Wednesday, October 15, 2014

CXF becomes friends with Tika and Lucene

You may have been thinking for a while: would it actually be cool to get some experience with Apache Lucene and Apache Tika and enhance the JAX-RS services you work upon along the way ? Lucene and Tika are those cool projects people are talking about but as it happens there has never been an opportunity to use them in your project...

Apache Lucene is a well known project where its community keeps innovating with improving and optimizing the capabilities of various text analyzers. Apache Tika is a cool project which can be used to get the metadata and content out of binary resources with formats such as PDF, ODT, etc, with lots of other formats being supported. As a side note, Apache Tika is not only a cool project, it is also a very democratic project where everyone is welcomed from the get go - the perfect project to start your Apache career if you think of starting involved into one of the Apache projects.

Now, a number of services you have written may be supporting uploads of the binary resources, for example, you may have a JAX-RS server accepting multipart/form-data uploads.

As it happens, Lucene plus Tika is what one needs to be able to analyze the binary content easily and effectively. Tika would give you the metadata and the content, Lucene will tokenize it and help search over it. As such you can let your users search and download only those PDF or other binary resources which match the search query. It is something your users will appreciate.

CXF 3.1.0 which is under the active development offers a utility support for working with Tika and Lucene. Andriy Redko worked on improving the integration with Lucene and introducing a content extraction support with the help of  Tika. It is all shown in a nice jax_rs/search demo which offers a Bootstrap UI for uploading, searching and downloading of PDF and ODT files. The demo will be shipped in the CXF distribution.  

Please start experimenting today with the demo (download CXF 3.1.0-SNAPSHOT distribution), let us know what you think, and get your JAX-RS project to the next level.

You are also encouraged to experiment with Apache Solr which offers an  advanced search engine on top of Lucene, with Tika also being utilized.

Enjoy!      






Tuesday, August 19, 2014

[OT] Wake Up To CXF Revolution !

It's the end of the summer, still warm outside, and your friends from the Big Data team have millions of millions of records processed per second with Hadoop and give the happy smiles of those who are doing something new and cool. And you have GET, POST, may be PUT, then again GET. Occasional DELETE and if you are really lucky, you've got PATCH in the logs. You are starting wondering, is it really still cool, be a web service  developer, does anyone care, what is new here ? Apache CXF has been around for so many years. What is next ?

Keeping a project such as Apache CXF alive and healthy for a long time is not an easy task. Dan, the lead, gave a nice presentation about Apache CXF in Denver, about the work we have done to keep CXF relevant and up-to-date. Dan did not mention it during the presentation: Apache CXF dependencies are always up to date, with the project being constantly aligned, optimized and having the workarounds in place should a given underlying module prove too rigid in supporting CXF in doing what it should do. CXF is a well-oiled, fast web services engine thanks to Dan.

This is all good you may say, but what is next ? What revolution am I talking about ? JAX-WS is not evolving, JAX-RS is not exactly new either. You can even say, CXF is old ? Well, the CXF fire is as alive as ever, the revolution is brewing, CXF is going to get to the next level where it will become one of the de-facto choices for writing new, secure, user-centric HTTP services.  The need for such services will only keep growing.

The industry is not sleeping, lots of new exciting technologies are being developed: OAuth2, JOSE, WebCrypto, OpenId-Connect. It's all incredibly cool. It's new. It's only a beginning of the long development life-cycle. Apache CXF wants to be there.

And finally to the [OT] moment: Arcade Fire is fantastic group. Wake Up. Wake Up to the Next CXF Revolution, be part of it, and give your friends that happy smile again ! Tell your grandchildren you were there when it started (LOL while I'm typing it).

Have Fun !









Friday, August 15, 2014

Learn JOSE and become a better Web Service Developer

The work around OAuth2 and JOSE in particular has inspired me.

So much that I've ordered several books from Amazon.co.uk - and it's been quite a while since the idea of buying a book occurred to me; and several books in the age of Google ? - see, it did inspire me.

Sometimes we the developers think that we know all and if not all then we think we won't need that extra piece of knowledge, being the experts we are. The software engineering is not easy. We have the deadlines and our regular work to be well taken care of. No time for reading the books: the more busier and older we become the less time we have.

This is why I like OAuth2 and JOSE. JOSE, specifically, is a very fine effort, it represents a set of nicely aligned specifications tackling the various issues related to signing and encrypting the arbitrary payloads and using simple and effective JSON metadata to describe the signature and encryption operations. It's led by the people who understand what they do. JOSE deals only with the best/most trusted/most understood signature and encryption algorithms. It's a set of 'books' about the latest in the cryptography.

It is already starting and will affect the way we do secure HTTP services. I already claimed it in the earlier post about OAuth2 and repeat it again here.

Learn JOSE, understand it, start using it, become a better engineer !

JAX-RS is not only about REST

I've been planning to post this 'philosophical' piece for a while.

The JAX-RS specification (Java API for RESTful services) has really got off the ground long time ago. JAX-RS 2.0 with its new brilliant features, with three JAX-RS 2.0 frameworks around (there will possibly be more, we never know), is and will further contribute to the popularity of JAX-RS.

JAX-RS 2.1 work will go ahead  soon enough and it will be another great specification, I've no doubt the spec leads will take care of making that happen, same way they did for 2.0  :-).

The central line of this blog though is that JAX-RS is actually not only about REST. It may sound like a shock to some people but the beauty of this specification is that it has completely re-opened the HTTP web service development space and will continue doing so for quite a few more years to come.

It's an important fact: developers always want to do something new, even though it's a fact that existing Web service technologies has proven to be able to deliver: many many people have written SOAP endpoints that work, many many people have designed endpoints according to REST style, the WEB rules. But REST is not the end of the web services road, it is only a set of proven rules.

We all know many JAX-RS endpoints are not necessarily that RESTful, in a a nutshell they support simple HTTP endpoints, often with 2 HTTP verbs only max - and it is absolutely OK: JAX-RS does and will help no matter how far one would like to go in their HTTP endpoint design.






Wednesday, May 14, 2014

OAuth2 - the future of HTTP web services

If the only thing that you've heard about OAuth2 is that it is "insecure" then I'd like to say it is impossible to come up with the generic specification that will ensure the security of your application.
If you have invested some time into analyzing the specific OAuth2 flows and found the conditions under which the security can be breached then it is obvious that a care needs to be applied to whatever OAuth2 flow is deployed depending on how open the application, etc.
If you haven't subscribed yet to OAuth2 discussion lists then I'd like to encourage you to do it and follow up.
  
IMHO, OAuth2 will affect deeply the way we write secure web services in the years to come. A lot of innovation will be coming in in this space. OAuth2 will become much bigger than a classical 3-leg OAuth flow popularized so much by OAuth1. The complexity is already and will be there no doubt about it, but one should remember that OAuth2 can always be just a simpler and more effective evolution of OAuth1. It is difficult to beat the flexibility of it with respect to supporting all sort of grants, tokens and flows.

As far as the classical OAuth2 flow is concerned it is probably just a matter of time before the user authorizing 3rd party applications will have the optional legal effect and all communications with 3rd party intermediaries will move online. The browsers will probably support it the same way they support the certificates from the well known providers.

It is a natural fit for the current Big Thing: Cloud and Big Data. In fact OAuth2 is the next Big Thing.

Be positive about OAuth2 and get up to speed with it now :-). A healthy ecosystem of open source OAuth2 implementations is growing.  



  

Monday, April 28, 2014

The Tom EE Tribe Time

You do not have to have any specific experience with Tom EE to become a fan. You do not even have to download it. You only have to talk or listen to David Blevins, a long time EE practitioner and the leader of TomiTribe, the real business around Tom EE, to feel excited and realize Tom EE is coming near you if not now but very soon.

We are the fans of TomEE+ of course :-).

You can become the member of the Tom EE(i) Tribe too, play with Tom EE and support the movement !


Sunday, April 27, 2014

Observations about Apache Con NA 2014

It has been a while since I visited Apache Con last time, so I was happy I got a chance to go to Apache Con NA 2014 held in Denver, nice 'mile high' city, April 7-9.

It may be quite a cliche thing to say but the most rewarding thing about visiting Apache Con is about socializing with the fellow team mates, committers and visitors, seeing people you have talked with over the years but not realizing how impressive they look like in the real life :-). The buzz coming out of the conversations or simply observing the activity is difficult to 'measure'.

Some key notes have been quite inspiring. It is obvious the open-source edge is there, still and will be there.

I've seen some interesting presentations, and I regret I was not able to see a number of them, which I was keen to see.

"SSL State of the Union" was brilliantly presented, the speaker managed to make it quite entertaining. I really liked it, the only problem was that it was presented after lunch, on the 2nd day, when the time difference body clock adjustment was still under way, so at the end of the presentation I started feeling a bit sleepy :-), and then I heard 'CXF' being mentioned, it re-energized me, especially given that CXF came up as the only Web Service implementation in the list where a specific HTTPs issue was confirmed to be resolved.

"Choosing an HTTP Proxy Server" was very professionally presented.

We've had several presentations about Apache CXF. Dan did a nice overview of what is coming in Apache CXF 3.0.0, Colm, the industry security expert, had two presentations about Apache CXF security, Denis Sosnowski was talking about WS RM.

You can also check the slides of my own presentation, "JAX-RS 2.0 With Apache CXF". I talked mainly about JAX-RS 2.0: about the new cool features, about the positive effect new spec leads have had on the progress of JAX-RS 2.0 and JAX-RS in particular.

Finally, I'd like to talk about the presentation made by Paul Wilson, a long time Apache CXF user. Paul came all the way to Denver to talk about the way they use Apache CXF in a big and successful project. It was a developer to developer talk, where people had a chance to listen and decide for themselves if the approach described worked for them or not. The room was full. I thought it was very nice of Paul to talk so much about CXF, given that obviously
their project is much bigger than just CXF. Paul was very gracious in recognizing the input Apache CXF community provided over the time to his queries, though I think it was mainly the other way around, him reporting the bugs and helping improving CXF.

I'd like to encourage CXF users who can afford talking publicly about some cool projects they have done with Apache CXF follow Paul's lead and talk and blog about it. Apache Con EU 2014 will be held in November in Budapest, great opportunity to do a submission :-)