println("\\nPerforming the Task, (please wait) ... \\n");
      try
      {
//         answer = task.get();  // run until complete
         answer = task.get(5000,TimeUnit.MILLISECONDS); // timeout in 5 seconds
      }
      catch (ExecutionException e)
      {
         e.printStackTrace();
      }
      catch (InterruptedException e)
      {
         answer = "got interrupted.";
      }
      catch (TimeoutException e)
      {
         answer = "tired of waiting, timed-out.";
      }
      System.out.println(answer);
      return;
   }
}

class Perform implements Callable
{
   private String input = null;
   private String output = null;
   
   public Perform(String input)
   {
      this.input = input;
   }
   
   public String call() throws Exception
   {
      output = "The response to '" + input + "' is 42";
      try
      {
         Thread.sleep(10000);
      }
      catch (InterruptedException e)
      {
         System.out.println("Perform::call(), sleep interrupted.");
      }
      return output;
   }
}
About

Scott Fehrman

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
News

No bookmarks in folder

Projects

No bookmarks in folder

Ref. Material

No bookmarks in folder