The London Groovy and Grails User Group will be holding their next meeting on Wednesday, 6th December 2006 at Skills Matter in London and for the first time ever the meeting will be available via a live web conference, so don't worry if you are not in London!
Speaking at this month's meeting will be Graeme Rocher, Grails Project Lead and CTO at Skills Matter. During his talk entitled; Grails Dynamic Tags: Making Tag Libraries Agile, Graeme will discuss Groovy Server Pages and its support for the creation of dynamic tag libraries without the need for configuration.
John Wilson, Groovy Committer, will also be presenting at this meeting. During his talk, entitled; The MetaClass: How Groovy works Under the Hood, John will shed light on the MetaClass so you can better understand its' function and see how to use it to get your Groovy programs smaller, clearer and faster.
WS-Security provides a way to protect Web Services at the message level (SOAP) and it is
independent of the protocol used (HTTP, JMS, ...). However, some services are still using HTTP based authentication for protection. JAX-RPC and its Oracle implementation provides a way to set the username
and password in the client (Stub) using some properties on the Stub.
OracleAS 10gR3, so OC4J standalone, is using the standard Java logging framework. Some of the
benefits are easy configuration, and extensibility. The configuration of the level of logging of the different loggers has been exposes in
the Oracle Application Server Console. To see the logger configuration, click on the Administration Tab and then Logger Configuration, you can then configure the different loggers.
By default the logger will write all the information in the default log.xml file, and for application lever logger it will go in the application.log. You may want to send the information in the console during development to debug/analyze your application. This is done using the configuration of the Handler. This information is currently not available in the Application Server Console, so I am documenting in the next steps how
to send the information in the console (terminal window).
The configuration of the OracleAS Logging is saved in the $ORACLE_HOME/j2ee/home/config/j2ee-logging.xml file. In this file you can see that Oracle has defined
various handlers where information can be sent:
console-handler : Log the information in the console (the one we want to use in this sample)
oc4j-handler : the default handler for most of the loggers, saving the information in the $ORACLE_HOME/j2ee/home/log/oc4j/log.xml using the Oracle Logger formatting
oracle-webservices-management-auditing-handler : the handler used by the Web Services Auditing feature in the $ORACLE_HOME/j2ee/home/log/wsmgmt/auditing/log.xml
oracle-webservices-management-logging-handler : the handler used by the Web Service Logging feature in the $ORACLE_HOME/j2ee/home/log/wsmgmt/logging/log.xml
As you may know, OracleAS Web Service provides out of the box support for Auditing of the SOAP messages. You just need to go in the administration page of the Web Service and enable the auditing. By default the messages are logged in the auditing log pointed above. But during development it is really interesting to see the SOAP Messages in the console without having to configure a Proxy to capture the request/response. The easiest way to do that is to edit the j2ee-logging.xml file and associate the console-handler to the auditing logger using the following configuration:
The Oracle Technology Network (OTN) "Greatest Hits" is a compilation of the most popular technical articles, software downloads, podcasts, sample code, and documentation, we've published in a given 12-month period. The compilation provides you with convenient access to the "best" of OTN as well as an insight into the interests of the Oracle developer and DBA communities.
I was discussing with a customer not familiar with the JAX-WS standard. I was writing him a mail explaining the difference when I found this nice article on the IBM DeveloperWorks library:
I have been using JDeveloper
for many years, since the first release ;-). But I've never payed
attention to a simple and very useful feature. When you click the Help
> About menu you can access all the System properties of the
Java VM used by Jdeveloper by clicking on the Properties tab
already a Web Service deployed in OC4J that is running on the default HTTP port. The WSDL and Endpoint are available. In my sample
the non secure Web Service endpoint is: http://127.0.0.1:8888/math-service/MathServiceSoapHttpPort
The first thing to do to secure OC4J would be to create a new keystore
that will contain the different certificates. The easiest way to do
that for a Java developer is to use SUN's keytool:
OC4J stand alone is using the notion of Web-Site to expose HTTP resources (Web Applications). The default-web-site is define is he
$ORACLE_HOME/j2ee/home/config/default-web-site.xml. To secure an OC4J you can follow the steps describe in the OC4J Security guide that I have summarized in the following section.
What we want to achieve for the purpose of the demonstration is to have OC4J using HTTP and HTTPS, on port 8888 and 4443 for example.
Copy default-web-site.xml to secure-web-site.xml
Edit the secure-web-site.xml:
Change the web-site tag by changing the port to 4443 and adding the element secure="true"
Add the ssl-config element and point this to the new created keystore.
The file looks like:
<web-sitexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd"port="4443"secure="true"display-name="OC4J 10g (10.1.3) Default Web Site"schema-major-version="10"schema-minor-version="0"> ...<ssl-configkeystore="server.keystore"keystore-password="welcome"/> ...</web-site>
Import the new Web site in your OC4J instance by editing the $ORACLE_HOME/j2ee/home/server.xml
file. You need to add or replace the web-site tag. In my case I want to
add the secure web site to my instance so the configuration looks like:
Start OC4J using the standard Java command or shell script, I am adding the Java Network debug flag that would help you to see what is
happening at the SSL level.
java -Djavax.net.debug=ssl -jar oc4j.jar
You should be able to access the service WSDL using the HTTPS port for example in my case:
Event if this is possible to use the same keystore for the server and the client, I will guide you in the steps to create a client
certificate and import the certificate from the existing -server- one.
You have now the client certificate so you can use the Oracle Web
Service Assembler to generate the proxy. The only specific thing you
have to do is to specify which key store to use when running the tool.
The command to use when generating the proxy is:
Configure the Java Environment to use the client store is made using the following System properties:
javax.net.ssl.trustStore
javax.net.ssl.keyStore
javax.net.ssl.trustStorePassword
javax.net.ssl.keyStorePassword
This could be done using different approach, property file, -D command
line parameter or programmatically. To simply the example I am using
the programmatic approach, the following code is part of the main
method of the Client class:
It is possible to change the Endpoint dynamically in the Proxy using the setEndpoint method.
...democlient.proxy.MathServiceSoapHttpPortClient myPort = new democlient.proxy.MathServiceSoapHttpPortClient();...String ep = "https://127.0.0.1:4443/math-service/MathServiceSoapHttpPort";myPort.setEndpoint(ep);System.out.println("Result of the operation is "+ myPort.add(2,2));...
You should now be able to run the client and call the service using HTTPS. This would look like:
Oracle Open World is getting very close... And I am very excited to go to lot of sessions, two of them looks very interesting in the Oracle Develop track:
Rod Johnson - Spring Update: What's New and Cool in Spring 2.0 (Monday 10/23/2006, 12:45 PM - 1:45 PM in the Hilton Hotel Grand Ballroom A)
Brian Behlendorf - Bringing Open Source Software Development Practices and Principles Into Your Company (Tuesday 10/24/2006, 1:15 PM - 2:15 PM in the Hilton Hotel Grand Ballroom A)
This is quite exciting to have Open Source gurus coming to present to the Oracle conference, and explain how to use the new Spring in their projects or leverage Open Source practices to improve development in house... Take a look to the full program of Oracle Develop.
Start to use the Oracle OpenWorld Schedule Builder to organize your week in SF, if you have not registered yet for OOW click here.
WS-Security provides a standard way to secure Web Services. Since based on SOAP it is agnostic of the stack you are using. When using JAX-RPC implementation, you are running in a J2EE container. In this post I am giving a tip to access the Principal object.
I have a service service, and I need to access some user information in its implementation class ( org.tug.ws.sample.SimpleServiceImpl ). This service is secure with WS-Security, with for example simple authentication, the following screenshot, is the configuration of inbound security in OracleAS 10gR3:
Implement the init(Object context) method to access
the ServletEndpointContext,
that you can for example put as a local member of your implementation
class.
public void init(Object context) { _servleContext = (ServletEndpointContext)context;}
Then you can access the principal object using the getUserPrincipal() method:
Last week I discussed dynamic languages with some consultants. This discussion was done in the context of integration of scripting technologies into Java EE environment. So the integration to the VM is important, I also think that the learning curve is a thing to consider.
It is true that, like any developer Iike to learn things everyday, this is why I have done some development with PHP, with Ruby On Rails, and obviously with Groovy, Javascript and many other dynamic languages.
The discussion moved quickly to an argument about which language is the best... Hard to say, but I would expect that to be more productive in enterprise it is better to use a "Java Like" syntax that allows you to leverage the power of scripts. Based on this comment it is for me a no brainer to say that Groovy is more interesting to a core Java developer than JRuby (or other Jython, Jacl, ...). I do not even want to go in the details about VM integration, performances and so on...
