Archive for : April, 2014

OpenSSL – Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Links:

http://heartbleed.com/

http://news.idg.no/cw/art.cfm?id=76F83051-AFDA-B0A2-500DC6997EA04308

Do you know Wise?

wise-banner-1180px

Wise is a Java framework for easily invoking webservices, which can be used as base for zero-code webservice invocation applications. Wise can be the proper solution when total and effective client/server decoupling through WS is required.

While basic JAX-WS tool for wsdl-to-java generation (like wsconsume) are great for most Java developer usecases, the generated stub classes kind of introduce a new (or renewed :)) level of coupling very similar to Corba IDL; by generating statical webservice stubs you actually couple client and server.

So what is the alternative? Writing dynamic client using dynamic Provider/Dispatch JAX-WS API? That’s possibly an option, yet not the easiest to understand, implement and maintain in most enterprise environments. Wise provides a different solution using dynamic mapping on JAX-WS tools generated code. Wise allows calling a ws service by mapping a generic Object model to JAXWS generated code. This opens up multiple Wise usage scenarios, like zero-code WS invocation (used in JBoss ESB) or GUI driven WS invocation.

Wise project came from a code donation and is currently composed of the following components:

Wise-core

It is a library to simplify web service invocation from a client point of view: it aims at providing a near zero-code solution to find and parse wsdls, select service and endpoint and call operations mapping user defined object model to JAX-WS objects required to perform the call.

Wise-webgui

In a nutshell this is a web application designed to call a generic web-service given the wsdl only. Wise parses the wsdl and dynamically generates a web interface to call the service and read the result. It is designed to be used by non-programmer people (for example QA testers), but it is very useful also for developer since it is easy to use for rapid tests.

Wise Website:

https://www.jboss.org/wise

 

post image

JBoss

Red Hat® JBoss® Web Server is a fully-integrated and certified set of components for hosting of Java™ web applications. It combines the world’s most deployed web server (Apache™ HTTP Server),  the top servlet engine (Apache™ Tomcat), load balancers (mod_jk and mod_cluster), and the Tomcat Native library, with the best support in middleware. JBoss Web Server simplifies the use of popular open source software by  providing stable, enterprise-class versions of Apache software that is backed with long-term enterprise product life-cycles.

JBoss Website:

http://www.jboss.org/jbossas

post image

JBoss Forge — What’s this? ;-)

Using Forge helps streamline application development, ease the pain of setting up enterprise testing and integration, and utilizes the full power of JBoss AS7 for development, testing, and deployment. Combined with fully-fledged visual integration with Eclipse and JBoss Developer Studio, there’s never been more power at your fingertips.

Forge Website:

http://forge.jboss.org/

post image

Wildfly 8

HTTP Session Failover in WildFly 8

WildFly 8 provides high availability using session failover and load balancing.

post image