Tuesday, December 31, 2013

Book Review for "Java EE 7 First Look"

Book Review for Java EE 7 First Look

Java EE 7 First Look
This is a nice read for the Enterprise Java developer.  It covers the changes that have been introduced with JEE 7, but it does it in such a way that the reader does not need to be an expert in JEE already.  That's a good thing, because JEE encompasses a lot.

Enterprise Java is a very broad topic.  From Web Services to JMS, from Servlets to Batch, from EJBs to CDI.  To even experienced Java developers, a lot of this can be acronym soup.  I would imagine most developers use a few parts of JEE frequently, and the rest infrequently.  This book is nice in that it gives simple examples for a lot of JEE, so if you're in an unfamiliar territory you can learn the very basics easily.  If you already have the basics, the book's main mission is to tell you what's new.  The author goes to the JSR specs for these, which is the right place to determine what's new.

The book explains what has changed across the JEE container for JEE 7.  (I won't go into great detail here, because there will be a link at the end of this review that will take you to the book's table of contents.  The TOC will tell you more than I would care to copy.  I'll use my words to try to explain what's of value in the book.)  The author first explains a little about the overall use of that part of JEE (i.e. why you might use a servlet, or an EJB, etc.)  The author usually then gives a simple overview of the 'old' (i.e. most simple) way to leverage that part of JEE.  Next he'll show you the new-fangled changes that came with JEE 7, which can step up your knowledge of the topic.  It's all written in an easy tone, a very easy read.

Ok, for those too lazy to read the TOC here's a quick view of part of what you get:  Servlets, JSF, EL, JPA, EJB, JMS, Jax-RS, CDI, Validators and Interceptors, and Security (JASPIC)

The author (who does a great job throughout most of the book) chose to use GlassFish as an example JEE container.  That's a fair choice, but I would have preferred WildFly.  (Disclaimer:  I work for Red Hat.)  Still, the book does a good job of explaining Application Server configuration where it's needed.

Summarizing, who is this book good for?  I'd call this book a good refresher for anyone who uses JEE to develop their Enterprise applications.  It will get you a quick start for unfamiliar parts of the AS stack, and will show you what's new for all of JEE.

The book can be found here.

Happy Reading!

Saturday, December 21, 2013

Book Review for "RESTful Java with JAX-RS 2.0, Second Edition"

This book covers Jax-RS in great detail.  It's a big book, nearly 400 pages and all of it densely populated with information.  The author (who is the lead for JBoss's Jax-RS implementation) has comprehensive knowledge of the topic, and puts this knowledge into easily transferable form.  All things considered, this is an excellent book.

The book is divided into two parts, which I think of as "theory" and "practice".

The first half of the book starts with an introduction to REST and HTTP, then gives an overview of how RESTful architecture can be applied to a typical application.   These chapters are followed by explanations of the Jax-RS spec and how the various components are used.

There's a great deal of information here, some of the topics covered include basic service construction, extraction of information from an HTTP request, Jax-RS Injection, Exception Handling, client API, filters and interceptors, and more.  There are some especially handy chapters on security, deployment and integration.  These tell you how your RESTful applications should be packaged, deployed and protected in their runtime environment.

The second half of the book is a 'workbook' that includes examples that correlate to the chapters in the first half of the book.  These are well explained (including basics of Maven) and discuss both server and client components as needed.

Together, these components provide a detailed explanation of Jax-RS and it's entire ecosystem.  The book will serve equally well as an introduction and as a reference.  (Did I mention it's comprehensive?) 

Final words:  If you have an interest in Jax-RS, this book should be on your must-have list.  It explains the hows and whys and will take you from your first RESTful service through nearly any real-world use case.

Disclaimer:  I work for the same company as this book's author, Bill Burke.  I have no reservations about giving this book a 'good' review, as I am confident any objective reader will likely agree.

The book can be found here.

Happy RESTing!

Wednesday, December 18, 2013

Learn to be a game programmer-- for FREE, in 8 weeks. From home.

This blog entry is really a shout out to the nice folks at Coursera and Rice University who have provided the MOOC (massive open online course) titled "An Introduction to Interactive Programming in Python".  I recently took this free course, and it was FANTASTIC.

This was my first MOOC, so I wasn't quite sure what to expect.  First, I went through the sign-up process through Coursera.  I don't remember much about that, except I'm pretty sure about three things:
- It must not have been very hard.
- It was free, I was not about to pay for something without trying it.
- It required an email address.

I had already browsed Coursera's catalogue, and decided to try the Python course based on the class description.  It promised we'd do some game development, which interested me.

I've been a programmer for quite some time and was somewhat familiar with Python.  I use it once in a while for general-purpose file munging duties.  But I have never been a game programmer, and that's what got me interested in this course.

The course turned out to be an 8 week cycle, where each week was composed of:
- About 4 or 5 10 minute video lectures.  The professors were very clear and had good teaching skills.
- A mid-week quiz that covered some of the concepts discussed this week.
- A 'mini project' where the instructors would provide a template for a Python program that gave you a head start.  You also got explicit suggestions on how to implement the game we were working on that week.

Programs are graded by peers.  Each week you would assess 5 fellow student's programs, and then have a look at your own.

By the way, if you want your efforts to be recognized for college credit, you can pay a fee for this within the first couple of weeks of class.  I wasn't interested in that, I just wanted the gaming knowledge.  So I paid nothing, but got all the knowledge for free!

To minimize environmental issues, the course instructors have provided a browser-based IDE called 'CodeSkulptor'.  A truly brilliant idea, this UI works very well.

That's it!  So for 8 weeks we wrote games like 'Pong', 'Memory', 'High/Low', 'BlackJack' and finally 'Asteroids'.  We started out slowly, and then added all the stuff I knew I had to grasp but never did before-- Sprites, collisions, making stuff move around the screen, bouncing things off walls, etc. 

I would never have guessed in a million years that someone could teach the fundamentals of this stuff through 10 minute video lectures.  But they did, and today I am happily working on games of my own invention using these necessary techniques.

If you haven't picked up on this yet, I found this class absolutely fantastic.  I intend to take another class soon, and hope the catalogue of programming classes keeps expanding.

By the way, MOOCs are offered from some very prestigious schools.  This is top-notch stuff.

So please give MOOCs a try.  If you're like me and have an interest in game programming, catch the next iteration of the Python Interactive Programming class.  I hope you find it as fun as I did.

Happy learning!

Getting up to speed with JEE 7

 Java EE 7 First Look

Like many Enterprise Java programmers, a big part of my job is simply staying current with the JEE spec.  The application server is constantly evolving, adding new features, and getting easier to use-- provided you stay current with the programming model.  Failing to stay current means you'll one day look at some JEE artifacts and wonder what exactly it is that you are looking at.

It's about time for me to have a look at the latest JEE spec (JEE 7) so I can be prepared for what's ahead.  (Wildfly 8, the successor to the old JBoss Application Server, is already there so I have a nice server I can learn with.) 

The vehicle for my continuing education is a new title from Packt Publishing titled "Java EE 7 First Look".  The book seems promising, it's around 150 pages and appears at first blush to have a reasonable number of clean code samples and legible diagrams.  (I *love* diagrams.)  I'll start reading soon and will report my findings here.

If you're too anxious for the review, you can have a look already here.

Happy pre-Holiday slowdown!

Friday, November 29, 2013

Book Review for "Developing RESTful Services with JAX-RS 2.0, WebSockets, and JSON"

I've just finished reading "Developing RESTful Services with JAX-RS 2.0, WebSockets, and JSON" from Packt Publishing.  It's an interesting book, mostly because the authors provide plenty of context around the technical explanations and give a good overview of the covered technologies. 

WebSockets and Server Side Events are two new features provided with JEE 7 that will allow you to develop client (browser) / server applications that benefit from server side 'push' communications.  This book explains both of these, also the previous generation answers to this problem (Polling, Long Polling) and examples of all of these.  Throughout the book, sensible diagrams are provided that help the reader understand things.  Truly, a picture is worth 1,000 words.  Too many technical books fail to provide enough useful illustrations, I'm pleased to report this book is not one of them.

Ancillary features (i.e. Bean Validation) are given coverage.  The authors spent an appropriate amount of time on these-- where things don't require a lot of text, not a lot is given.  By the way, the whole book is just a little over 100 pages, so it's not a long read.  But those 100 pages are generally well written ones, so this book still represents good value.

REST is also explained, including the new client API.  REST seems to be picking up steam, so if you're not well versed in it yet you might have a look at this book for that purpose.  Hand in hand with REST goes JSON, and this book also explains how you can produce and consume JSON documents in Java.

All things considered, this book is a good, targeted resource that delivers on it's promise.  I imagine I'll be using it as a reference resource from time to time.

The book can be found here.

Happy (RESTful) Reading!

Monday, November 18, 2013

Learning New Tricks

Hello Readers,

Do you sometimes like to pick up some new programming tool, language or technique to keep yourself fresh and interested?  I certainly do.

I've got two great projects in the works, I'd like to share them with you.  Maybe you'll find an interest in these two, or maybe they'll spark an idea of some other type for you.

First, I've been taking my first online course through Coursera.  I've been a 'business' programmer for 23 years now (can't believe it!), but have never done any game programming since my Vic 20.  (Even then, I didn't really do much original work.)  But that's all changed now-- I'm taking 'Introduction to Interactive Programming with Python' via Rice University.  This class is a blast!  We're in week 6, we've already written 'Pong', 'Memory' and are about to handle 'BlackJack'.  The course final will be 'Asteroids'.  Coursera is free, and I have really enjoyed this class.  Maybe you can, too.

The other item currently in the hopper is a new title from Packt Publishing.  I've done web service programming (a fair bit), but have not done a lot of work with WebSockets.  Packt has a new title, "Developing RESTful Services with JAX-RS 2.0, WebSockets and JSON", as seen here.  I've got a copy and will be providing a review here in near future.  Sounds like exciting stuff, and the book looks to be mean and lean.  I'll report more after I've given it a read.

Happy (continual) study!

Saturday, May 25, 2013

Extract Issue Tracker data from Github, with minimal fuss

How to easily extract your Github Issue Trackers

Did you know about Github's Issue Tracker feature?  You can easily add trackers for your project's to-do list.  You can associate them with MileStones (with or without dates) and can add multiple labels.  Pretty sweet, huh?
Github also gives you a nice UI to look over your items.

But sometimes the Github UI isn't ideal.  Business sometimes runs on other reporting mechanisms-- like spreadsheets.  So how can you get your Issue trackers out of Github and into a different reporting mechanism?

There are plenty of packaged solutions available.  Some are geared towards 3rd party products like other tracking systems.  Some are more generic.  I recently had a look over these and decided for simplicity I'd rather just write a shell script.

The script is below.  Roughly, here's what it does:

1)  Writes some HTML boilerplate to a file called 'hdr.txt'
2)  Uses Git's REST API to bring down my trackers.  You'll want to use your repo's credentials, of course.
3)  Strips away the HTTP header from the Issue tracker information.  The meat of the Issues are kept in a file called 'body.txt'
4)  Writes a file called 'footer.txt' that has some JavaScript that will extract the parts of the Issues I want. You can adjust this.
5)  Combines the header, body and footer into a file you can open with a browser.  Deletes temp files.

That's it!  If you run the script, you should end up with a file you can open with a browser-- it should offer you the Issue tracker fields you asked for.

Happy Issue Tracking!     

 echo "<!-- There are 2 pieces of boilerplate that must be added. Both are surrounded by flowerbox comments. -->" > hdr.txt  
 echo "<!-- ***** Start Boilerplate 1 *********** --> " >> hdr.txt  
 echo " <script type='text/javascript'> " >> hdr.txt  
 echo " var results={"d": " >> hdr.txt  
 echo "<!-- **** End Boilerplate 1 ************** --> " >> hdr.txt  
 # Change the credentials here to point to your Git Repo. Note the  
 argument that specifies we want 'issues'  
 curl -i  
 > body.tmp0  
 # strip away the HTTP goop at the top of the file  
 sed '1,20d' body.tmp > body.tmp1  
 echo "<!-- ***** Start Boilerplate 2 *** -->" > footer.txt  
 echo "}" >> footer.txt  
 echo "  document.write('Your Records:');" >> footer.txt  
 echo "  document.write('<P>');" >> footer.txt  
 # All this quote nonsense is to make a CSV file, easily imported into a spreadsheet  
 # Note the syntax for selecting parts of the JSON we want  
 echo "for (var i = 0; i < results.d.length; i++) {" >> footer.txt  
 echo "  document.write($QS + results.d[i].title + $QS + ', ' + $QS + results.d[i].state + $QS);" >> footer.txt  
 echo "  document.write('<P>');" >> footer.txt  
 echo "}" >> footer.txt  
 echo "</script>" >> footer.txt  
 echo "<!-- ********* End Boilerplate 2 ******************* --> " >> footer.txt  
 cat hdr.txt body.tmp1 footer.txt > OpenWithBrowser.html  
 rm hdr.txt body.tmp0 body.tmp1 footer.txt  

Monday, March 25, 2013

Snappo Instructional Video (not Programming!)

Hello Blog Readers,

This week I'm posting a quick instructional video showing how to use a small wooden toy I've provided to friends.  Please ignore this if you're looking for programming discussion!

Thank you,


Sunday, March 10, 2013

Learning Switchyard, from the inside out

My job with Red Hat is exciting.  I'm a maintenance engineer on the SOA (and sometimes BRMS) products, both of which are constantly growing and introducing new features.  Keeping up can be quite a task.

The next big change for SOA is going to be the introduction of the new 'Switchyard' infrastructure.  Learning to use Switchyard is one thing-- there are lots of videos, blogs, etc. for that.  But how do you learn how it really works?

This question is one I often describe to people with an analogy.  Using software is like learning to drive a car.  Supporting software is a superset of that-- it's more like having to know what makes the engine, transmission, etc. work.  It's impossible to help people solve their software problems without understanding what makes it all tick.

So I'm trying to learn about the innards of Switchyard.  I'll share an important technique today, one that can be re-used with different applications.  I hope you find it helpful.

First, let's decide on a use case to investigate.  Switchyard has a nice 'quickstarts' directory that you can use to see how Switchyard apps are built.  For today, I'm interested in how Switchyard transforms data so I thought I'd work with the transform-jaxb example.

This quickstart exposes a service through SOAP.  You just use maven ('mvn clean install') to package the project, deploy it to Switchyard, then invoke the application with SOAPUI or another SOAP client.  (Hint:  Sometimes you may wonder which URL to use in situations like this.  The console may not always tell you.  If you grep the log for 'wsdl' you'll often find one you can use.)

So now that we've 'learned to drive the car' (deployed an application, tested it') let's 'learn how the car works'.

STEP1:  Look over the source, pick a class that is likely to be invoked.  In this case, there is a bean used to represent the Order we input to SOAPUI.  I'm guessing the getters will need to be invoked on this class as the SOAP is marsheled on input.

STEP2:  Let's write a Byteman rule to give us a stack trace when this method is invoked.  (If you don't know about Byteman, please go find out ASAP!  Every Java programmer should know about Byteman....)
Here's the rule I cooked up:

RULE Learn about transformation
CLASS org.switchyard.quickstarts.transform.jaxb.Order
METHOD getOrderId
DO traceStack("CALLED ORDER GETTER " + "\n", 100)

STEP3: Deploy that rule (again, please be familiar with Byteman-- install Byteman into your app server, submit this rule).

STEP4:  Re-run your SOAPUI test.  Then go to your server.log for the Byteman output.  Looking over the output (included below)  we get a wealth of information.  Just in one quick pass, here's some of what we can gather: 

- This work is being done on an http thread (http--
- CXF is handling the web-servicey stuff
- There's a Switchyard 'ExchangeImpl' being used.  (We should expect this!)
- Apache Camel is involved early on.  Camel users will recognize the 'Producer'

From here, I'll look for other classes and methods to use in Byteman rules to learn about how Switchyard is going about it's work.  Since we're working with high-quality open source software, we can also look at the classes and methods cited in this stacktrace. 

A stack trace like this (or better yet, a few of them taken off the same user use-case) can tell us a lot about what's going on under the hood.

Happy learning!

:19,729 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018559: Deployed "switchyard-quickstart-transform-jaxb.jar"
14:38:51,432 INFO  [stdout] (http-- CALLED ORDER GETTER
14:38:51,433 INFO  [stdout] (http-- org.switchyard.quickstarts.transform.jaxb.Order.getOrderId(Order.java:-1)
14:38:51,434 INFO  [stdout] (http-- org.switchyard.quickstarts.transform.jaxb.OrderServiceBean.submitOrder(OrderServiceBean.java:31)
14:38:51,434 INFO  [stdout] (http-- sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
14:38:51,435 INFO  [stdout] (http-- sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
14:38:51,436 INFO  [stdout] (http-- sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
14:38:51,436 INFO  [stdout] (http-- java.lang.reflect.Method.invoke(Method.java:616)
14:38:51,436 INFO  [stdout] (http-- org.switchyard.component.bean.ServiceProxyHandler.handle(ServiceProxyHandler.java:130)
14:38:51,437 INFO  [stdout] (http-- org.switchyard.component.bean.ServiceProxyHandler.handleMessage(ServiceProxyHandler.java:89)
14:38:51,437 INFO  [stdout] (http-- org.switchyard.bus.camel.processors.ProviderProcessor.process(ProviderProcessor.java:39)
14:38:51,438 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61)
14:38:51,438 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
14:38:51,439 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99)
14:38:51,439 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
14:38:51,440 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
14:38:51,440 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99)
14:38:51,441 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
14:38:51,441 INFO  [stdout] (http-- org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:73)
14:38:51,441 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
14:38:51,442 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99)
14:38:51,442 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
14:38:51,443 INFO  [stdout] (http-- org.apache.camel.processor.interceptor.TraceInterceptor.process(TraceInterceptor.java:91)
14:38:51,443 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
14:38:51,444 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99)
14:38:51,444 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
14:38:51,445 INFO  [stdout] (http-- org.switchyard.bus.camel.audit.FaultProcessor.process(FaultProcessor.java:52)
14:38:51,446 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
14:38:51,446 INFO  [stdout] (http-- org.apache.camel.processor.RedeliveryErrorHandler.processErrorHandler(RedeliveryErrorHandler.java:330)
14:38:51,447 INFO  [stdout] (http-- org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:220)
14:38:51,447 INFO  [stdout] (http-- org.apache.camel.processor.RouteContextProcessor.processNext(RouteContextProcessor.java:45)
14:38:51,448 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
14:38:51,449 INFO  [stdout] (http-- org.apache.camel.processor.interceptor.DefaultChannel.process(DefaultChannel.java:303)
14:38:51,449 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
14:38:51,450 INFO  [stdout] (http-- org.apache.camel.processor.Pipeline.process(Pipeline.java:117)
14:38:51,450 INFO  [stdout] (http-- org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
14:38:51,451 INFO  [stdout] (http-- org.apache.camel.processor.RouteContextProcessor.processNext(RouteContextProcessor.java:45)
14:38:51,451 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
14:38:51,452 INFO  [stdout] (http-- org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:122)
14:38:51,453 INFO  [stdout] (http-- org.apache.camel.processor.RouteInflightRepositoryProcessor.processNext(RouteInflightRepositoryProcessor.java:48)
14:38:51,453 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
14:38:51,454 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
14:38:51,454 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99)
14:38:51,455 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
14:38:51,456 INFO  [stdout] (http-- org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:73)
14:38:51,456 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
14:38:51,457 INFO  [stdout] (http-- org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:61)
14:38:51,457 INFO  [stdout] (http-- org.apache.camel.processor.UnitOfWorkProcessor.processAsync(UnitOfWorkProcessor.java:150)
14:38:51,458 INFO  [stdout] (http-- org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:117)
14:38:51,459 INFO  [stdout] (http-- org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:99)
14:38:51,459 INFO  [stdout] (http-- org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:86)
14:38:51,460 INFO  [stdout] (http-- org.apache.camel.processor.UnitOfWorkProducer.process(UnitOfWorkProducer.java:63)
14:38:51,460 INFO  [stdout] (http-- org.apache.camel.impl.ProducerCache$2.doInProducer(ProducerCache.java:360)
14:38:51,461 INFO  [stdout] (http-- org.apache.camel.impl.ProducerCache$2.doInProducer(ProducerCache.java:331)
14:38:51,461 INFO  [stdout] (http-- org.apache.camel.impl.ProducerCache.doInProducer(ProducerCache.java:227)
14:38:51,462 INFO  [stdout] (http-- org.apache.camel.impl.ProducerCache.sendExchange(ProducerCache.java:331)
14:38:51,462 INFO  [stdout] (http-- org.apache.camel.impl.ProducerCache.send(ProducerCache.java:169)
14:38:51,463 INFO  [stdout] (http-- org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:111)
14:38:51,464 INFO  [stdout] (http-- org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:97)
14:38:51,464 INFO  [stdout] (http-- org.switchyard.bus.camel.ExchangeDispatcher.dispatch(ExchangeDispatcher.java:64)
14:38:51,465 INFO  [stdout] (http-- org.switchyard.internal.ExchangeImpl.sendInternal(ExchangeImpl.java:203)
14:38:51,467 INFO  [stdout] (http-- org.switchyard.internal.ExchangeImpl.send(ExchangeImpl.java:114)
14:38:51,468 INFO  [stdout] (http-- org.switchyard.component.soap.InboundHandler.invoke(InboundHandler.java:213)
14:38:51,470 INFO  [stdout] (http-- org.switchyard.component.soap.endpoint.BaseWebService.invoke(BaseWebService.java:113)
14:38:51,470 INFO  [stdout] (http-- org.switchyard.component.soap.endpoint.BaseWebService.invoke(BaseWebService.java:43)
14:38:51,470 INFO  [stdout] (http-- sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
14:38:51,472 INFO  [stdout] (http-- sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
14:38:51,473 INFO  [stdout] (http-- sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
14:38:51,474 INFO  [stdout] (http-- java.lang.reflect.Method.invoke(Method.java:616)
14:38:51,474 INFO  [stdout] (http-- org.jboss.ws.common.invocation.AbstractInvocationHandlerJSE.invoke(AbstractInvocationHandlerJSE.java:111)
14:38:51,475 INFO  [stdout] (http-- org.jboss.wsf.stack.cxf.JBossWSInvoker._invokeInternal(JBossWSInvoker.java:181)
14:38:51,475 INFO  [stdout] (http-- org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:127)
14:38:51,476 INFO  [stdout] (http-- org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
14:38:51,476 INFO  [stdout] (http-- java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
14:38:51,477 INFO  [stdout] (http-- java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
14:38:51,477 INFO  [stdout] (http-- java.util.concurrent.FutureTask.run(FutureTask.java:166)
14:38:51,478 INFO  [stdout] (http-- org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
14:38:51,478 INFO  [stdout] (http-- org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)
14:38:51,479 INFO  [stdout] (http-- org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
14:38:51,480 INFO  [stdout] (http-- org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
14:38:51,480 INFO  [stdout] (http-- org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
14:38:51,481 INFO  [stdout] (http-- org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
14:38:51,481 INFO  [stdout] (http-- org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
14:38:51,482 INFO  [stdout] (http-- org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
14:38:51,482 INFO  [stdout] (http-- org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
14:38:51,483 INFO  [stdout] (http-- org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
14:38:51,484 INFO  [stdout] (http-- javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
14:38:51,484 INFO  [stdout] (http-- org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
14:38:51,484 INFO  [stdout] (http-- org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
14:38:51,485 INFO  [stdout] (http-- javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
14:38:51,485 INFO  [stdout] (http-- org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
14:38:51,486 INFO  [stdout] (http-- org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
14:38:51,487 INFO  [stdout] (http-- org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
14:38:51,487 INFO  [stdout] (http-- org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
14:38:51,488 INFO  [stdout] (http-- org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
14:38:51,488 INFO  [stdout] (http-- org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
14:38:51,489 INFO  [stdout] (http-- org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
14:38:51,489 INFO  [stdout] (http-- org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
14:38:51,490 INFO  [stdout] (http-- org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
14:38:51,491 INFO  [stdout] (http-- org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
14:38:51,491 INFO  [stdout] (http-- org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
14:38:51,492 INFO  [stdout] (http-- java.lang.Thread.run(Thread.java:679)

Tuesday, February 12, 2013

Book Review for "BackTrack 5 Cookbook"

Have you heard of BackTrack?  It's a Linux distribution custom made for penetration testers.  The BackTrack distribution comes loaded to the gills with password crackers, network sniffers, vulnerability detectors, and even tracking applications to make notes about vulnerabilities and exploits.

If this sounds like a powerful tool that could be used for great good or great evil, I think you've got a good picture.  In the wrong hands, it can be a very bad thing.  In the right hands, it can help you defend your systems against the heavily armed bad guys. 

This book is written in the Packt 'Cookbook' format.  This means it doesn't contain a lot of theory or in-depth explanations.  Just lots of snippets telling you what to type and where to click.  Most sections contain the headings:
Using (Some feature) - Tells a little about which tool you are about to use
Getting Ready - The prerequisites for using the specified utility
How to do it - Screenshots and script instructions for running the utility
How it works - A small explanation of what was done
There's more - additional explanations

To repeat that, this book is really a collection of short sections that describe how you can use various utilities in a dedicated Linux distro.  So, what are the contents?

- Installing and customizing BackTrack
- Information Gathering
- Vulnerability identification
- Exploitation
- Privilege Escalation
- Wireless Networks
- Voice Over IP
- Password Cracking
- Forensics

Most of those are pretty explanatory about what's in each chapter.  If you are charged with protecting your company's electronic assets, the tools and techniques that are presented can help you validate what's working and point out what's not. 

By the way, there is a critical warning in the explanatory text for one of the tools:  Make wise choices in where you direct your attacks, lest you bring a visit from Federal investigators.  User beware!

The chapter on Forensics can serve a dual purpose.  Besides helping with ethical penetration testing, this one also offers some interesting processes for other useful work:  data recovery (damaged drives or deleted files) and password recovery.  These can surely be useful in everyday situations.

What's the final verdict?  This book is going to be a valuable tool for penetration testers.  If that's your business, you probably ought to have a copy.

The book can be found here.

Happy (ethical) hacking!

Saturday, January 26, 2013

Reading "Backtrack 5 Cookbook"

Last year I read the book "BackTrack 4: Assuring Security by Penetration Testing", it was an eye-opener.  I hadn't heard of "BackTrack" before, the idea of a whole Linux distribution full of security penetration tools was something I never knew existed.  I learned some valuable things about security from that book.

Time has gone on, and BackTrack has added to it's capabilities.  Packt has kindly provided a book that explains what's new, including what appears to be some neat chapters on Wireless networking and Voice Over IP.  I'm curious about those, it should be an interesting read.

The book is described here.

Watch this space for a review soon!

Happy (secure) computing!

Friday, January 25, 2013

Book Review for "Java EE Development with Eclipse"

The purpose of this book is to teach the reader how to develop for the JEE platform using the popular Eclipse development IDE.  The book is a series of chapters that are focused on particular types of JEE components.

 The authors have chosen topics well:

EJB 3.0 Database Persistence
O/X Mapping with JAXB 2.x
JSF Data Table
Templating with Facelets
Apache Trinidad

That's quite a laundry list, though it's not all the JEE platform has to offer.  Still, some of these are very compelling technologies and many are not well covered elsewhere.  All in all,  I liked the choices the authors made in what to cover and what to leave out.

For each of those components, the book mostly uses a standard formula in building a chapter:
Setting the Environment-  Here's where you are told about additional .jars or other dependencies you'll need.
New Project- The authors explain how to start building out the proper type of Eclipse project for your needs.
Coding- Adding content to the project.
Packaging, Deploying-  How you package and run your new (small and focused) application. 
Testing- How to invoke the component you've just produced.

I thought the chapter formula worked well.  The chapters don't contain a lot of background or theory, but you do get very clear step-by-step instructions on how to develop the artifact under discussion.  The instructions include code artifacts, XML files, etc. in their entirety-- if you follow the instructions, there is little chance you won't be successful.

One thing I often want for in technical books is increased illustration.  This is not a complaint here!  The authors have provided many screenshots of the Eclipse pages you'll be dealing with.  Again-- there are not a lot of architectural overview diagrams.  There are screen shots aplenty.

The book deals with Oracle products.  The application server is WebLogic, Oracle products are referenced frequently.  This does affect the portability of the solutions, but users of other products (i.e. JBoss, WebSphere, etc.) should be able to get by with occasional adjustments.  (Thanks, JEE standards!)

Here's a summary of the high points and low points:

Well illustrated.  A picture tells a thousand words.
Covers instructions well at a very basic level.
Good choice of technologies highlighted.

A bit dated.

The verdict:  A good book for anyone that wants explicit instructions on how to build a project of the covered types in Eclipse.  Not everybody will need to read every chapter, and not every question is answered about why something should be done.  But if you are a hands-on learner, this book will give you plenty of clear guidance about how to build JEE components.

The book can be found here.

Happy Reading and Coding!

Thursday, January 10, 2013

Review In Progress for JEE with Eclipse Book

JEE is a wide topic.  I work with Enterprise Java every working day, but I'm not ashamed to admit I actively look for ways to better understand JEE and how it can be exploited.

To that end, I'll be exploring a new book from Packt Publishing entitled "Java EE Development with Eclipse".  

The book looks interesting.  It doesn't look like it's trying to cover the whole spectrum of JEE development, but it is covering some widely used and interesting parts.  (i.e. AJAX, JasperReports, Spring on JEE, JAXB 2.0 all get chapters).

If you're interested already, you can learn more about the book at this link.

I'll give this book a read and will post a review after.

Happy New Year!