Posts

When you’re writing Java applications, chances are you’re using Maven for dependency management. It lets you declare the artifacts you need to build your application. Those artifacts also depend on other artifacts. This means you have transitive dependencies - dependencies you didn’t declare yourself but you need them anyway.

From yesterday until tomorrow I’m attending Devoxx Poland (or Devoxx PL for short). It’s the second largest conference in the Devoxx family with around 2700 people attending. The conference is held in the ICE Kraków Congress Centre, a large venue with an amazing primary room.

The main reason I’m here is to give a talk about GraalVM on Wednesday morning. Apart from that, it’s a nice opportunity to network, meet old friends and make new ones. And of course to attend other talks to learn something new.

Recently, I was building a website with documentation for one of the projects I’m involved with. I wanted to protect access to that website to a specific set of people inside my company. Here’s how I did it.

When you want to transmit binary files over SOAP-based webservices, you have two choices: Base64 or Message Transmission Optimization Mechanism (MTOM). The latter is much more efficient, but also harder to troubleshoot if it doesn’t work at once.

Both options have their own typical scenario

1. Serialise the file content using Base64 and include the result right into the XML structure. This is relatevely easy to implement and troubleshoot. It usually works well for small binary files, but as files grow larger, you may run into performance issues. The Base64-encoded binary file may be so big that the XML parser will blow up.
2. Use MTOM to transfer the request and attachments. In this approach, the SOAP request (XML) and any attachments are sent as a multipart request. This is a bit harder to implement, and if it doesn’t work at once, it is even harder to troubleshoot. But on the other hand, it allows for much more efficient transportation of the attached files.

SOAP over HTTP

As a primer, let’s have a quick look at how “regular” SOAP requests look when transmitted over HTTP. Imagine we have a file upload webservice which accepts files in any format, along with a file name. If we were to upload a file, the request might look like this.

Last month, I did a talk at GOTO Berlin where I explained the basics of Transport Layer Security. During the talk, the audience asked a few questions through the app. One of them was: “How does Beast work?” and I wasn’t able to answer that one on stage, unfortunately. Since it’s an interesting question, I’ll answer it here. Unfortunately, understanding BEAST is a bit harder than the talk itself…

BEAST stands for Browser Exploit Against SSL/TLS. In itself, it isn’t a vulnerability. Thai Duong and Juliano Rizzo made a demonstration of a longer-known vulnerability. This vulnerability was published back in 2004 and applied to SSL 3.0 and TLS 1.0. BEAST showed that this old vulnerability was in fact useable for a real-world attack.

Recently, Twitter brought the renaming of Ozark to Krazo to my attention. It pulled my attention: I had never heard of either projects, and I wondered what they would be about. Ozark (or Krazo) will be the Reference Implementation of the new Model-View-Controller Specification. This MVC specification, also known as JSR 371, was planned for inclusion in Java EE 8, but eventually dropped. Apparently, this didn’t kill the effort. I was curious to see where the specification (and it’s implementation) would be now.

There are many situations when you need to write a SOAP-based webservice. Maybe you are writing a test dummy, or maybe you got the interface from some kind of architect. (Yes, there are other reasons, too.) And chances are you’ll be using Spring-WS to do this.

Recently I was doing that, and I found the following inside the interface definition (WSDL):

<element name="faultMessage" type="common:FaultMessage"/>

<message name="faultMessage">
    <part name="faultMessage" element="tns:faultMessage"/>
</message>

<portType name="someName">
    <operation name="searchOrder">
        <input message="tns:searchOrderRequest"/>
        <output message="tns:searchOrderResponse"/>
        <fault name="faultMessage" message="tns:faultMessage"/>
    </operation>
</portType>

That was a rather challenging thing! In case the operation would fail, it should give a SOAP Fault with a custom element in it:

Recently, my co-worker Willem pulled my attention to the .NET Microservices. Architecture for Containerized .NET Applications e-book. Although I have a strong background in Java and the Java platform, I started reading it, and soon I felt like trying it out. But building software without having automated builds and tests is not the real thing, so that was the first thing I wanted to do. I usually use CircleCI for that, but unfortunately they don’t seem to have an official guide for that.

Every now and then, there’s this moment where you feel a certain urge to draw a diagram. Oftentimes, I feel a similar urge to make a digital version of it. But I don’t always have professional tooling around - and no, PowerPoint or its friends are not what I’m looking for.

Recently, I found a tool that fits my idea of “good tooling” rather well. So, without further ado, let me introduce you to PlantUML! Why do I love this tool?