Nowadays in a lot of organizations, we have the "Application Team", "Middleware or SOA or ESB Team", we have the "Infrastucture Team", "DBA Team" and so on.
Imagine a project needs to involve so many different teams just to implement a solution. I would not say this working model is bad or not efficient or whatever negative term you can think of. Because so many IT solutions were implemented this way. The thing is, however, usually when working with different teams, communication becomes very very important and we've got to deal with a lot of human factors due to this. Human factor is more difficult to deal with than any technical problem.
Many times a team needs to depend on another team to complete the necessary task first. Such dependency creates a lot of troubles when the dependent team works in silo and does not respond in time using different kind of excuses. For e.g. if the Development team wants to increase server memory or to request to open certain port or things like that, in this case the Development team has to approach the Server team and Network team, and this may end up requires the Development team to fill in dozens of form, to attend to dozens of meeting to provide justification and etc. From the business perspective, this is actually not "acceptable", you know, every minute counts in the business world.
So I'm thinking, why not we have "development unit" only, or we remain only the "application team", then we remove the Middleware team, DBA team, Server team and Network team. Each application team will have their own Middleware, DBA, Server Admin and Network Admin. And we'll set up the "Architect Team" to govern the Middleware, DBA, Server and Network standards. The Architect Team will consist of Enterprise Architect, Application Architect, Middleware Architect, DBA Architect, Server Admin Architect and Network Architect to coordinate with each other. They are the one who set the standards to the whole organization and each projects, they have to provide the architectural details for each project and review the architecture constantly at different project phases.
Project operation wise, architects should be not involved at all. Project manager will have full power on his/her team member consisting of BAs, Developers, System Admins, Network Admins, DBAs and etc. In that case we can remove the "form filling bureaucracy" and improve the project speed.
I'm not sure if any organization out there is already doing this way.
Monday, September 8, 2014
Wednesday, August 20, 2014
Old school Axis 1.0 way of consuming Web Service :(
Ok. Although nowdays we have a lot of advanced web service libraries such as CFX and etc, we still have to admit that sometimes we do bump into situation that we have no choice but to use the grandpa way of consuming web service! (well at least we are lucky not to use the great-grandpa way. LOL)
Yeah somehow I have to use the Axis 1.x library to generate Web Service Java Clients or Stub for me. Well that is not a big problem but but but in my case the Web Service Provider needs SOAP Header which contains all the username token information.
That's a real headache ya!
Well, the solution is quite easy anyway. It looks like below:
import org.apache.axis.client.Stub;
import org.apache.axis.message.SOAPHeaderElement;
SOAPHeaderElement security = new SOAPHeaderElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security")
SOAPHeaderElement usernameToken = new SOAPHeaderElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","UsernameToken");
SOAPHeaderElement user = new SOAPHeaderElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Username", "xxx");
SOAPHeaderElement password = new SOAPHeaderElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Password", "xxxyyy");Next, just make your web service call using the stub.
usernameToken.addChild(user);
usernameToken.addChild(password);
security.addChild(usernameToken);
Execute_ptt exec = ws.getexecute_pt(new URL("http://localhost:8001/soa-infra/services/SampleWebServiceProvider"));
((Stub)exec).setHeader(security);
Friday, August 8, 2014
Fixed Length File Without Delimiter and BeanIO
What happened is I have this IBM Mainframe's CobolCopyBook and I need to read a number of fields from there.
For your information the CobolCopyBook is a FixedLength file which has NO Delimiter.
My problem is that in my environment I have to stick to the BeanIO framework for the parsing. That means I cannot use the normal BufferedReader + substring way which is considered NOT SO ELEGANT way to solve this problem.
Also this is the first time I am using BeanIO. I found that the existing FixedLength utilities in BeanIO, such as the FixedLengthReader expects each line has a Carriage Return (CR or \r) or Line Feed (LF or \n). But it also allows the user to specify a "delimiter" to determine when to assume a Line.
Unfortunately in my use case, as I mentioned earlier , my file does not have any delimiter. Basically it is one string of characters. Worst still is one of the field always has the CR or LF character in it! What will happen is the BeanIO's reader will consider whatever after the CR or LF character is a brand new Line but the fact it is NOT!
To summarize, I have 2 problems here.
1) No delimiter to determine a new line
2) One of the field contains Carriage Return and Line Feed
I was cracking head for these two problems and my colleague came out with some brilliant ideas. They suggested me to use OuterBean which contains the Target Bean as a Segment. Segment as one annotation is another BeanIO feature that does all the grouping or nested bean stuff. This approach will solve the "No Delimiter to break line" issue.
Another colleague suggested to create a custom java.io.Reader that extends from java.io.Reader and implements my own "read()" method. Because in the end BeanIO is going to invoke the "read()" method from the Reader object that is passed into its internal classes. So inside this read() method I will check if the character is either a Carriage Return or a Line Feed then I will return a space means I am actually replacing \n and \r with space. This will solve my second problem where the Carriage Return or Line Feed will cause BeanReader to take the characters after it as a new line.
So now I managed to fix these two problems with the OuterBean approach and Customized java.io.Readar approach. However this is not so complete because I don't like the replacing carriage return and line feed character with space.
public class CustomerOuterUserBean {
@Segment(name="customerUserBeans", collection=ArrayList.class, minOccurs=0, maxOccurs=-1, type=CustomerUserBean.class )
private List customerUserBeans = new ArrayList();
public class NpiFilterReader extends FilterReader {
public NpiFilterReader(Reader in) {
super(in);
}
@Override
public int read() throws IOException {
int read = super.read();
if (read == '\r' || read == '\n')
return ' ';
return read;
}
So I continued the journey and in the end I found a very very simple solution for these two issues.
What I did is to create a custom RecordParserFactory which manipulates a custom RecordReader and I overwrite the read() method for the custom RecordReadear. The read() method in the custom RecordReader looks like follows:
public class MyFixedLengthRecordReader extends FixedLengthReader
public String read() throws IOException, RecordIOException {
char[] buffer = new char[300];
if(in.read(buffer, 0, 300) != -1){
return new String(buffer);
}
return null;
}
Note that in my use case my line is fixed at 300 characters per line.
This is the most elegant yet simple solution! Thank Divine!
Wednesday, June 25, 2014
Secure Web Services using Oracle Enterprise Manager Fusion Middleware Control
Ok. Recently I have been working on Web Service Security.
My web services are running on Oracle Enterprise Manager Fusion Middleware Control.
The security part has the following break down:
1) Authentication
Whether the service consumer is a trusted one. I am using the username-token to achieve this.
2) Authorization
In this case the service consumer is trusted. However it may not have the right to invoke the particular web service operation.
3) Transport Layer Security
TLS or SSL is generally used for transport layer protection. The idea is to encrypt every data during the transmitting process. I am yet to implement this.And I am not sure if I really need to do this in my enterprise environment. The reason is our web services are in a secure network environment. Our service consumers are all internal applications. So I am not going to cover the detail for this part in this post.
Ok. What we need to know next is all the WS-* stuff. This could take some time for you to read. And along the reading process you might get even more confusion. So I will tell you what not to be confused here, as follows:
Next we are going into the technical detail. Diagrams are not available because I am lazy to remove all the sensitive company and application name:
Scenario:
Create two users to call a particular web service and to invoke different service operations respectively.
1) You need to be aware, that for Oracle Enterprise Manager Fusion Middleware Control, the "User and Group" setup are controlled by Oracle Weblogic. The whole Oracle Enterprise Manager itself is running on Oracle Weblogic. So we are going to access two different "Portals", one is the Oracle Weblogic Administrative Console and another one is the Oracle Enterprise Manager.
2) Now our first step is to create a new user. Go to Oracle Weblogic Administrative Console -> Security Realm -> User and Group. Create your user there. Very easy. Just fill in the blanks only.
3) I am not going to cover the "Group" because I want to keep this as simple as possible. Everything will be just "User". The "Group" is useful if you want to group different users into the same group and then instead of granting permission to multiple users you just need to grant permission to one group.
4) Now you don't need the Oracle Weblogic Administrative Console anymore. Close it kill it leave it fuck it. Our next focus is to login to the Oracle Enterprise Manager for the remaining steps.
5) I assume you have deployed your web service (to be exact, it is SOA composite exposed as a web service) using the Oracle Enterprise Manager.
6) Right click on your "domain" that hosts your SOA composite, you will see "Web Service" appearing in the context menu. Go there and look for your particular web service and click it to go to the detail page.
7) Go to the "policies" tab. Here you can attach any policies you like to your web service. In our case we should attach "oracle/binding_permission_authorization_policy" for Web Service Endpoint Authorization.
8) At the same tab, we must also attach a username token policy for "Authentication". Just attach any policy with the name username token. But of course you have to do this carefully.
9) Ok. we are done with the "Attaching Policy" now. Next, go to your "domain" again. Right click on your domain and you will see "application policies" and "application roles". Using the "application roles", you can create a "role" that can consists of multiple users or groups for easier management. In our case I will just skip the "application roles" to make things simple. So we will just go straight to the "application policies".
10) At the application policies, Create an Application Grant. choose the user that you set up at step 2 as your "Grantee".
11) At the same page again, there is a section for "permission". Put something as follows:
Permission Class - oracle.wsm.security.WSFunctionPermission
Resource Name - your web service NAMESPACE/service name. Remember, it's the namespace, not endpoint address.
Permission Actions - your web service operation
Done. Now the Authorization part is completed.
12) It is testing time now. I suggest you to create another user who is not granted any permission to the particular web service. In fact I successfully made two different users to access to the same one web service but each of them are only authorized to invoke one particular service operation.
13) Where do you pass the username and password? In your SOAP Header. Remember to include the below part in your SOAP message.
My web services are running on Oracle Enterprise Manager Fusion Middleware Control.
The security part has the following break down:
1) Authentication
Whether the service consumer is a trusted one. I am using the username-token to achieve this.
2) Authorization
In this case the service consumer is trusted. However it may not have the right to invoke the particular web service operation.
3) Transport Layer Security
TLS or SSL is generally used for transport layer protection. The idea is to encrypt every data during the transmitting process. I am yet to implement this.And I am not sure if I really need to do this in my enterprise environment. The reason is our web services are in a secure network environment. Our service consumers are all internal applications. So I am not going to cover the detail for this part in this post.
Ok. What we need to know next is all the WS-* stuff. This could take some time for you to read. And along the reading process you might get even more confusion. So I will tell you what not to be confused here, as follows:
WS-Policy VS WS-Security. WS-Policy and WS-Security are two different entities. WS-Policy is a Language, whereas WS-Security is a Conceptual Framework.
Next we are going into the technical detail. Diagrams are not available because I am lazy to remove all the sensitive company and application name:
Scenario:
Create two users to call a particular web service and to invoke different service operations respectively.
1) You need to be aware, that for Oracle Enterprise Manager Fusion Middleware Control, the "User and Group" setup are controlled by Oracle Weblogic. The whole Oracle Enterprise Manager itself is running on Oracle Weblogic. So we are going to access two different "Portals", one is the Oracle Weblogic Administrative Console and another one is the Oracle Enterprise Manager.
2) Now our first step is to create a new user. Go to Oracle Weblogic Administrative Console -> Security Realm -> User and Group. Create your user there. Very easy. Just fill in the blanks only.
3) I am not going to cover the "Group" because I want to keep this as simple as possible. Everything will be just "User". The "Group" is useful if you want to group different users into the same group and then instead of granting permission to multiple users you just need to grant permission to one group.
4) Now you don't need the Oracle Weblogic Administrative Console anymore. Close it kill it leave it fuck it. Our next focus is to login to the Oracle Enterprise Manager for the remaining steps.
5) I assume you have deployed your web service (to be exact, it is SOA composite exposed as a web service) using the Oracle Enterprise Manager.
6) Right click on your "domain" that hosts your SOA composite, you will see "Web Service" appearing in the context menu. Go there and look for your particular web service and click it to go to the detail page.
7) Go to the "policies" tab. Here you can attach any policies you like to your web service. In our case we should attach "oracle/binding_permission_authorization_policy" for Web Service Endpoint Authorization.
8) At the same tab, we must also attach a username token policy for "Authentication". Just attach any policy with the name username token. But of course you have to do this carefully.
9) Ok. we are done with the "Attaching Policy" now. Next, go to your "domain" again. Right click on your domain and you will see "application policies" and "application roles". Using the "application roles", you can create a "role" that can consists of multiple users or groups for easier management. In our case I will just skip the "application roles" to make things simple. So we will just go straight to the "application policies".
10) At the application policies, Create an Application Grant. choose the user that you set up at step 2 as your "Grantee".
11) At the same page again, there is a section for "permission". Put something as follows:
Permission Class - oracle.wsm.security.WSFunctionPermission
Resource Name - your web service NAMESPACE/service name. Remember, it's the namespace, not endpoint address.
Permission Actions - your web service operation
Done. Now the Authorization part is completed.
12) It is testing time now. I suggest you to create another user who is not granted any permission to the particular web service. In fact I successfully made two different users to access to the same one web service but each of them are only authorized to invoke one particular service operation.
13) Where do you pass the username and password? In your SOAP Header. Remember to include the below part in your SOAP message.
Wednesday, April 9, 2014
My first Codenvy experience
Last year I have asked Divine to give me a chance to learn Cloud Development and recently my intention has got manifested. Thanks Divine! What happened was I was given a short assignment to quickly build one Web Application to read a CSV file and then display the data to webpage. The web application offers one function to the user, which is to allow users to select a specific date to filter the CSV data.
The thing about Codenvy is it puts everything on CLOUD! What I like most is the IDE itself is integrated with a lot of handy tools such as PAAS platforms and GitHub!
What you need to do is just sign up! Then start coding! I picked up Spring MVC & JQuery in just one day! Imagine how this WEB IDE helped us to pick up new skill fast! Anyway of course my strong foundation in JavaScript and Java have contributed to my speed learning also.
Here I list down my views on using Web IDE Codenvy:
Pros
- The IDE is fully integrated with PAAS platforms and Github.
- Code from anywhere with Internet and Browser! Your code will always be in the CLOUD!
- IDE provides the appropriate directory structures and libraries with some sample code! This plus the fully integrated environment help the developer to avoid spending time in setting up the coding environment.
Cons
- No auto suggestion. If you are using local IDE, you will find the auto suggestion helpful! With auto suggestion feature you don't need to go back to the API doc to find out if a certain variable or method is available to certain class. You just type dot and it will just pop out the selection list for you. Unfortunately Codenvy does not have this feature.
- You cannot print to Console. Somehow System.out.print does not work for Codenvy. You will not be able to see anything in the console if you are using the System.out.print command.
- No instant compilation. Instant compilation is very important to developer. I have wasted a lot of time to figure out what's wrong with my code to cause the compilation error without the help of instant compilation function. I strongly suggest Codenvy to include this feature in future because this is too important!
- You cannot use Call Hierarchy. Call Hierarchy is one of my favorite way to understand a program flow easily! It is very helpful when the developer needs to troubleshoot the program.
Monday, March 31, 2014
Now I am serious about Design Pattern
I know it is kinda late. I have been writing program following a code structure defined by some other team many years back and somehow I did not go find out what are the design patterns.
As you all know design patterns are meant to solve common programming problems in the area of program's stucture, program's behaviour and etc. I have studied all the design patterns before but without really using them, I do not rally remember them too much. The problem is whether is if design pattern really needed in the developer's environment.
Recently I found out that actually I did use design pattern without me knowing about it. LOL. What I can identify now is the Bridge Design Pattern where in my code I created a lot of interfaces to group all the commonly used methods from different classes together. For the detail explanation of the Bridge Design Pattern you may just read about it here ---> Bridge Design Pattern
In fact, I have also used the Factory Design Pattern. This helps optimize the program's memory consumption by reducing the number of times of "instantiation". For details you may just read up Factory Design Pattern.
By the way there are something called "Architectural Pattern" aslo. This is useful for higher level end to end solution.
Subscribe to:
Posts (Atom)