WSO2 Gadget Server 1.3.0 is out with a bunch of awaited features

This is a short post aiming to notify the new features of WSO2 Gadget Server 1.3.0 which was released recently. The product is popular among the community as a gadget rendering platform, which provides a presentation layer for heterogeneous enterprise services based on Google Gadgets Specification and Apache Shindig. As an enterprise presentation product, the Gadget server is now fully fledged with number of awaited features such as,

And some of the important features of WSO2 Gadget Server are,

Try out The Gadget Server 1.3.0, and provide your feedback to make it better and brighter. You can provide feedback, report bugs and join in with architectural discussions at any of WSO2 public lists and also you can have a better understanding via going through many articles at WSO2 Oxygen tank.

Advertisements

Sharing HTTPS, HTTP sessions in tomcat hosted web-apps

The requirement is to only serve the login page securely and once the user is authenticated (s)he should be redirected to non-secure http mode. I was struggling to do this quite some time back, and just thought of documenting about it.

The requirement

The idea I had was; “It should be quite simple”, Facebook does that, Google does that and why is it still not well documented ?, However the almost all Google search results for my queries were about simply redirecting HTTP traffic to HTTPS for certain URLs, some were using URL rewriting (mod_rewrite), and some have used server configuration via Tomcat’s server.xml.

What I really wanted to achieve is to preserve the state between the protocol switch. After some considerable amount of searching I found out this is not achievable (in a very clean manner) with tomcat or rather it is a conflict between security and state management in the servlet spec itself, hence there only exist a dirty hack (not sure if this works) to get it done, but even that hack couldn’t be applied to my scenario.

So after some thinking I came up with my own hack (I think its even dirtier 😉 ) to solve the issue; Its quite simple, and involves cookie manipulation. My approach was simply read the HTTPS cookie and set it as the HTTP cookie, what I need was one jsp which is served with HTTPS and few lines of Java code.

The solution
The solution

True enough it certainly looks like a hack, but security wise its as same as the Tomcat user group has suggested. so until the new servlet specification answers this question we have to live with this. the code of converting the cookies are as follows.

   
    Cookie[] cookies = request.getCookies();
    String sessionId;
    if (cookies != null) {
        for (Cookie c : cookies) {
            if (c.getName().equals("JSESSIONID")) {
                sessionId = c.getValue();
            }
        }
    }

    Cookie k = new Cookie("JSESSIONID", sessionId);
    k.setPath(request.getContextPath());
    response.addCookie(k);

Basically what the code does is, reading the secure cookies while inside the middle.jsp and setting them without security (k.setSecure() is not mentioned hence by default its false), and that’s about it, once this is done you can simply redirect to the HTTP page.

response.sendRedirect("http://foo.com:8080/index.jsp");  

and now the cookie which originally set via HTTPS is accessible to the HTTP requests, hence the session is shared.

WSO2 Gadget Server 1.1.0, What to expect

WSO2 Carbon 3.0.0 – code name “Iridium” is just about to release in few more days. as of WSO2’s release strategy, all the products will graduate with their next version on top of carbon based platform. As for the newly released Gadget Server it would be version 1.1.0

Features were frozen for version 1.1.0 and that was in the end of February as I recall. We (the GS team) managed to squeeze in few new very important features to this release.

  • Upgraded shindig to the latest version

This was a bummer, since WSO2 Carbon platform is running on OSGi, if you had to use a non native OSGi project (i.e. Shindig) you will have to create an OSGi aware carbon orbit bundle and make use of it at run time. This was done some time back where shindig was on r734876 revision. In-order to leverage new functionalities such as OAuth, Pub-Sub etc. and to patch the bug fixes we thought of updating the shindig carbon orbit bundle. So now shindig is on r910768 and is quite up to date.

  • i18n internationalization support for gadgets

i18n is not a big deal for Google gadgets since the gadget API itself supports it, What we had to do is enable i18n support in shindig. (Which was already implemented by the shindig community)

  • Inter Gadget communication

Inter gadget communication, seemed to be the hot topic in our forums and webinars, all most in all tech talks we did about the Gadget Server, some person in the audience raised the question about gadget-to-gadget communication. Our answer was “it can be done at shindig level, and we are yet to support it”. So without a long await, with GS v1.1.0 we enabled this feature. The architecture is quite fascinating where there will be zero backend calls and all the communication is done simply on the front-end. Basically each publisher will have a publishing channel and the subscribers can subscribe to this channel. After that its simple pub-sub.

  • The portal will completely run on HTTP transport

This was a limitation we had in our fist release. The portal was running only on HTTPS, and the reason behind was that all WSO2 products are running on secure transport and the Gadget Server is also a combination of some specific components which ran on the same platform. For this release we went the extra mile and enabled HTTP for the portal. So once you go to the login page it will switch to the secure transport (HTTPS) and after successful login you will redirect back to the HTTP non-secure mode. (Of cause you can disable HTTP any time and run the portal purely on HTTPS, it all depends on the requirement.)

One disappointment I have is that we couldn’t integrate OAuth on time. even though it is supported at shindig level we have to do a considerable amount of work from the Gadget Server side to fully support it, hence it is postponed to our next release. You can try the sample OAuth GData Gadget, simply adding it by the URL, and that will work like a charm. (nothing useful but just to let you know that we are only few steps behind on it)

Okey so enough sneak peak 😉 download the Gadget Server pre-beta, play with it, and help us to improve (even in the last minute) by reporting any issues.

Cheers !!

Apache Asia Road Show 2009 >> Keynote speech

Today I was at Apache Asia road show 2009 at Colombo, and feeling good about myself of attending :). It was a great session with many valuable tech talks and more of a valuable community gathering. Am not writing this post to talk about Apache and all the open source movement but about a specific talk which made me thinking.

Today, the 1st of 3 days event, the keynote speech was given by a remarkable Sri Lankan Scientist Prof Mohan Munasinghe on a topic if I remember correctly, “Making Development More Sustainable Will Help Address Climate Change“. I know !! It doesn’t sound much like open source or rather ICT in that matter, but the way he made most of the things related to ICT was quite remarkable. His solution to address bigger problems seems simple. His solution was to address the small problems, change the things what you can change at no cost, exactly quoting “Use electricity carefully, eat less meet :)”.

Thinking it through, its the old method in solving the big problem, its just break it in to small problems and try to solve those small ones. The facts Prof Munasinghe talked about climate change was quite terrifying. But however his conclusion was optimistic, he believed as a community that we will stand up against these challenges, be less greedy and help the poor.

P.S : If anyone of you did find the presentation slides of the keynote speech please do link in comments 🙂

That and This

Nothing much new to write, was busy with work, WSO2 Gadget Server is about to release in the coming weeks, (I’ll be writing a whole story about it in a coming post). Apart from all those, my first article was published today in the diGIT magazine, which is a free online IT magazine run by a bunch of Sri Lankans. For some time I wanted to write about SOA and my findings in my final academic year, I thought I will blog about it. But never got a chance or rather, who will read about SOA in my blog :D. For many of such reasons I thought of contributing to diGIT mainly about SOA. With its December issue, my first article about SOA got published. you can check it out at http://digit.lk/09_dec_soa2 and leave a comment here 🙂

Other than that, The Apache Asia Roadshow 2009 is happening in town Dec. 3rd, 4th and 5th. On 4th morning I will be talking about Apache Shindig and our experience in WSO2 Gadget Server along with Tyrell. So pay a visit on the event am sure it’ll be awesome.

JSF, Spring together with apache CXF

Good tutorials and resources on Apache CXF How Tos are not easy to digg. I had to spend hours searching and reading to make my small application up and running, Integrating Spring with JSF was pretty straightforward, but when it comes to integrating those two with JSF i got stuck.

So this post is about exposing a web service as a web project using JSF front end / Spring backed and CXF for service invocation

before starting I should mention few valuable resource around the net.

The web service u used was the publicly available spelling checker which is used in the netbeans tutorial.

The Step by step guide as follows >>

Step 1 :

Create the classes from the WSDL you can use netbeans for this task or WSDL2JAVA command (wsdl2java [URL]) in the shell.

Continue reading JSF, Spring together with apache CXF