ads

terça-feira, 22 de abril de 2008

Curso online gratuito de Ruby

Quer aprender uma das linguagens que mais tem crescido pelo mundo com apenas poucos anos de vida e com grande previsão de crescimento para o próximo ano, sem ter que gastar nada?

O site RubyLearning.com mantido por Satish Talim, está promovendo um curso gratuito de Ruby, totalmente online. O curso está em sua 3ª edição e até o momento deste post, já possuía mais de 715 inscritos.

O curso será ministrado através do Moodle, uma aplicação opensource para ensino a distância e tem início em 07 de janeiro de 2008. Para mais detalhes e para realizar sua inscrição, acesse a página do curso.

O pré-requisito é saber inglês e já possuir alguma base de programação.


Não vá perder essa excelente oportunidade! ;)



Acessando via e-mail ou SMS serviços Web 2.0 bloqueados


MoDazzleMuitas organizações tem bloqueado acesso a alguns serviços Web 2.0, tais como Facebook, LinkedIn, Google Maps, entre outros, por acreditarem que a navegação nestes serviços podem diminuir a produtividade de seus empregados, o que em alguns casos não deixa de ser verdade.

Mas se você possui acesso a e-mail ou um celular, isso pode ser facilmente burlado com um novo serviço chamado MoDazzle.

Com ele você pode enviar comandos via e-mail ou SMS para o serviço desejado, permitindo que você receba as informações de retorno na sua caixa de entrada, publique conteúdo, faça upload de imagens, etc. Por exemplo, se você quiser ler suas mensagens não-lidas do Facebook, basta enviar um SMS para o número 22553 com a texto fbri, ou envie um e-mail para o endereço fbreadinbox@modazzle.com deixando o campo Assunto (Subject) em branco. Simples assim!

Fluxo do MoDazzle

O MoDazzle tem suporte para o seguintes serviços:

  • Facebook
  • LinkedIn
  • VentureSource
  • Lavalife
  • Salesforce
  • Hoovers
  • Google Maps
  • Starbucks
  • ZoomInfo
  • Weather
  • Yelp
  • Stock Quotes
  • Flight Updates

Os comandos disponíveis para cada serviço está disponível no guia de uso.

Para começar usufluir do MoDazzle basta realizar um simples registro.

quarta-feira, 16 de abril de 2008

WSS4J With Axis

Introduction

WSS4J can be used for securing web services deployed in virtually any application server, but it includes special support for Axis. WSS4J ships with handlers that can be used in Axis-based web services for an easy integration. These handlers can be added to the service deployment descriptor (wsdd file) to add a WS-Security layer to the web service. This is a step by step tutorial for deploying a simple service with Username Token.

Prereqs

To run this tutorial, you must install a JDK (of course). I suggest JDK 1.4.2_04 or 1.5.0. Then you need an application server. I’ve personally used version jakarta-tomcat-4.1.31. Then you need to download and install Axis (version 1.2) and WSS4J. Getting hold of WSS4J and the other jars you may need can be quite tricky. One way is to download Maven and checkout and build WSS4J through it. That’s what I did (not without problems though).

If you have problems getting the needed jar files let me know and I'll try to add them to this space for download. I've compiled the wss4j.jar package and made it available for download here.

You don’t really need a Java code editor, but it helps. Personally I use Eclipse and Lomboz (a J2EE plug-in for Eclipse).

Installing WSS4J

  1. Download the WSS4J binaries or build it from sources
  2. Copy the contents (the jar files) of the WSS4J lib directory to your Axis WEB-INF/lib directory. Many jar files will already exist. Most of them will already exist there but you can just overwrite them all.
  3. You may need to restart Tomcat unless you have automatic deployment/class loading turned on. Check the Axis Happiness Page (typically at http://localhost:8080/axis), make sure that the XML Security (xmlsec.jar) is listed under the "Optional Components" section.

Creating the service

  1. This tutorial will secure the StockQuoteService which ships with the sample code with Axis. If you deploy the sample web apps that ships with Axis you don’t need to do anything more. Look at the Axis docs on how to install it properly. Unless you have one already, create a deployment descriptor (deploy.wsdd) file with the following contents:


<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<service name="stock-wss-01" provider="java:RPC" style="document" use="literal">
<parameter name="className" value="samples.stock.StockQuoteService"/>
<parameter name="allowedMethods" value="getQuote"/>
<parameter name="scope" value="application"/>
</service>
</deployment>

It doesn’t matter where you put this file.

  1. deploy the service (using AxisAdmin):

java org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/AdminService deploy.wsdd

The AdminClient class depends on a load of jar-files, so to deploy this I created a bat-file that looked like this:

setlocal

set CLASSPATH=%CLASSPATH%;C:\axis-1_2RC2\lib\axis.jar;C:\axis-1_2RC2\lib\jaxrpc.jar;C:\axis-1_2RC2\lib\commons-logging.jar;C:\axis-1_2RC2\lib\commons-discovery.jar;C:\axis-1_2RC2\lib\saaj.jar;

java org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/AdminService test-deploy.wsdd

endlocal

You have to change the bat-file to reflect where you’ve put your axis jar files naturally.

Creating the Client

  1. Use WSDL2Java to generate the client service bindings (a number of soap client classes):

    java org.apache.axis.wsdl.WSDL2Java -o . -Nhttp://fox:8080/axis/services/stock-wss-01 samples.stock.client http://fox:8080/axis/services/stock-wss-01?wsdl

    Again, the wsdl2java needs a number of jar files to work properly, so I created a new bat-file to help out with that. The bat-file looks like this:

    setlocal

    set CLASSPATH=%CLASSPATH%;C:\axis-1_2RC2\lib\axis.jar;C:\axis-1_2RC2\lib\jaxrpc.jar;C:\axis-1_2RC2\lib\commons-logging.jar;C:\axis-1_2RC2\lib\commons-discovery.jar;C:\axis-1_2RC2\lib\saaj.jar;C:\axis-1_2RC2\lib\wsdl4j.jar;

    java org.apache.axis.wsdl.WSDL2Java -o . -Nhttp://localhost:8080/axis/services/stock-wss-01 samples.stock.client http://localhost:8080/axis/services/stock-wss-01?wsdl

    endlocal

    A bunch of java classes will be created under samples/stock/client, including the StockQuoteServiceServiceLocator.
  2. Write a simple java console application that uses the generated service locator. For example:

    package samples.stock.client;

    import java.rmi.RemoteException;
    import javax.xml.rpc.ServiceException;

    public class StockServiceClient {
    public StockServiceClient() {
    }
    public static void main(String[] args) throws ServiceException, RemoteException {
    if (args.length == 0) {
    System.out.println("Usage:\njava StockServiceClient [symbol]");
    return;
    }
    StockQuoteServiceService locator = new StockQuoteServiceServiceLocator();
    StockQuoteService service = locator.getStockWss01();
    float quote = service.getQuote(args[0]);
    System.out.println("stock quote service returned " + args[0] + ": " + quote);
    }
    }
  3. run the client:

    java samples.stock.client.StockServiceClient XXX

    If all went well, you should get the result:

    stock quote service returned IBM: 55.25

When using "XXX" as parameter, the service won't try to go out on the Internet to get the real quotes, but just returns a float with the value of 55.25.

What you’ve created so far is a very simple web service with a simple client that calls it. WSS4J has not been used yet, so this web service call is unprotected. Now it’s time to add a Username Token to the soap call.

Configuring the Service for Username Token

  1. Modify the deployment descriptor you created above to look like this:

    <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
    <service name="stock-wss-01" provider="java:RPC" style="document" use="literal">
    <requestFlow>
    <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
    <parameter name="passwordCallbackClass" value="PWCallback"/>
    <parameter name="action" value="UsernameToken"/>
    </handler>
    </requestFlow>

    <parameter name="className" value="samples.stock.StockQuoteService"/>
    <parameter name="allowedMethods" value="getQuote"/>
    <parameter name="scope" value="application"/>
    </service>
    </deployment>

    WSDoAllReceiver is an Axis handler located in wss4j.jar package. This is the standard way to deploy an Axis handler. For more details please refer to the Axis handler for WSS4J documentation.
  2. Create a class named PWCallback.java and compile it and put the resulting PWCallback.class file into your Axis WEB-INF/classes directory. In this example I used the default package for simplicity, but you might need to use the fully qualified class name (be consistent with the deployment descriptor).

    The following code snippet shows a simple password callback class:

    import java.io.IOException;
    import javax.security.auth.callback.Callback;
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.callback.UnsupportedCallbackException;
    import org.apache.ws.security.WSPasswordCallback;

    public class PWCallback implements CallbackHandler {
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
    if (callbacks[i] instanceof WSPasswordCallback) {
    WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
    // set the password given a username
    if ("wss4j".equals(pc.getIdentifer())) {
    pc.setPassword("security");
    }
    } else {
    throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
    }
    }
    }
    }


  3. Redeploy the service using the bat file you created earlier. Your service should now be expecting a WSS Username Token in the incoming soap request, and clients should send the username "wss4j" and password "security" to get through.

Configuring the Client for Username Token

  1. run the client we created again:

    java samples.stock.client.StockServiceClient IBM

    You should now get an error:

    Exception in thread "main" AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultSubcode:
    faultString: WSDoAllReceiver: Request does not contain required Security header

    This is because your client is not configured to send a Username Token yet, so the service is rejecting the request. To fix this, you need to create a callback class in the client, which adds the Username Token to the outgoing soap request.
  2. Create a deployment descriptor file (client_deploy.wsdd) for the client:

    <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
    <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
    <globalConfiguration >
    <requestFlow >
    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
    <parameter name="action" value="UsernameToken"/>
    <parameter name="user" value="wss4j"/>
    <parameter name="passwordCallbackClass" value="samples.stock.client.PWCallback"/>
    <parameter name="passwordType" value="PasswordDigest"/>
    </handler>
    </requestFlow >
    </globalConfiguration >
    </deployment>
  3. Create the samples.stock.client.PWCallback class:

    package samples.stock.client;

    import java.io.IOException;
    import javax.security.auth.callback.Callback;
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.callback.UnsupportedCallbackException;
    import org.apache.ws.security.WSPasswordCallback;

    /**
    * PWCallback for the Client
    */
    public class PWCallback implements CallbackHandler {

    /**
    * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
    */
    public void handle(Callback[] callbacks) throws IOException,
    UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
    if (callbacks[i] instanceof WSPasswordCallback) {
    WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
    // set the password given a username
    if ("wss4j".equals(pc.getIdentifer())) {
    pc.setPassword("security");
    }
    } else {
    throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
    }
    }
    }
    }
  4. Define the system property axis.ClientConfigFile for your client:

    java -Daxis.ClientConfigFile=client_deploy.wsdd -classpath $AXISCLASSPATH samples.stock.client.StockServiceClient

    Make sure that your CLASSPATH includes the jar files under WEB-INF/lib.

    Another way to do this is to specify the wsdd file in your StockServiceClient to the service locator programmatically:

    ...
    import org.apache.axis.EngineConfiguration;
    import org.apache.axis.configuration.FileProvider;
    ...

    EngineConfiguration config = new FileProvider("client_deploy.wsdd");
    StockQuoteServiceService locator = new StockQuoteServiceServiceLocator(config);
    ...
  5. Run the client, you should get no errors:

    stock quote service returned XXX: 55.25

    Your client is now sending a Username Token in the wsse request header with the username "wss4j" (see client_deploy.wsdd) and password "security" (see the PWCallback implementation).

    Another way to do this is to have the client application set the username and CallbackHandler implementation programmatically instead of using the client_deploy.wsdd file:

    ...
    import org.apache.axis.client.Stub;
    ...

    Remote remote = locator.getPort(StockQuoteService.class);
    Stub axisPort = (Stub)remote;
    axisPort._setProperty(UsernameToken.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);
    axisPort._setProperty(WSHandlerConstants.USER, "wss4j");
    axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF, pwCallback);

    where "pwCallback" is a reference to a PWCallback implementation. See the Axis handler for WSS4J documentation for more details on this.

    UPDATE: I've tried to set the callback using the techinque above, but without much success. I'll continue trying, and when I get it working I'll update this section again :)


    UPDATE 2: After some testing and teaking and good ideas from people, I got the thing above working. It's all explained in another blog post.
  6. Try modifying your client's PWCallback to return the wrong password, or send the wrong username. The service should reject your requests.

domingo, 13 de abril de 2008

Apache CXF

Apache CXF
The goal of the Apache CXF project is to deliver a high performance, fully featured services framework that is intuitive and easy to use. CXF will also implement important JCP and Web services standards. CXF simplifies the construction, integration, and flexible reuse of technical and business components using a standards-based, service-oriented architecture (SOA).

Using CXF, services are defined using WSDL contracts and are accessed using a number of different message formats (or bindings) and network protocols (or transports) including SOAP over HTTP, SOAP over JMS, XML over HTTP, and XML over JMS. CXF provides a pluggable architecture that supports both XML and non-XML type bindings in combination with any type of transport. The broad range of flexibility makes it possible to create and integrate Web services and legacy services using a single framework.

Goals of CXF
Support for Multiple Standards
JAX-WS, JAX-WSA, and JSR-181and SAAJ
SOAP 1.1, 1.2, WS-I BasicProfile,
WS-Security, WS-Addressing,
WS-RM and WS-Policy
WSDL 1.1 and 2.0
MTOM

Multiple Network Protocols (Transports) and Message Formats (Bindings)
Built-in support for SOAP and XML over HTTP, JMS, and Jabber transports
StAX-based streaming XML
Extensible API to support additional bindings including CSV and fixed record length
Data bindings include JAXB 2.0, XML Beans, Castor, and JiBX



Flexible Deployment
Lightweight containers: deploy services in Apache Tomcat or Spring-based containers
JBI integration: deploy as a service engine in a JBI container such as Apache Incubator's ServiceMix, Sun's OpenESB or ObjectWeb's Petals
SCA integration: deploy in an SCA container such as Apache Incubator's Tuscany
J2EE integration: deploy services in J2EE application servers such as Apache Geronimo, JOnAS, JBoss, WebLogic, and WebSphere
Standalone Java client/server


Support for Multiple Programming Languages
Full support for JAX-WS 2.0 client/server programming model
JAX-WS 2.0 synchronous, asynchronous and one-way API's
JAX-WS 2.0 Dynamic Invocation Interface (DII) API
Support for wrapped and non-wrapped styles
XML messaging API
Support for JavaScript and ECMAScript 4 XML (E4X) - both client and server
Support for CORBA with Yoko
Support for SCA withTuscany
Support for JBI with ServiceMix


Code Generation
Java to WSDL
WSDL to Java
XSD to WSDL
WSDL to XML
WSDL to SOAP
WSDL to service

quarta-feira, 9 de abril de 2008

Overview of encryption and signing

WS-Security makes heavy use of public/private key cryptography. To really understand how to configure WS-Security, it is helpful - if not necessary - to understand these basics. The Wikipedia has an excellent entry on this, but we'll try to summarize the relevant basics here (This content is a modified version of the wikipedia content..)

With public key cryptography, a user has a pair of public and private keys. These are generated using a large prime number and a key function.

The keys are related mathematically, but cannot be derived from one another. With these keys we can encrypt messages. For example, if Bob wants to send a message to Alice, he can encrypt a message using her public key. Alice can then decrypt this message using her private key. Only Alice can decrypt this message as she is the only one with the private key.


Messages can also be signed. This allows you to ensure the authenticity of the message. If Alice wants to send a message to Bob, and Bob wants to be sure that it is from Alice, Alice can sign the message using her private key. Bob can then verify that the message is from Alice by using her public key.



Source: Apache CXF website

terça-feira, 8 de abril de 2008

Using WSS4J with Axis

The material below is from the Apache axis site and another web site with the examples modified and in greater detail.

The example elaborated below is to secure the StockQuoteService that comes with the Axis samples.(AXIS_HOME\samples\stock).

Prerequisite :

1)Configure Axis on Tomcat

2)Download wss4j and add the jar in the class path
http://www.apache.org/dyn/closer.cgi/ws/wss4j/
3)Make sure that all the required axis jar files are in the class path.Also the jar file opensaml-1.1.jar is required in the class path.

The steps are outlined below :



1)Create a deployment descriptor (deploy.wsdd) with the below contents.Note that the username token is added.


















The WSDoAllReceiver is an Axis handler located in wss4j.jar package. This is the standard way to deploy an Axis handler. For more details please refer to the Axis handler for WSS4J documentation.
2)Deploy the service (using AxisAdmin). java org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/AdminService deploy.wsdd

3)Create a class named PWCallback.java and compile it and put the resulting PWCallback.class file into your Axis WEB-INF/classes directory. (under the appropriate package - samples/stock/client)

The following code snippet shows a simple password callback class:
package samples.stock.client;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;

public class PWCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < pc =" (WSPasswordCallback)callbacks[i];"

http://localhost:8080/axis/services/stock-wss-01?wsdl

A bunch of java classes will be created under samples/stock/client, including the StockQuoteServiceServiceLocator.

5)Create a deployment descriptor file (client_deploy.wsdd) for the client:
















6)Write the below client class that invokes the service.

package samples.stock.client;

import java.rmi.RemoteException;
import javax.xml.rpc.ServiceException;

public class StockServiceClient {
public StockServiceClient() {
}
public static void main(String[] args) throws ServiceException, RemoteException {
if (args.length == 0) {
System.out.println("Usage:\njava StockServiceClient [symbol]");
return;
}
StockQuoteServiceService locator = new StockQuoteServiceServiceLocator();
StockQuoteService service = locator.getStockWss01();
float quote = service.getQuote(args[0]);
System.out.println("stock quote service returned " + args[0] + ": " + quote);
}
}


7)Define the system property axis.ClientConfigFile for your client:

java -Daxis.ClientConfigFile=client_deploy.wsdd -classpath $AXISCLASSPATH samples.stock.client.StockServiceClient

Make sure that your CLASSPATH includes the jar files under WEB-INF/lib.

Another way to do this is to specify the wsdd file in your StockServiceClient to the service locator programmatically:

...
import org.apache.axis.EngineConfiguration;
import org.apache.axis.configuration.FileProvider;
...

EngineConfiguration config = new FileProvider("client_deploy.wsdd");
StockQuoteServiceService locator = new StockQuoteServiceServiceLocator(config);
...

8)Run the client, you should get no errors:

java samples.stock.client.StockServiceClient XXX

stock quote service returned XXX: 55.25

Your client is now sending a Username Token in the wsse request header with the username "wss4j" (see client_deploy.wsdd) and password "security" (see the PWCallback implementation).


9)Try modifying your client's PWCallback to return the wrong password, or send the wrong username. The service should reject your requests.