Thursday, September 29, 2011

Integration of Oracle Directory Server as the User Store of WSO2 Identity Server

WSO2 products stack supports heterogeneous user stores ranging from JDBC based databases such as MySQL, Oracle, MS-SQL to LDAP based directory servers such as Active Directory, OpenLDAP, ApacheDS...

This post explains how to setup Oracle Directory Server (or Sun Directory Server earlier) as the user store of WSO2 Identity Server.

1. Download Oracle Directory Server Enterprise Edition that suits your Operating System from here. (I am installing on Linux.. hence selected the Zip distribution)

2. Download Identity Server from here.

3. Extract the "ofm_odsee_linux_11.1.1.5.0_64_disk1_1of1.zip" distribution and locate "/ODSEE_ZIP_Distribution/sun-dsee7.zip" inside and copy it to a separate location which would be the installation directory (say install_dir).

4. Extract "sun-dsee7.zip" there and go to "dsee7/bin"

Now we are ready to create and start a Directory Server instance. I am going to follow the installation through command line .
(You can find the official installation guide from here and there are two ways of creating an instance -through directory server controller and through command line. Directory server controller way didn't work for me since it failed at registering the DCCC agent. If anyone passed that step, please share with us.)

5. Go to [install_dir]/dsee7/bin from command line and execute:
./dsadm create -p 1389 -P 1636 ../local/dsInst
Select a password for Directory Manager which we need for future operations.
You will observer following in the command line:
Choose the Directory Manager password:secret12
Confirm the Directory Manager password:secret12
Use 'dsadm start '../local/dsInst'' to start the instance

6. Start the instance:
./dsadm start /local/dsInst
Console output: Directory Server instance '/home/hasini/install_dir/dsee7/local/dsInst' started: pid=6806

7. Now we have a directory server instance running in port 1389. We need to create a root context and populate it with some sub contexts and entries for our use.
  • Let's create root as "dc=wso2,dc=org"..
    ./dsconf create-suffix -p 1389 -e dc=wso2,dc=org
 It will prompt for directory manager password which you gave at the beginning.
  • We can populate sub contexts and entries under this root, by importing a ldif file. I have created a WSO2.ldif which defines a user base, group base, admin user and admin group under the root "dc=wso2,dc=org". Download and place the file in "/dsee7/resources/ldif" directory.
  • Import the ldif file:
       ./dsconf import -p 1389 /home/hasini/install_dir/dsee7/resources/ldif/WSO2.ldif dc=wso2,dc=org
        You will be prompted to accept server certificate and for directory manager password.
        End of console output upon successful import:
        ## Import complete.  Processed 5 entries in 4 seconds. (1.25 entries/sec)
Task completed (slapd exit code: 0).

Now the directory server instance is ready for our usage and you can browse the directory tree by connecting to it through a LDAP browser such as Apache Directory Studio.

8. Provide host (localhost), port (1389) and bind DN (cn=Directory Manager), bind password (secret12) and connect Apache Directory Studio to the Oracle Directory Server instance.

9. Connecting Identity Server with Oracle Directory Server.
  • Extract the downloaded Identity Server distribution and locate the user-mgt.xml inside [IS_home]/respository/conf/user-mgt.xml
  • Comment out the existing UserStoreManager entry.
  • Uncomment the following UserStoremanager entry and edit the parameters as below:

    
            false
            ldap://localhost:1389
            cn=Directory Manager
            secret12
            SHA
            (objectClass=person)
        inetOrgPerson
            ou=Users,dc=wso2,dc=org
            (&(objectClass=person)(uid=?))
            uid
            [\\S]{5,30}
        true
        true
        true
            ou=Groups,dc=wso2,dc=org
            (objectClass=groupOfNames)
            groupOfNames
            (&(objectClass=groupOfNames)(cn=?))
            cn
            member
        
Please note edited lines: 04, 05, 06,10, 16, 17 above to integrate IS with Oracle Directory Server.
This directory server allows to create groups without an existing user. Hence line 16 parameter was set to "true".

Please note that I have connected to the directory server from IS, in read/write mode, if you want to connect in read-only mode, uncomment and change the read only LDAPUserStoreManager configuration element found in the user-mgt.xml of Identity Server.

10. Create some user entries and roles through Identity Server management console and you can browse the directory server through Apache Directory Studio and observe that they are created in directory server as below:

Thanks Prabath aiya for the request to integrating this and writing a post on it...

Tuesday, September 27, 2011

Securing request and response messages with different security policies...

One of the advantages with message level security is that it provides the granularity that we need. One example is the ability to apply different security policies to request and response messages in Web service communication, which the today's discussion is based on.

Example use case:
Let's say we have a web service called 'StudentService' which exposes the method: 'getStudent'. It gets input parameters as student id and student user name. And returns a student object with information: student age, grade and full name. 

Coming to the security requirements, let's say we need to send  the request- which contains student id and user name, confidentially and obtain the student information signed by the service to ensure integrity and non-repudiation.

Yes, we can apply a sign and encrypt policy to the service and achieve this. But wait... then we are unnecessarily encrypting the response message as well. Since encryption comes at a cost, it is good if we can apply encryption only when it is required.

How to achieve:
To achieve the above hypothetical requirement, we can use the ability to apply policies to different policy subjects in the binding hierarchy as described in this article by Nandana.

With that, we can apply Encrypt Only policy to the request message and Sign Only policy to the response message of 'getStudent' operation.

For this, we can use WSO2 AppServer which is powered by Web Services/SOAP/WSDL engine: Axis2 and Rampart -the security module of Axis2, as described below..

Walk through:
I will demonstrate how to achieve the above with a sample. 

Resources: You can find all the resources we will use in this sample -including source code of service & client, policies, wsdl, captured request and response and service archive in the resources directory uploaded.

1. Service
Following is the simple logic of our hypothetical StudentService's get student method:
public class StudentService {

    public Student getStudent(String studentName, String studentId){
        Student student = null;
        if(("alice".equals(studentName))&&("123ABC".equals(studentId))){
            student = new Student();
            student.setAge(25);
            student.setFullName("Alice Power");
            student.setGrade("A");
        }
        return student;
    }
2. Policy
Following is the services.xml of the web service where we have embedded the security policies for in and out messages. 
I have shorten the services.xml for the brevity but you can find the full version in the resources directory.


    

    
        
             
             
        
        
            
                
                    
                        ..............................
                    
                    
                        ..............................
                    
                
            
        
    
    
        
             
             
        
        
            
                
                    
                        ................................
                    
                    
                        ................................
                    
                
            
        
    

    org.wso2.security.sample.StudentService
    
    
        
    

Please note the following important lines wrt above services.xml
line 03: Rampart module is engaged to the service to process security in the in and out flows of the service.
line 05-line22: defines the first policy attachment -with message-in security policy.
line 07 & 08: defines policy subjects as operation:getStudent/in of soap11  and soap 12 binding.
line 10-21: defines the security policy applies to those policy subjects, which is Encrypt Only security policy.
line 16-19: defines the rampart configuration as a policy assertion in the security policy. Note that I have used the default keystore shipped with AppServer for cryptographic configurations.
line 23-line 40: defines the second policy attachment -with message-out security policy.
Same as above you will notice the same structure where Sign Only security policy is applied to policy subjects -operation:getStudent/out of soap11 and soap12 bindings.
line 43-47: defines service specific stuff like service class, operation name and message receiver.

Ok... we are done with the service now.

I have provided a build.xml from which you can create the axis2 service archive of the 'Student Service'. Make sure you have installed apache ant and run ant command from the directory where build.xml resides in the provided resources.

Download and run WSO2 AppServer and host this service archive.

Note that, though I'va used WSO2 AppServer for the convenience, you can also host this service in Apache Axis2 server with rampart configurations properly set in the policy above, according to your custom keystore information.

3. Generated WSDL
Now try to access the service wsdl and you will notice that security policies are attached to the relevant points that we defined in the services.xml above.

Here I will include only the parts of the wsdl, and you can find the complete wsdl in the resources directory.

At the beginning of the wsdl, security policies are defined inside "wsdl:definitions" as shown below. Each policy definition contains "wsu:Id" attribute which is used to reference policy inside the wsdl.


    
In the "wsdl:binding" section, correct policy is attached to the corresponding policy attachment point (as we defined in the services.xml), using "wsp:PolicyReference" element with "wsu:Id" attribute defined above. Following listing extracted from the wsdl shows this.

        
        
            
            
                
                
            
            
                
                
            
        
    

4. Client
We are done analyzing the server side... Let's see how to write a client who understands and supports the security requirements communicated by the service.
Following is the code listing for the client.. too long, yes I know. Let me take you through the important steps of it as below:
package org.wso2.security.sample;

import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.AxisFault;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;

import javax.xml.stream.XMLStreamException;
import java.io.File;
import java.io.FileNotFoundException;
import java.util.Properties;

public class Client {
    private static final String RESOURCES_DIR = "src" + File.separator + "main" + File.separator +
                                                "resources" + File.separator;
    private static final String MODULES_DIR = RESOURCES_DIR + "modules";
    private static final String KEYSTORE_PATH = RESOURCES_DIR + "keystore" + File.separator + "wso2carbon.jks";
    private static final String POLICY_DIR_PATH = RESOURCES_DIR + "policy" + File.separator;
    private static final String IN_POLICY_PATH = POLICY_DIR_PATH + "in_sec_policy.xml";
    private static final String OUT_POLICY_PATH = POLICY_DIR_PATH + "out_sec_policy.xml";
    private static final String END_POINT_ADDR = "http://192.168.1.5:9762/services/StudentService";

    public static void main(String[] args) {

        try {
            //create configuration context
            ConfigurationContext ctx =
                    ConfigurationContextFactory.createConfigurationContextFromFileSystem(MODULES_DIR, null);

            //create service client
            ServiceClient serClient = new ServiceClient(ctx, null);

            //engage modules
            serClient.engageModule("addressing");
            serClient.engageModule("rampart");

            //load in/out policies
            Policy in_sec_policy = loadPolicy(IN_POLICY_PATH);
            Policy out_sec_policy = loadPolicy(OUT_POLICY_PATH);

            //add rampart config assertion to the ws-sec policies
            RampartConfig rampartConfigAssretion = buildRampartConfig();
            in_sec_policy.addAssertion(rampartConfigAssretion);
            out_sec_policy.addAssertion(rampartConfigAssretion);

            //set in/out security policies in client opts
            serClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_IN_POLICY, in_sec_policy);
            serClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_OUT_POLICY, out_sec_policy);

            //set action
            serClient.getOptions().setAction("urn:getStudent");
            serClient.getOptions().setTo(new EndpointReference(END_POINT_ADDR));

            //invoke the service
            OMElement response = serClient.sendReceive(getPayLoad());
            System.out.println(response);

        } catch (AxisFault axisFault) {
            axisFault.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        } catch (FileNotFoundException e) {
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        } catch (XMLStreamException e) {
            e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
        }


    }

    private static Policy loadPolicy(String filePath)
            throws XMLStreamException, FileNotFoundException {
        StAXOMBuilder builder = new StAXOMBuilder(filePath);
        return PolicyEngine.getPolicy(builder.getDocumentElement());

    }

    private static RampartConfig buildRampartConfig() {
        RampartConfig rampartConfig = new RampartConfig();
        rampartConfig.setUserCertAlias("wso2carbon");
        rampartConfig.setEncryptionUser("wso2carbon");
        Properties cryptoProperties = new Properties();
        cryptoProperties.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
        cryptoProperties.put("org.apache.ws.security.crypto.merlin.file", KEYSTORE_PATH);
        cryptoProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");

        CryptoConfig cryptoConfig = new CryptoConfig();
        cryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
        cryptoConfig.setProp(cryptoProperties);

        rampartConfig.setEncrCryptoConfig(cryptoConfig);
        rampartConfig.setSigCryptoConfig(cryptoConfig);

        return rampartConfig;

    }

    /**
     * This is the request we need to send
     * * 
     * alice* 
     * 123ABC* *
     * @return
     */
    private static OMElement getPayLoad() {
        OMFactory omFactory = OMAbstractFactory.getOMFactory();
        OMNamespace namespace = omFactory.createOMNamespace("http://sample.security.wso2.org", "p");
        OMElement parentElement = omFactory.createOMElement("getStudent", namespace);
        OMElement child1 = omFactory.createOMElement("studentName", namespace);
        child1.setText("alice");
        OMElement child2 = omFactory.createOMElement("studentId", namespace);
        child2.setText("123ABC");
        parentElement.addChild(child1);
        parentElement.addChild(child2);

        return parentElement;
    }

}

line 46: engages rampart to service client which processes security of the in-coming and out-going messages.
line 49 & 50: loads in-policy and out-policy from file. Note that in-policy of server side applies to out-policy of client side and out-policy of server side applies to in-policy of client side. I have included client side policy files in the resources directory.
line 53-55: programetically inserts rampart configurations as policy assertions to both in-policy and out-policy.
line 58 & 59: attaches client side in-security policy and out-security policy to the axis2 service client, through client options.
line 62-66: creates the request and invokes the 'StudentService'.

How to run the client:
  • To run the client from the provided client source, you need to set necessary axis2 and rampart libraries in your classpath.
  • If you use WSO2 AppServer to host the service, you can easily run ant command inside [AppServer_home]/bin which will copy necessary libraries into [AppServer_home]/repository/lib.
  • Add [AppServer_home]/repository/lib & [AppServer_home]/lib/endorsed folders into the classpath.
  • You can point to the necessary libraries shipped with Axis2 and Rampart distributions as well -not necessarily need AppServer.
  • Run the client -et VoilĂ , if your client prints the received response correctly, you have invokes the secured service successfully :).
But we can't be happy until we confirm that the messages exchanged between client and the server are secured in the way we expected.

5. Request & Response Messages
We can monitor request and response messages using tcpmon -how to use tcpmon is out of the scope of this post...
Following are SOAP Body of 1. request and 2. response messages that I captured during client-service communication. Entire messages are included inside resources directory.

1. Request SOAP Body:

        
            
            
                
                    
                
            
            
                
                    7drXxTdkthvhnTGpBnNcn3iOxgBR/zq72+Drc3vvB6ONN2U13I9SCjNziZ3M/82PDIonsKdx/aSOQ9RuEt8cAHmdg5DyK2Z7jmVpo2u8tAltaReSVYHRt5d4JqA2Admp4OCWayi/XMBFfH3G74BCujTkiYS+azi2HJxF17oAbIX/4gUoZvvoZEkd/XzRsQf0YyTZGULWIuz0mzpXjchq4GQe1XFQrhPk5ZTxi/+wmcPsW8p/s6WVkKSuXeVwajQlihMPHFSji8IbONUWw2OQNoS7/0z8slC2XDGrwWUbp2BiondpjA15ogVM7CWY9D+Tc6hbwAziIexHAN+s9p5Ox+tdpQiJej/vVZbJVGL2Oifrx+nio+/oTQPRE52s0iSEX/GsuufWjVLxLPhhB7jVnEtF4Rx0MJi3aZG+WP5OWaViEZTqKYwvzcG0o3paLFV7+eQ5ZHtUOz5HhjEDXNMrj9IpPx4GAtRO0aZLxcqt9uA=
                
            
        
    
Entire SOAP body is encrypted adhering to the in-security policy of the service.

2. Response SOAP Body:

        
            
                25
                Alice Power
                A
            
        
    
Here the response SOAP body is in plain text, yet the message is signed. You can gain more information about message signature by referring to the SOAP header of the response message which is included in the resources.

Alright.. So I hope you got an understanding about achieving message level security with WS-Security & Rampart by going through this end to end sample of applying different security policies to in,out messages of a web service.

I would like to thank Manjula & Nandana from whom I initially got to know about the $subject.
Thanks to you for patience reading and have a good day....!!!

Sunday, September 18, 2011

How to use pre-compiled JSPs in a webapp with tomcat 7

Problem:
Recently I had the following requirement:

I had a webapp that has some jsp files which directly call some methods in some libraries. But those libraries are in a sandbox environment secured by Java Security Manager. Therefore only the calls that come from classes that are signed by a particular key, are allowed to be executed.

My webapp was not working until I guarantee the sandbox environment that the method calls are coming from a signed source.

Solution:
The solution for the above problem is consisted with following steps:
1. Pre-compile jsp files.
2. Package the pre compiled jsp files into a jar file.
3. Sign the jar file using the appropriate key.
4. Package the signed jar file in the WEB-INF/lib folder of the webapp
5. Remove all the jsp files from the webapp.

Walk through:
jspc-maven-plugin comes to the rescue in this occasion.

I will walk you through how to pre-compile jsp files of the example webapp of WSO2 AppServer by integrating pre-compiling step into the maven pom.xml.

Following is the complete pom.xml file with modifications to include the steps of pre-compiling and packaging the jsp files.

    
        org.wso2.appserver
        wso2appserver-samples-parent
        4.1.1
        ../../pom.xml
    

    4.0.0
    
    example
    war
    WSO2 AS - Example webapp

    
        
            org.wso2.carbon
            org.wso2.carbon.tomcat
            ${carbon.platform.version}
        
        
            org.apache.axis2.wso2
            axis2-client
            ${axis2.osgi.version}
        
        
            org.wso2.carbon
            org.wso2.carbon.authenticator.proxy
            ${carbon.platform.version}
        
        
            org.wso2.carbon
            org.wso2.carbon.authenticator.stub
            ${carbon.platform.version}
        
        
            org.wso2.carbon
            org.wso2.carbon.core.common
            ${carbon.platform.version}
        
        
            org.wso2.carbon
            org.wso2.carbon.core
        

        
            org.apache.axis2.wso2
            axis2
        
    

    
        
            
                org.codehaus.mojo
                build-helper-maven-plugin
                
                    
                        add-source
                        generate-sources
                        
                            add-source
                        
                        
                            
                                target/generated-code/src
                            
                        
                    
                
            

            
                org.codehaus.mojo.jspc
                jspc-maven-plugin
                
                    
                        
                            compile
                        
                    
                
                
                    ${pom.basedir}/src/main/resources/WEB-INF/web.xml
                    1.5
                    1.5
                    
                        ${pom.basedir}/src/main/resources
                        
                            **/*.jsp
                        
                    
                
                
                
                
                    
                        org.codehaus.mojo.jspc
                        jspc-compiler-tomcat6
                        2.0-alpha-3
                        
                        
                            
                                org.apache.tomcat
                                jasper
                            
                            
                                org.apache.tomcat
                                jasper-el
                            
                            
                                org.apache.tomcat
                                jasper-jdt
                            
                            
                                org.apache.tomcat
                                servlet-api
                            
                            
                                org.apache.tomcat
                                jsp-api
                            
                            
                                org.apache.tomcat
                                el-api
                            
                            
                                org.apache.tomcat
                                annotations-api
                            
                        
                    
                    
                    
                        org.apache.tomcat
                        tomcat-jasper
                        7.0.12
                    
                    
                    
                        org.eclipse.jdt.core.compiler
                        ecj
                        3.5.1
                    
                
            

            
                org.apache.maven.plugins
                maven-compiler-plugin
                
                    1.5
                    1.5
                
            
            
            
                org.apache.maven.plugins
                maven-war-plugin
                2.1-beta-1
                
                    example
                    
                        WEB-INF/classes/**,
                        WEB-INF/*,
                        WEB-INF/jsp/*,
                        WEB-INF/jsp2/*,
                        WEB-INF/lib/jstl.jar,
                        WEB-INF/lib/standard.jar,
                        WEB-INF/lib/jsp.jar,
                        **/axis2-client*.jar,
                        **/org.wso2.carbon.authenticator.proxy*.jar,
                        **/org.wso2.carbon.authenticator.stub*.jar,
                        **/org.wso2.carbon.core.common*.jar,
                        **/*.java,
                        **/tags/**,
                        **/servlets/**,
                        **/carbon/**,
                        **/*.class,
                        **/*.html,
                        jsp/images/*
                    
                    
                        
                            
                            src/main/resources
                        
                    
                    ${pom.basedir}/target/jspweb.xml
                
            
        
    


Following is what is done... please follow with the line numbers:

1. line 73 introduces jspc-maven-plugin to the pom.xml file.
This will compile jsp files to servlets and then into .class files which include the byte code. These can be found under "target/jsp-source" once the maven build succeeds.

2. Note the 'Configuration' element from line 83 to 93:
    - inputwebxml: specify where the original web.xml file of the webapp resides. jspc-maven-plugin will detect that and update the servlet mappings according to the compiled jsp files and create a new file called "jspweb.xml" in the target folder, which you need to package with the webapp instead of the original web.xml.
    - sources: specify where the jsp files resides in your webapp .

3. Then comes the trick: there is no jspc-maven-compiler plugin for tomcat 7 yet. So we need to use tomcat 6 version of it by removing the incompatibilities. This is what is done from line 97 to line 147.

4. As in line 190, you need to specify the new web.xml created by this plugin, to be included in the .war file of the webapp.

5. Now the step 1 mentioned in the above 'solution' section is achieved and the files obtained by pre-compiling jsp files are available in 'target/jsp-source' folder.

Now, in order to complete steps from 2-4 in the above 'solution', you may need to write a ant build.xml file or can integrate those steps into the pom.xml file itself. I did it through a ant build.xml file.

You can use jarsigner tool that comes with JDK installation  to sign the jar file containing the compiled jsps, as described here.

Once you include the compiled jsps in a jar file in the webapp, you need to remove the original jsp files from the webapp or avoid packaging them in the .war file because if they are included, those will be compiled and used by the servlet container instead of the already pre-compiled ones.

In my case, I had to remove the jsp files packaged inside web-inf/classes/carbon
and web-inf/classes/jsp/carbon of the webapp.

Hope this helps...

Saturday, September 17, 2011

3rd & the last day...

Just like every good thing comes to an end, WSO2Con 2011 also ended up in style and with a big success story on 15th Sept.
Here are the highlights of the day...
1) We were privileged to listen to Gregor Hohpe on "Enterprise Integration Patterns: Past, Present and Future". He is the author of the book: 'Enterprise Integration Patterns' which has become the De facto standard for EIP and ESB.
-  Messaging has been evolving from export-->import to centralized database to RPC to asynchronous messaging
-  Good side of asynchronous model:
  • Asynchrony
  • reliable - can resend messages
  • can introduce intermediaries independently
  • throughput over latency
  • throttling
- A broader view of messaging patterns with Messaging Patterns Language
  • transport messages ==> channel patterns
  • designing messages ==> message patterns
  • route messages ==> routing patterns
  • transform messages ==> transformation patterns
  • produce & consume messages ==> endpoint patterns
  • and more...
- How integration patterns expanded:
  •  by going deep on thinking about and having room for family of patterns and projecting on the platform
  • by going broad on considering other patterns such as message patterns
- Enterprise integration aspects: messaging, messages, conversations, processes, events

- Gregor also unveiled the fact that open model really works & help carving a good book where you can get lot of input from the community -good tip for authors. He also mentioned that he is working on a Conversation pattern language book which will be a good news for enterprise integration architects.

2) Maria Belkina did a very interesting session on how WSO2 products stack is being used to realize the goal of Electronic Russia -in the project "Integration Infrastructure Middleware (IIM)". It was amazing to see how well the products have being integrated in the project.
- Currently WSO2 ESB, Governance Registry & BAM are in action.. planning to use Identity Server for Single Sign On
- Reasons to select: flexible, robust, admin UI can be easily localized, easy to configure etc..

3) Last but not least, an interesting and inspiring talk has been scheduled towards the end of the conference by Samisa Abeysinghe on "Engineering to take over the world". He very nicely presented the home grown wisdom of leadership, operational model of WSO2 which has made its way to take over the world, competeing head on with leaders in the industry with in 5 years. There is a nice post written by one of my friends dedicated to this talk which you can refer for more details..

With above and many more interesting sessions, I would say One amazing team marked the successful  end of a wonderful conference WSO2Con 2011 which was a great source of knowledge and inspiration...

Friday, September 16, 2011

Brain storming day on SOA and Clouds

WSO2Con2011 marked its second day with greater success..

I got the chance to witness some great keynotes, tech talks and case studies on WSO2 products from different corners of the world that helped me to enhance and expand the boundaries of my knowledge and thinking.

Here I am going to note down highlights of some of the sessions that I attended...

1) Distinguished architect of eBay -Sastri Malladi discussed how/why SOA is good for your business taking an example on how eBay adopted SOA.

- Fun facts about eBay: 97 million active users, 2 billion photos, $2000 worth of goods exchanged per second, 40 billion API calls per month, > 100 billion SQL transactions executions per day..
Above implies Sastry has more than enough credibility to talk on how/why SOA for your business..

- Important note on perception about services is.. services is not just technology, it is also includes processes and people

- SOA enables following and more:
  • business agility - faster time to market, quicker responses to changes & easy integration with partners..
  • innovation - internal and external innovation
  • operational excellence -reduced cost of new feature development, reduced cost failure etc..
- According to him, typical steps on service orienting a business:
  1. do domain modelling
  2. decompose domains into components -(intersection between domains should be zero)
  3. owners and architects to domains
  4. central vs. decentral governance
  5. business, technical alignment
  6. pick correct tools
- One important note he added for solution architects/designers "..need to have the bigger picture from the beginning..."

- Continuing with the case study about eBay SOA adaption..
  • eBay exposed service API from early days of 2001
  • technology stack is a combination of home grown, commercial & open source software
  • No proprietary.. everything used are open standards..
  • evaluated many products & selected WSO2 ESB ("it rocks" in Sastry's own words..)
If you are more interested, you can read complete eBay case study

2) Interesting and rich tech talk on cloud & WSO2 Stratos followed by an attention grabbing live demo on WSO2 StratosLive were conducted by Afkham Azeez and Shankar (who are the Master architect and Master builder of Stratos, StratosLive respectively according to Samisa's blog...).

- Audience was mesmerized and entertained when the Facebook app hosted on StratosLive App Server was demoed by Shankar. (You can also try it now from the given link :-) )

3) Two interesting user/customer stories or rather case studies were presented by Nelson Raimond -Open Source Adoption in a Mexican Bank and Dmitry Lukyanov -WSO2 in Action in Alfa Bank. Rather than me blogging with my memory, let me quote some of the live tweets made by the audience in the middle of these two sessions.

If you are interested, refer to Alfa Bank case study for more details.

4) Then came the much awaited session, "Security in Practice" by Prabath Siriwardena. Many were excited about his session, knowing he is a master presenter and an expert in security.
Fulfilling everyone's expectations, he delivered a great tech talk on Security in a way that everyone understands.
One of the messages conveyed is: in-spite of all the jargon in Security space like OAuth,OpenID,SSO,STS,XACML etc.. which scare away people, if you get the security concepts right, it is easy to apply security in practice selecting the right technology at the right place.

Following is the slide deck that he presented, which he has shared on slide share.
The second day of WSO2Con 2011 was really a success with lots of brain storming sessions on SOA, Clouds and case studies.
Going in her own way, WSO2 organized a musical jam session at the end of the day to entertain the participants which also demonstrated that WSO2ers are not only techies or geeks but they are singers and artists as well..

Tuesday, September 13, 2011

September 13th..

September 13th - yes, yesterday was a day to remember for couple of reasons.. First, I completed one year in the industry after graduating. Time has flied so fast and looking back, I consider myself to be lucky to have joined one amazing company for my first job and have worked with an amazing set of people while learning and contributing to the open source community.

Second - it was the opening day of one remarkable event - yes, it is WSO2Con2011. It was my first experience in attending an international IT conference.  I am sure it was a very fruitful & memorable one for all the attendees with priceless knowledge and experience gained. 

Here I will sketch some notes on three of the sessions that I attended.

After the grand opening of the event owing to Sri Lankan traditions, we listened to founder & CEO-Dr. Sanjiva Weerawarana's welcome speech which was inspiring.

Titling it as - 'Causing troubles!', he gave a complete overview of WSO2 with related to history, technology, business, culture, people and Sri Lanka. Being a hard core technology company which was started with the vision of rethinking what middleware is, it has got its own unique features which powered it to compete head on with many leaders in the industry.

Self questioning & reinventing always, open model of operating, being driven by meritocracy, respecting to personal vision of self driven people, dedication and everyday learning are few out of the many that he mentioned - which has made WSO2 to go a long way with in 5 years.

He concluded the session with a nice quote from Mahathma Gandhi - "First they ignore you, then they laugh at you, then they fight you, then you win."

1st tech talk of track 1 after lunch was on ESB. Hiranya Jayathilake has titled it as - Swiss Army Knife of SOA.
EAI (Enterprise Application Integration) is one of the toughest problem that an architect would face. He explained how ESB comes to rescue in EAI and how to distinguish a good ESB from just ESB by looking for the support for various transports, QoS features and integration patterns. 

Although it is true that ESB is the swiss army knife of SOA- by providing various set of tools for different purposes, architects should avoid the myths regarding the ESB - such as ESB is the silver bullet that solves all the problems, it is the shortcut for achieving SOA etc. Rather, ESB is only a key enabler for SOA and the architects should select the right tool for the right task.

Then WSO2 ESB was explained in detail with regard to its functional components, messaging model with pipe/filter pattern achieved through mediators and sequences, features and sample use cases.

I attended track 2 for the second tech talk since the abstract of that case study was of interest to me. 
This case study was presented by Andreas Wichmann of T-Systems on how WSO2 product stack is integrated in Connected-Car project.

Among the many reasons-that he explained in detail for integrating the project with WSO2 products, following were of main focus...
-Middleware stack not only consisted of ESB, but also provides support for governance, identity management and security solutions,
-high availability, scalability and load balancing,
-ease of configuring, installing, integration and patching,
-support for content based routing and fault handling,
-support for SAML, XACML and X.509,
-OSGi
-Stratos for Connected Car as a service
 
Above I mentioned about only three sessions out of many that I attended.
I stop for the moment, looking forward for another day full of brain storming sessions on SOA & Cloud.

Saturday, September 10, 2011

WSO2Con2011 - Educational Value

As promised in my previous introductory blog post about WSO2Con-2011, here I am writing the follow up blog on the specialty of WSO2Con-2011 in the aspect of its educational value, in my views - as an attendee who is excited about this event that is going to happen within less than just two days.
Conference agenda is carefully organized to deliver a great value addition to your knowledge. 

Three days of key notes and tech talks are proceeded by pre-conference tutorial sessions where you will have the opportunity to get yourself equipped with the necessary knowledge in the area of SOA and on WSO2 product platform, in order to attend the conference with better preparation and understanding.

Conference is also followed by post-conference tutorial sessions on advanced concepts and topics on WSO2 products themselves and on SOA and Cloud computing to help you to dig deep into the topics of interest.

All these 3-4hrs tutorials are conducted by technology experts in WSO2 who involve in the architecture, design and development of award winning WSO2 middleware products and cloud platform.

Tutorials sessions are conducted in three tracks in parallel and the conference is conducted in two tracks in parallel, giving you the opportunity to have a wider range of selections to match your fields of interests.

Following are the tutorials sessions that I am planning to attend:
1. Practical SOA for the Solution Architect
2. Introduction to Web and SOA Security
3. Advanced Concepts in WS-BPEL
4. Introduction to WSO2 ESB for Administrators
  
At a glance you can get an idea about the range of topics that are going to be covered during the conference and how they are organized in different tracks from the following diagram.