WSO2 Stratos – A true cloud story

Leave a reply
Stratos Services

Yesterday (1st of June), A little over a 12 developer team at WSO2, took a great middle-ware platform in to the cloud. It’s not just putting all our server products on an EC2 instance, but embedding all cloud-native features into them. The PaaS (Platform as a Service) is named as WSO2 Stratos, which is based on award winning WSO2 Carbon middle-ware platform. As the Alpha-1 release, Stratos offers number of WSO2 products integrated, namely Governance Registry (GREG), Identity Server (IS), Business Activity Monitor (BAM), Mashup Server (MS) and WSO2 Gadget Server (GS).

Stratos is also offered as a downloadable version for the private cloud within your enterprise. If you are quite serious about using SOA for your enterprise and do not need to worry about deployment, scalability and server maintenance, Stratos would be the ideal solution for you.

Linux for human beings

Leave a reply

This is a post that should have been written few days back, On April 29th Ubuntu 10.04 – (Lucid Lynx) was released, and I was counting days till it did but couldn’t try it out because of the release work I was doing in my machine. Last weekend (even the work wasn’t quite over) my anxiousness couldn’t rest. I installed the new beast keeping my /home safe. To tell you the truth, the installation process was hardly “linux like”. There were no screens showing any commands executing, nor view of the terminal. What you see is a breath taking slide show (very much windows like, but much sweeter) trying to show off the beauty ;) and market itself.

Ubuntu - 10.04 (Lucid Lynx)

Well I know many of you already have tried Lucid, and there is nothing new for me to mention, hence I thought of writing few words about Ubuntu’s slogan “Linux For Human Beings”. My history as a Linux user is not that ancient, even though I have used it side by side with a  Windows OS, I’ve never gone total Linux, There were reasons behind. {1} I was afraid it will all break down in the middle of something. {2} It looked like a dark cave with alot of never ending tunnels {3} It was hard for me to troubleshoot on my own (I was a novice). But thanks to Sandaruwan and the never ending virus problems, performance degradation with time in windows, I jumped in to the deep-end. Ever since am a happy man ;)

Before Ubuntu, I have tried Debian and Suse, but with Ubuntu I felt quite safe. There were number of reasons, among them, Canonical released frequent updates and bug fixes (mainly fixes related to hardware drivers). Ubuntu’s is doing major release twice a year with a considerable amount of improvements, and nevertheless its Virus free, ultra fast and very stable for a software development environment.

Being those my reasons, I believe Linux is the answer for many 3rd world countries, to obtain a high IT literacy rate. When Microsoft and other proprietary software vendors are investing in millions and billions to put a full-stop to software piracy (Which as a software engineer I encourage), and when personal computers are sold with these proprietary software pre installed (Ofcause not for free) with prices automatically goes sky high, resulting a normal user to look at a computer as if it is a Jet plane ;).

But for some (many) reason free and open source software is hidden to the normal user world. Of-cause there are few myths associated, One popular myth is that Open source and free software doesn’t come up to the standard of proprietary software, If we forget for an instance that I work for a 100% open source company ;) , and look at Apache software foundation, where there are plenty of great products (Apache HTTP server, Tomcat, Maven, Synapse et al.), but normally the argument is “A normal user doesn’t care about the server space. What does free software offer for them ?, to listen to music, edit some photos, check email and browse internet” ? And as far as I see this is where Ubuntu places itself. I believe this is why it displays a pretty screen while its being installed and I think so far Ubuntu had done a great Job, and it is ready with a strong and shiny armour, to battle with any proprietary operating system and make it’s mark.

So if you are a normal user reading this article, try new Ubuntu, and when you are buying your next personal computer, ask you computer supplier to give the machine with Ubuntu. I promises you, you will save a hell a lot of money, and it will set you free. :)

Sharing HTTPS, HTTP sessions in tomcat hosted web-apps

2 Replies

The requirement is to only serve the login page securely and once the user is authenticated (s)he should be redirected to non-secure http mode. I was struggling to do this quite some time back, and just thought of documenting about it.

The requirement

The idea I had was; “It should be quite simple”, Facebook does that, Google does that and why is it still not well documented ?, However the almost all Google search results for my queries were about simply redirecting HTTP traffic to HTTPS for certain URLs, some were using URL rewriting (mod_rewrite), and some have used server configuration via Tomcat’s server.xml.

What I really wanted to achieve is to preserve the state between the protocol switch. After some considerable amount of searching I found out this is not achievable (in a very clean manner) with tomcat or rather it is a conflict between security and state management in the servlet spec itself, hence there only exist a dirty hack (not sure if this works) to get it done, but even that hack couldn’t be applied to my scenario.

So after some thinking I came up with my own hack (I think its even dirtier ;) ) to solve the issue; Its quite simple, and involves cookie manipulation. My approach was simply read the HTTPS cookie and set it as the HTTP cookie, what I need was one jsp which is served with HTTPS and few lines of Java code.

The solution

The solution

True enough it certainly looks like a hack, but security wise its as same as the Tomcat user group has suggested. so until the new servlet specification answers this question we have to live with this. the code of converting the cookies are as follows.

   
    Cookie[] cookies = request.getCookies();
    String sessionId;
    if (cookies != null) {
        for (Cookie c : cookies) {
            if (c.getName().equals("JSESSIONID")) {
                sessionId = c.getValue();
            }
        }
    }

    Cookie k = new Cookie("JSESSIONID", sessionId);
    k.setPath(request.getContextPath());
    response.addCookie(k);

Basically what the code does is, reading the secure cookies while inside the middle.jsp and setting them without security (k.setSecure() is not mentioned hence by default its false), and that’s about it, once this is done you can simply redirect to the HTTP page.

response.sendRedirect("http://foo.com:8080/index.jsp");

and now the cookie which originally set via HTTPS is accessible to the HTTP requests, hence the session is shared.

Web Scraping & Parsing HTML to XML in Javascript

Leave a reply

Today I was working on a customer POC and happened to create few Google gadgets to visualize selected data sets from *.gov.uk sites. The scenario which is implemented was, mixed with inter-gadget communication and content search over data.gov.uk sites. I created three simple gadgets which communicates with each other, and one acted as the controlling gadget which pushed the search parameters to other two gadgets. The two content gadgets showed UK (1) primary school information and (2) electoral information. The pushed parameter was the postal code of different parts of UK. The direct.gov.uk has a form based implementation of this.

The Requirements for the POC was, simple and we already had working samples of such a scenario at WSO2 library.

  1. Show how one gadget can pass the context to other gadgets
  2. How gadgets can harvest data in various formats (in my previous post I explained on how to get data from RDF endpoints, which are also available in *.gov.uk sites)

The building blocks for the implementation was the search url, which was quite straight forward. for all the requests based on postal codes the direct.gov site served in the same manner (because of this important fact, the automation process became trivial). for an instance the url for primary school information retrial was,

http://local.direct.gov.uk/LDGRedirect/LocationSearch.do?LGSL=13&searchtype=1&LGIL=8&Style=&formsub=t&text=SE1+7DU

Where the param “text” changed according to the postal code. So far everything seemed straight forward, however at implementation, while using Gadgets API for content retrial, I faced problems in parsing text with javascript. Hence the gadgets.io.makeRequest supported HTML as text and the API method returned the retrieved HTML document as string making it quite impossible to process.

With some thinking and advise, I brought the Mashup Server in to the picture and used it to retrieve the data from the gov site and returned the result in XML format. Using the Mashup Server web scraping seems to be a piece of cake, We created a simple mashup using the scraper host-object and captured the result set in the search result page. The mashup code as follows,

function search(searchUrl) {
	var scraper = new Scraper(
		
		    {searchUrl}
			
			    
				
				   
				
			     
			
		
	);
	return new XMLList(scraper.response);
}

And finally the two gadgets were making service calls to the mashup service and retrieved the data as an XML object, making the data processing painless. The final version at the Gadget Server looked quite appealing.

WSO2 Gadget Server with UK gov data

Gadget Server look - in the end

Special thanks goes to Ruchira for helping me out with the mashup service :) You can download the Gadget code and the Mashup service and try the scenario yourself.