The good news is that J2SE 1.5 is available for OS X. Last I checked it was available here. For whatever reason Apple decided to keep the default version of Java on OS X as 1.4.2. So when I try to run Java programs directly from Terminal using "Java -Jar X.Jar" the program will be run under 1.4.2. But the goodies in J2SE 1.5 (like generics and enums and iterators) are just too yummy to give up so all my Java code is in 1.5 which means it won't run on Terminal. To fix this problem I found a script (details available here). Once I downloaded the script and saved it as java_functions_bashrc, I then opened terminal, navigated to the directory with the file and executed "source java_functions_bashrc". This changes the command prompt to indicate that the file is running and I then ran "setJava 1.5". At this point any Jar files I run will be run under J2SE 1.5. I tend now to write little scripts that wrap my Jar files to load up Java 1.5.
Category: Tech
Everything about technology but product reviews
Creating Executable Jar Files That Contain Jar Files
Naive Java user that I am when I built a Java program that contains Jar files for Xerces and MySQL and such I assumed that Eclipse would be able to create a Jar file for my program that contains these other Jar files. That part was right, Eclipse can do that, what Eclipse can't do is set up the class paths correctly so my custom generated Jar file can't find the classes it needs. Thankfully, One-Jar came to the rescue.
Continue reading Creating Executable Jar Files That Contain Jar Files
End-To-End Confusion – The Changing Meaning of End-To-End in Transport and Application Protocols
In a previous article I had argued that the end-to-end model was a bad one for SOA. In comments on that article Nick Gall made the point that I was using the term end-to-end incorrectly. I countered that the meaning of the term was different for application protocols than for transport protocols (where Nick's usage came from). Below I explain how HTTP's violation of the 'end-to-end principle' sent application protocols on a path where the very idea of 'end-to-end' changed with unfortunate consequences for SOA.
SOA Security – Encryption
In this article I first look at the use cases for encryption in SOA and explore three scenarios: hop-by-hop, end-to-end and beyond messaging. I conclude that most folks just need hop-by-hop messaging, specifically SSL. I then look at issues relating to encrypting messages outside of the enterprise and conclude that most services probably don't need encryption but they'll use it anyway so to reduce harm they should at least use SSL enabled proxies in order to make the unencrypted messages available within the corporate network. I then look at using encryption within the enterprise and strongly caution most companies to avoid it if at all possible. The bottom line is that SSL is enough for almost everything, GPG cleans up the rest and XML Encryption and the WS-Security framework are almost certainly more trouble than they are worth.
SOA Security – The Myth of Non-Repudiation
In this article I explain why (in my non-qualified opinion as a non-lawyer) I think most people are wasting their time when they worry about non-repudiation of SOA messages.
Web Services, SOA and RPC Encoded – the Exception that Proves the Rule
In my search for how real people are implementing SOA I just about never see SOAP, and WSDL seems unheard of. But when I point this out I inevitably get yelled at and told SOAP and WSDL are used all the time. Which is true, but misses the point. Because what SOAP and WSDL are generally being used for is not SOA but rather RPC, specifically RPC-Encoded. Of course RPC is the text book definition of "Not SOA". So I tip my hat to Web Service's major success – as Not SOA.
Continue reading Web Services, SOA and RPC Encoded – the Exception that Proves
the Rule
SOA and the End-To-End Morass
In SOA application modeling there are two basic approaches, end-to-end and hop-by-hop. The end-to-end model is based on an originating sender, a series of intermediaries and a final destination. In the hop-by-hop model each service only knows about the next hop service and nothing more. Below I argue that the end-to-end model inevitably leads to having to create a single protocol that the whole world has to support, requires a painfully sophisticated security model and all but requires that services be tightly coupled. The hop-by-hop model, on the other hand, suffers from none of these problems but does introduce extra latency. On balance I don't believe the benefits of the end-to-end model justify its costs and therefore recommend that service implementers use the hop-by-hop model.
SOA Security: Authentication – What it really costs and what most folks really need
Authentication is often seen as a cheap and easy security solution but it is anything but. Authentication is a significant threat to re-use and it can cause a false sense of security that leaves services open to real threats. But when authentication is called for there are outstanding, well proven solutions that are almost certainly already in your data center – HTTP Digest and SSL. As I argue below, they are the right technologies for just about all your authentication needs.
Continue reading SOA Security: Authentication – What it really costs and what
most folks really need
SOA-Reliability (SOA-Rity) for HTTP
SOAR-ity is intended to allow for "reliable" (this term is almost always a misnomer) messaging over HTTP. It achieves this goal by introducing two new request headers, MID which provides a unique ID for a message and MsgCreate which contains the date and time on which the first instance of the message with the associated MID was sent. The purpose of the MID/MsgCreate pair is to allow any HTTP request (e.g. any HTTP method can be used) to be repeated multiple times with a guarantee that the message will be processed no more than one time. In essence it makes any HTTP method call idempotent.
The SOA-Rity specification is now available as an Internet Draft. Below I provide links to different versions of the draft that are hosted locally so as to ensure accessibility if the draft should expire.:
- a text version,
- a HTML version,
- the XML source – I used XML2RFC to generate the text and Julian's XSLT translator for the HTML version and
-
the DTD – I made the organization element optional under author element to get rid of validation errors
I'd also like to take this opportunity to say that the Oxygen editor ROCKS! Make sure to check out their 'academic licenses' which are actually just for personal use in case you can't justify buying Oxygen for your job.
How Should An Exactly Once SOA Reliable Messaging System Be Designed?
So my guess is that one can design a really nice exactly once reliable messaging protocol using exactly two headers (a message ID and a time stamp) along with a few standard error responses. For bonus points I can throw in a header giving an idea of how long the system remembers message IDs. Below I explain how I reached the conclusion that this is all that's needed.
Continue reading How Should An Exactly Once SOA Reliable Messaging System Be
Designed?