Apache – @nuwanbando

WSO2 Gadget Server 1.3.0 is out with a bunch of awaited features

This is a short post aiming to notify the new features of WSO2 Gadget Server 1.3.0 which was released recently. The product is popular among the community as a gadget rendering platform, which provides a presentation layer for heterogeneous enterprise services based on Google Gadgets Specification and Apache Shindig. As an enterprise presentation product, the Gadget server is now fully fledged with number of awaited features such as,

Custom Layouts (1, 2, 3 column customization)
Themeing support (customize the look and feel)
Role based permissions (Now gadgets can be restricted based on user roles)
SOAP request support (Gadgets can now perform SOAP web service calls)
Tooling integration with Carbon Studio (gadgets can be deployed as archives created via CStudio)
Integration to WSO2 Visualization framework (WSO2Vis)

And some of the important features of WSO2 Gadget Server are,

Enterprise Gadget Repository
OAuth Support
Inter-Gadget communication
i18n Support
WSO2 Carbon platform level support such as,
- Clustering,
- Monitoring
- Userstore integration (AD, LDAP)
- Registry space

Try out The Gadget Server 1.3.0, and provide your feedback to make it better and brighter. You can provide feedback, report bugs and join in with architectural discussions at any of WSO2 public lists and also you can have a better understanding via going through many articles at WSO2 Oxygen tank.

Sharing HTTPS, HTTP sessions in tomcat hosted web-apps

The requirement is to only serve the login page securely and once the user is authenticated (s)he should be redirected to non-secure http mode. I was struggling to do this quite some time back, and just thought of documenting about it.

The idea I had was; “It should be quite simple”, Facebook does that, Google does that and why is it still not well documented ?, However the almost all Google search results for my queries were about simply redirecting HTTP traffic to HTTPS for certain URLs, some were using URL rewriting (mod_rewrite), and some have used server configuration via Tomcat’s server.xml.

What I really wanted to achieve is to preserve the state between the protocol switch. After some considerable amount of searching I found out this is not achievable (in a very clean manner) with tomcat or rather it is a conflict between security and state management in the servlet spec itself, hence there only exist a dirty hack (not sure if this works) to get it done, but even that hack couldn’t be applied to my scenario.

So after some thinking I came up with my own hack (I think its even dirtier 😉 ) to solve the issue; Its quite simple, and involves cookie manipulation. My approach was simply read the HTTPS cookie and set it as the HTTP cookie, what I need was one jsp which is served with HTTPS and few lines of Java code.

True enough it certainly looks like a hack, but security wise its as same as the Tomcat user group has suggested. so until the new servlet specification answers this question we have to live with this. the code of converting the cookies are as follows.

   
    Cookie[] cookies = request.getCookies();
    String sessionId;
    if (cookies != null) {
        for (Cookie c : cookies) {
            if (c.getName().equals("JSESSIONID")) {
                sessionId = c.getValue();
            }
        }
    }

    Cookie k = new Cookie("JSESSIONID", sessionId);
    k.setPath(request.getContextPath());
    response.addCookie(k);

Basically what the code does is, reading the secure cookies while inside the middle.jsp and setting them without security (k.setSecure() is not mentioned hence by default its false), and that’s about it, once this is done you can simply redirect to the HTTP page.

response.sendRedirect("http://foo.com:8080/index.jsp");

and now the cookie which originally set via HTTPS is accessible to the HTTP requests, hence the session is shared.

WSO2 Gadget Server is out… Download it !! Play with it !!

Yesterday (16th Dec) WSO2 Gadget Server graduated from its beta status and announced its release. WSO2 Gadget Server is designed to serve as a presentation middle-ware product in the SOA space to smoothly display chunks of service oriented data for the end users.

The solution architecture is based on portal / portlet concept but making it far more simpler. Since the enterprises are more and more leaning towards the cloud and service oriented mashups, visualizing those data should not be complicated. Hence the Gadget Server provides a simple platform to write the data visualization code just in HTML, JavaScript and XML the implementation of the presentation logic cannot make more simpler. It is exactly similar to writing a Google gadget (hosted in iGoogle / Gmail / orkut) to Tweet ;).

As far as it goes the Gadget Server’s applicability for the enterprise is somewhat an enterprise dashboard that can be customized according to the user’s need and governed by the authorities. For an instance if you are a manager of a bank, wouldn’t it be great to have a dashboard forecasting and displaying current and future bank transaction stats and predications, while at the same time in a deferent view having your business schedule, calender, mail/IM, and news as small but clear and interactive portlets.

Yeah so thats, what the Gadget Server does, and the interesting fact is, its simplicity and extensibility, What all you need to know is some HTML and JavaScript. (no need to consult Java / .NET / PHP / SOA experts). So Download it !! Play with it !! Give us some feedback !!

Apache Shindig talk at Apache Con Asia 09

As I have mentioned in some previous post, today I did a talk about Apache shindig and its use cases (WSO2 Gadget Server) at Apache Con 09 with my Colleague Tyrell. So without writing about the whole talk let me share the presentation slides. The Talk turned up great, audience were quite interested, too bad we had very limited time and missed to do a demo. 😦

http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=shindig-apachecon-asia-09-091204001804-phpapp02&stripped_title=shindig-apachecon-asia-09

View more documents from Nuwan Bandara.

Apache Asia Road Show 2009 >> Keynote speech

Today I was at Apache Asia road show 2009 at Colombo, and feeling good about myself of attending :). It was a great session with many valuable tech talks and more of a valuable community gathering. Am not writing this post to talk about Apache and all the open source movement but about a specific talk which made me thinking.

Today, the 1st of 3 days event, the keynote speech was given by a remarkable Sri Lankan Scientist Prof Mohan Munasinghe on a topic if I remember correctly, “Making Development More Sustainable Will Help Address Climate Change“. I know !! It doesn’t sound much like open source or rather ICT in that matter, but the way he made most of the things related to ICT was quite remarkable. His solution to address bigger problems seems simple. His solution was to address the small problems, change the things what you can change at no cost, exactly quoting “Use electricity carefully, eat less meet :)”.

Thinking it through, its the old method in solving the big problem, its just break it in to small problems and try to solve those small ones. The facts Prof Munasinghe talked about climate change was quite terrifying. But however his conclusion was optimistic, he believed as a community that we will stand up against these challenges, be less greedy and help the poor.

P.S : If anyone of you did find the presentation slides of the keynote speech please do link in comments 🙂