Monthly Archives: October 2014

Devoxx4Kids at JavaOne 2014 Wrapup

Oracle and Devoxx4Kids worked together to provide a fun and technology-rich experience for kids at JavaOne 2014. Inspirational, rewarding, and fun are three words that summarize the event for me. If you live in/around San Francisco Bay Area, then highly recommend joining meetup.com/Devoxx4Kids-BayArea/ for a continued experience!

136 kids attended the event and their age/gender are shown below:

d4k-j12014-girls-boys

Overall, the instructors seem to have done a good job:

d4k-j12014-information

The event itself was well rated:

d4k-j12014-rate

Minecraft Modding continues to be the top rated workshop:

d4k-j12014-workshops

 

Here are some pictures from the event:

 10665103_726705857409101_7309871608125715522_n
 
 

Check out the complete album:

devoxx4kids-javaone2014-album

Picture is worth a thousand words, a video is worth a million words. Check out kids in action (thanks to @Oraclejavamag for the video):

Here is another wonderful video created (@BertBreeman):

It takes a village to run an event like this. This was certainly not possible without the impeccable support from Oracle team, JUG leaders, Java Champions, and several other volunteers who helped us through out the team!

This summarizes the event for me:

 

d4k-j12014-attend-another

I’d like to know if that one NO was an accidental one 😉

WebSocket Chat on WildFly and OpenShift (Tech Tip #51)

Chat is one of the most canonical sample to explain WebSocket. Its a fairly commonly used interface and allows to explain the fundamental WebSocket concepts very easily. Of course, Java EE 7 WebSocket has one too, available here! You can easily run it on WildFly using the following steps:

And then access it at http://localhost:8080/chat/.

One of the biggest advantage of WebSocket is how it opens up a socket over the same port as HTTP, 8080 in this case. If you want to deploy this application to OpenShift, then WebSocket is available on port 8000 for regular access, and 8443 for secure access. This is explained in the figure below:

openshift-websocket-routing

 If you want to run this Chat application on OpenShift, then use the following steps:

  1. Click here to provision a WildFly instance in OpenShift. Change the name to “chatserver” and everything else as default. Click on “Create Application” to create the application.
  2. Clone the workspace:
  3. Edit the first line of “javaee7-samples/websocket/chat/src/main/webapp/websocket.js”from:
    to
  4. Create the WAR file:
  5. Copy the generated WAR file to the workspace cloned earlier:
  6. Remove existing files and add the WAR file to git repository:
    And this shows the output as:

And now your chat server is available at: http://chatserver-milestogo.rhcloud.com and looks like:

techtip51-websocket-chat-output

Enjoy!

Securing WebSocket using wss and HTTPS/TLS (Tech Tip #50)

50th tip on this blog, yaay!

Tech Tip #49 explained how to secure WebSockets using username/password and Servlet Security mechanisms. This Tech Tip will explain how to secure WebSockets using HTTPS/TLS on WildFly.

Lets get started!

  1. Create a new keystore:
    Used “websocket” as the convenience password.
  2. Download WildFly 8.1, unzip, and copy “websocket.keystore” file in standalone/configuration directory.
  3. Start WildFly as
  4. Connect to it using jboss-cli as:
  5. Add a new security realm as:
    And configure it:
  6. Add a new HTTPS listener as:
  7. A simple sample to show TLS-based security for WebSocket is available at github.com/javaee-samples/javaee7-samples/tree/master/websocket/endpoint-wss. Clone the workspace and change directory to “websocket/endpoint-wss”. The sample’s deployment descriptor has:
    This ensures that any request coming to this application will be auto-directed to an HTTPS URL.
  8. Deploy the sample by giving the command:

Now accessing http://localhost:8080/endpoint-wss redirects to https://localhost:8080/endpoint-wss. The browsers may complain about self-signed certificate. For example, Chrome shows the following warning:

techtip50-certificate-chrome

And Safari shows the following warning:

techtip50-certificate

In either case, click on “Proceed to localhost” or “Continue” to proceed further. And then a secure WebSocket connection is established.

Another relevant point to understand is that a non-secure WebSocket connection cannot be made from an https-protected page. For example the following code in our sample:

will throw the following exception in Chrome Developer Tools:

Enjoy!

Securing WebSockets using Username/Password and Servlet Security (Tech Tip #49)

RFC 6455 provide a complete list of security considerations for WebSockets. Some of them are baked in the protocol itself, and others need more explanation on how they can be achieved on a particular server. Lets talk about some of the security built into the protocol itself:

  • The Origin header in HTTP request includes only the information required to identify the principal (web page, JavaScript or any other client) that initiated the request (typically the scheme, host, and port of initiating origin). For WebSockets, this header field is included in the client’s opening handshake. This is used to inform server of the script origin generating the WebSocket connection request. The server may then decide to accept or reject the handshake request accordingly. This allows the server to protect against unauthorized cross-origin use of a WebSocket server by scripts using the WebSocket API in a browser.

    For example, if Java EE 7 WebSocket Chat sample is deployed to WildFly and accessed at localhost:8080/chat/ then the Origin header is “http://localhost:8080”. Non-browser clients may use the Origin header to specify the origin of the request. WebSocket servers should be careful about receiving such requests.

  • WebSocket opening handshake from client must include Sec-WebSocket-Key and Sec-WebSocket-Version HTTP header field. XMLHttpRequest can be used to make HTTP requests, and allows to set headers as part of that request as:
    If XMLHttpRequest tries to set any header fields starting with Sec- then they are ignored. So a malicious user cannot simulate a WebSocket connection to a server by using HTML and JavaScript APIs.

In addition to these two primary ways, WebSockets can be secured using client authentication mechanism available to any HTTP servers. This Tech Tip will show how to authenticate Java EE 7 WebSockets deployed on WildFly.

Lets get started!

  • Clone Java EE 7 Samples workspace:
  • The “websocket/endpoint-security” sample shows how client authentication can be done before the WebSocket handshake is initiated from the client. This is triggered by including the following deployment descriptor:
    Some key points to understand about this descriptor:

    • <url-pattern> indicates that any request made to this application will be prompted for authentication
    • <auth-constraint> defines the security role that can access this resource
    • <login-config> shows that file-based realm is used with basic authentication
    • <security-role> defines the security roles referenced by this application

    In our particular case, the page that creates the WebSocket connection is protected by basic authentication.

  • Download WildFly 8.1, unzip, and add a new user by invoking the following script:

    This will add user “u1” with password “p1” in group “g1”. The group specified here needs to match as defined in <role-name> in the deployment descriptor.

  • Deploy the sample by giving the command:

Now when the application is accessed at localhost:8080/endpoint-security then a security dialog box pops up as shown:

techtip49-browser-security-popup

Enter “u1” as the username and “p1” as the password to authenticate. These credentials are defined in the group “g1” which is referenced in the deployment descriptor. Any other credentials will keep bringing the dialog back.

As soon as the request is successfully authenticated, the WebSocket connection is established and a message is shown on the browser.

If you are interested in securing only the WebSocket URL then change the URL pattern from

to

In websocket.js, change the URL to create WebSocket endpoint from:

to

Note, how credentials are passed in the URL itself. As of Google Chrome 38.0.2125.104, a browser popup does not appear if only WebSocket URL requires authentication.

Next Tech Tip will explain how to secure WebSocket using wss:// protocol.

Data as a Service: JBoss Data Virtualization and Hadoop powering your Big Data solutions

Guest blog by Syed Rasheed (@Junooni).

Red Hat and Cloudera, announce the formation of a strategic alliance. From JBoss perspective, the key objective of the alliance is to leverage big data enterprise-wide and not let Hadoop become another data silo. Cloudera combined with Red Hat JBoss Data Virtualization integrates Hadoop with existing information sources including data warehouses, SQL and NoSQL databases, enterprise and cloud applications, and flat and XML files. The solution creates business-friendly, reusable and virtual data models with unified views by combining and transforming data from multiple sources including Hadoop. This creates integrated data available on-demand for external applications through standard SQL and web services interfaces.

The reality at vast majority of organization is that data is spread across too many applications and systems. Most organizations don’t know what they’ve lost because their data is fragmented across the organization. This problem does not go away just because an organization is using big data technology like Hadoop; in fact, they get more complicated. Some organizations try to solve this problem by hard coding the access to data stores. This simple approach inefficiently breaks down silos and brings lock-in with it. Lock-in makes applications less portable, a key metric for future proofing IT. This approach also impedes organizational agility because hard coding data store access is time consuming and makes IT more complex, incurring technical debt. Successful business need to break down the data silos and make data accessible to all the applications and stakeholders (often a requirement for real time contextual services).

redhat-jboss-datavirt

A much better approach to solving this problem is abstraction through data virtualization. It is a powerful tool, well suited for the loose coupling approach prescribed by the Modern Enterprise Model. Data virtualization helps applications retrieve and manipulate data without needing to know technical details about each data store. When implemented, organizational data can be easily accessed using a simple REST API or via familiar SQL interface.

Data Virtualization (or an abstracted Data as a Service) plugs into the Modern Enterprise Platform as a higher-order layer, offering the following advantages:

  • Better business decisions due to organization wide accessibility of all data
  • Higher organizational agility
  • Loosely coupled services making future proofing easier
  • Lower cost

Data virtualization is therefore a critical part of the big data solution. It facilitates and improves the use of big data in the enterprise by:

  • Abstracting big data into relational-like views
  • Integration with existing enterprise sources
  • Adding real time query capabilities to big data
  • Providing full support for standard based interfaces like REST and OData in addition JDBC and ODBC.
  • Adding security and governance to the big data infrastructure
  • Flattening data siloes through a unified data layer.

Want to learn more, download, and get started with JBoss Data Virtualization visit http://www.jboss.org/products/datavirt

Data Virtualization by Example https://github.com/datavirtualizationbyexample

Interested in community version then visit http://teiid.jboss.org/

Silicon Valley Code Camp for Kids 2014

300+ kids, 16 speakers (4 from middle/high school), 6 rooms, 24 sessions of 75 mins each = extremely rewarding weekend + inspired kids!

And the name is Silicon Valley Code Camp 2014 Kids Track.

300+ kids, wow! Is that the biggest known event focused on getting kids excited in technology ? :-)

The event covered topics ranging from Minecraft modding, Building your first iOS app, Raspberry Pi, Arduino, Python, LEGO Mindstorms, Scratch, Squishy Circuits, and a whole lot more.

Check out some pictures from the event:

Check out complete set of pictures:

svcc2014-album

Many thanks to all the attendees, volunteers, parents, and of course Silicon Valley Code Camp organizers, especially Peter Kellner () for providing all the support to educate and inspire kids!

We’d love to have your kid deliver workshops for us next year. Help us increase the young presenters more. We’d also love female presenters, help us create gender balance in this otherwise imbalanced industry :-)

We’ll be back next year, bigger and better. Feel free to leave feedback on this blog.

Are you interested in opening a local Devoxx4Kids chapter in your city ?

Join www.meetup.com/Devoxx4Kids-BayArea if you are interested in an event that provides technology workshops for kids through out the year.