Latest Activity

Talking about CXF at Apache Con NA 2015
2 weeks ago

By Sergey Beryozkin
Apache Con NA 2015 will be held in Austin, Texas on April 13-16 and as it is usually the case there will be several presentations done there about Apache CXF. There will be interesting presentations from Hadrian and JB too. There will be many other great presentations as usual.

As far as CXF presentations are concerned:

Aki Yoshida will talk about combining Swagger (Web) Sockets, Apache Olingo and CXF Web Sockets Transport - now, this is seriously cool ...
Continue reading →

Apache CXF is getting JOSE ready
2 weeks ago

By Sergey Beryozkin
I've already talked about JOSE on this blog. In my opinion, it is one of the key technologies, alongside OAuth2, that will deeply affect the way developers write secure HTTP RS services in the years to come.

A one sentence summary: one can use JOSE to secure, sign and/or encrypt a data content in any format, JSON, text, binaries, anything. JOSE is a key component of an advanced OAuth2 application, but also is a good fit for securing the regular HTTP ...
Continue reading →

Camel CXFRS Improvements
2 weeks ago

By Sergey Beryozkin
Camel CXFRS is one of the oldest Camel components which was created by Willem Jiang, my former colleague back from IONA Technology days, and maintained by Willem since its early days.

Camel is known to be a very democratic project with respect to supporting all sort of components, and it has many components that can deal with HTTP invocations. CXFRS is indeed just one of them but as you can guess from its name it is dedicated to supporting HTTP ...
Continue reading →

Apache Karaf Tutorial Part 9 - Annotation based blueprint and JPA
3 weeks ago

By Christian Schneider

Blog post edited by Christian Schneider

Writing blueprint xml is quite verbose and large blueprint xmls are difficult to keep in sync with code changes and especially refactorings. So many people prefer to do most declarations using annoations. Ideally these annotations should be standardized so it is clearly defined what they do.blueprint-maven-plugin

The aries ...


Continue reading →

Apache Karaf Tutorial Part 9 - Annotation based blueprint and JPA
3 weeks ago

By Christian Schneider

Blog post edited by Christian Schneider

Writing blueprint xml is quite verbose and large blueprint xmls are difficult to keep in sync with code changes and especially refactorings.
So many people prefer to do most declarations using annoations. Ideally these annotations should be standardized so it is clearly defined what they do.

blueprint-maven-plugin

The aries ...


Continue reading →

Apache Karaf Tutorial Part 6 - Database Access
4 weeks ago

By Christian Schneider

Blog post edited by Christian Schneider - "Corrections"

Shows how to access databases from OSGi applications running in Karaf and how to abstract from the DB product by installing DataSources as OSGi services. Some new Karaf shell commands can be used to work with the database from the command line. Finally JDBC and JPA examples show how to use such a DataSource from ...
Continue reading →

New Apache WSS4J and CXF releases
1 month ago

By Colm O hEigeartaigh
Apache WSS4J 2.0.3 and 1.6.18 have been released. Both releases contain a number of fixes in relation to validating SAML tokens, as covered earlier. In addition, Apache WSS4J 2.0.3 has unified security error messages to prevent some attacks (see here for more information). Apache CXF 3.0.4 and 2.7.15 have also been released, both of which pick up the recent WSS4J
Continue reading →

Unified security error messages in Apache WSS4J and CXF
1 month ago

By Colm O hEigeartaigh
When Apache WSS4J encounters a error on processing a secured SOAP message it throws an exception. This could be a configuration error, an invalid Signature, incorrect UsernameToken credentials, etc. The SOAP stack in question, Apache CXF for the purposes of this post, then converts the exception into a SOAP Fault and returns it to the client. However the SOAP stack must take care not to leak information (e.g. internal configuration details) to an ...
Continue reading →

Two new security advisories released for Apache WSS4J
1 month ago

By Colm O hEigeartaigh
Two new security advisories have been released for Apache WSS4J, both of which were fixed in Apache WSS4J 2.0.2 and 1.6.17.
  • CVE-2015-0226: Apache WSS4J is (still) vulnerable to Bleichenbacher's attack
  • CVE-2015-0227: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
Please see the Apache WSS4J security advisories page for more
Continue reading →

New SAML validation changes in Apache WSS4J and CXF
1 month ago

By Colm O hEigeartaigh
Two new Apache WSS4J releases are currently under vote (1.6.18 and 2.0.3). These releases contain a number of changes in relation to validating SAML tokens. Apache CXF 2.7.15 and 3.0.4 will pick up these changes in WSS4J and enforce some additional constraints. This post will briefly cover what these new changes are.

1) Security constraints are now enforced on SAML Authn (Authentication) Statements

From the 1.6.18 and 2.0.3 WSS4J releases, security ...
Continue reading →

Single Logout with Fediz - WS-Federation
2 months ago

By Jan Bernhardt
WS-Federation is primarily used to achieve Single Sing On (SSO). This raises the challenge how to securely logout from multiple applications once the user is done with his work. To navigate to each application previously used to hit the logout button would be quite inconvenient. Fortunately the WS-Federation standard does not only define how to do single sign on, but also how to do single logout.

In this blog I'll explain how to setup a demonstrator ...
Continue reading →

LDAP support in Apache Camel
2 months ago

By Colm O hEigeartaigh
Apache Camel allows you to add LDAP queries to your Camel routes via the camel-ldap and camel-spring-ldap components. The camel-ldap component allows you to perform an LDAP query using a filter as the message payload. The spring-ldap component is a wrapper for Spring LDAP, and is a bit more advanced than the camel-ldap component, in that it also supports the "bind" and "unbind" operations, in addition to "search".

I've created two test-cases that show ...
Continue reading →

Apache Santuario - XML Security for Java 2.0.3 and 1.5.8 released
2 months ago

By Colm O hEigeartaigh
Versions 2.0.3 and 1.5.8 of Apache Santuario - XML Security for Java have been released. Version 2.0.3 contains a critical security advisory (CVE-2014-8152) in relation to the new streaming XML Signature support introduced in version 2.0.0:
For certain XML documents, it is possible to modify the document and the streaming XML Signature verification code will not report an error when trying to validate the signature.

Please note that the "in-memory" ...
Continue reading →

How fast is CXF ? - Measuring CXF performance on http, https and jms
2 months ago

By Christian Schneider

Blog post edited by Christian Schneider

The performance numbers in this article are a bit out of date

Icon

For a more current JMS performance measurement see Revisiting JMS performance. Improvements in CXF 3.0.0.

On a 2014 system http performance should be around 10k - 20k ...


Continue reading →

XML Advanced Electronic Signature (XAdES) support in Apache Camel
2 months ago

By Colm O hEigeartaigh
I have previously covered some XML Signature and Encryption testcases in Apache Camel. Camel 2.15 will feature some new limited support for XML Advanced Electronic Signatures (XAdES) in the XML Security component. This post will briefly cover what XML Advanced Electronic Signatures are, and show how they can be produced in Camel. No support exists yet for validating XAdES Signatures in Camel. Note that as Camel 2.15 is not yet released, some of the ...
Continue reading →

Signing and encrypting Apache Camel routes
2 months ago

By Colm O hEigeartaigh
A recent blog post looked at using the XML Security component and dataformat in Apache Camel to sign and encrypt XML documents. However, what if you wish to secure non-XML data? An alternative is to use the Apache Camel Crypto component and dataformat. The Crypto component provides the ability to sign (and verify) messages (using the JCE). Similarly, the Crypto dataformat allows you to encrypt (and decrypt) messages (again using the JCE). Another ...
Continue reading →

[OT] U2: "We were pilgrims on our way"
3 months ago

By Sergey Beryozkin


"The Miracle (of Joey Ramone)" from the last U2 "Songs of Innocence" album is a refreshing song. The actual album's content is strong. Not necessarily easy to listen though but it is been played in my car's CD player more or less every time I go driving for the last few weeks. The trick is, after listening to it for the first time, do a few days pause, and then listen again with a volume much higher than last time. It's a blast.

I still do like U2 ...
Continue reading →

No Data No Fun !
3 months ago

By Sergey Beryozkin
Continuing with the theme of T-shirts, I'd like to let you know "No Data No Fun" is a cool line printed on my T-shirt I got at a Talend R&D summit organized at a second-to-none level back in early October. I guess having a collection of good T-Shirts is one of the real perks of the developers involved into the open source development :-)

"No Data No Fun" is also one of the themes behind Talend's continued investment into the tooling which ...
Continue reading →

Get into OAuth2 with Client Credentials Grant
3 months ago

By Sergey Beryozkin
One of the possible barriers toward OAuth2 going completely mainstream is the likely association of OAuth2 with what big social media providers do and the assumption OAuth2 is only suitable for their business, for the way their users interact with these providers.

In fact, OAuth2 is more embracing. Client Credentials grant, one of several standard OAuth2 grants,  provides the easy path for the traditional clients toward starting working with ...
Continue reading →

New SSL/TLS vulnerabilities in Apache CXF
3 months ago

By Colm O hEigeartaigh
Apache CXF 3.0.3 and 2.7.14 have been released. Both of these releases contain fixes for two new SSL/TLS security advisories:
  • Note on CVE-2014-3566: This is not an advisory per se, but rather a note on an advisory. CVE-2014-3566 (aka "POODLE") is a well publicised attack which forces a TLS connection to downgrade to use SSL 3.0, which in turn is vulnerable to a padding oracle attack. Apache CXF 3.0.3 and 2.7.14 disable SSL 3.0 support by default for ...

Continue reading →

Apache Karaf Christmas gifts: docker.io, profiles, and decanter
3 months ago

By Jean-Baptiste Onofré
We are heading to Christmas time, and the Karaf team wanted to prepare some gifts for you Of course, we are working hard in the preparation of the new Karaf releases. A bunch of bug fixes and improvements will be available in the coming releases: Karaf 2.4.1, Karaf 3.0.3, and Karaf 4.0.0.M2. Some sub-project releases
Continue reading →

Understanding WS-Federation - Passive Requestor Profile
3 months ago

By Jan Bernhardt
WS-Federation  is an identity federation specification which makes it possible to setup a SSO federation including multiple security realms. A realm (sometimes also called domain) represents a single unit under security administration or a part in a trust relationship.
EntitiesWithin the WS-Federation standard the following entities are defined:
  • Relying Party (RP)
    The relying party is a resource (web application or service) which consumes security ...

Continue reading →

XML Security using Apache Camel
4 months ago

By Colm O hEigeartaigh
I have previously covered how to use Apache Santuario to sign and encrypt XML, using both the DOM and StAX based APIs available in the 2.0.x releases. An alternative to using Apache Santuario directly to sign/encrypt XML, is to use the XML Security component or data format of Apache Camel. There are two obvious reasons to use Camel that immediately spring to mind. Firstly it allows you to configure XML Signature/Encryption without writing any code ...
Continue reading →

Observations about ApacheCon EU 2014
4 months ago

By Sergey Beryozkin
You may be thinking now, after reading my previous post, that all I was doing at ApacheCon EU 2014 was looking at T-shirts people were wearing :-). This post is an attempt to convince you it was not the case.

First of all, ApacheCon EU 2014, as it is usually the case with Apache conferences, was a great opportunity to meet the fellow open source developers.
Chatting to the guys I work with at Apache CXF and other projects, sharing a joke or two along ...
Continue reading →

[OT] The best T-shirt I've seen at Apache Con EU 2014
4 months ago

By Sergey Beryozkin
This is the first post about Apache Con EU 2014 held in beautiful Budapest I've been lucky to attend to.

One of the nice things about being an ApacheCon visitor is that one can see lots of cool T-shirts. The official T-shirts (I do treasure them) and other T-shirts with some great lines or digits printed on them. The T-shirts that many software geeks would be happy to wear. And indeed the visitors at ApacheCon EU 2014 had a lot of different T-shirts ...
Continue reading →

Apache Syncope 1.2 tutorial - part IV
4 months ago

By Colm O hEigeartaigh
This is the fourth and final post in a series of articles on Apache Syncope 1.2. The previous tutorial looked at some new features relating to the Schema in Apache Syncope 1.2. This post will look at the REST API of Syncope and how it can be queried. We will also look at the new JAAS LoginModule for Apache Syncope that has been developed in Apache Karaf.

1) REST API of Apache Syncope

Apache Syncope features a rich REST API powered by Apache CXF. It is ...
Continue reading →

Meet the CXF team at ApacheCon EU
4 months ago

By Sergey Beryozkin
ApacheCon EU will be held next week in Budapest, the nice capital of Hungary, and a number of my Talend and CXF colleagues will be there talking about CXF, Fediz, Syncope.

Please check the schedule.

Apache will be starting celebrating its 15th anniversary at the conference too, it is amazing that the organization is  relatively young, I thought it has been around for much longer given how popular and visible Apache is.

It is going to be exciting ...
Continue reading →

Apache Syncope 1.2 tutorial - part III
4 months ago

By Colm O hEigeartaigh
This is the third in a series of articles on the new features of Apache Syncope 1.2. The first article covered installing Syncope using the new UI installer. The second article demonstrated some new features of Apache Syncope 1.2 when working with backend resources, namely the ability to synchronize and propagate encrypted passwords. This post focuses on some new features associated with schemas in Syncope 1.2.

Apache Syncope uses the concept of a ...
Continue reading →

Apache Syncope 1.2 tutorial - part II
4 months ago

By Colm O hEigeartaigh
The previous tutorial on the new features of Apache Syncope 1.2 showed how to use the new UI installer to deploy Apache Syncope to Apache Tomcat, using MySQL for persistent storage. Last year we covered how to import users (and roles) from backend resources such as a database or a directory. An important new feature of Apache Syncope 1.2 is the ability to import non-cleartext passwords into Syncope when synchronizing from backend resources (and also ...
Continue reading →

Apache Syncope 1.2 tutorial - part I
4 months ago

By Colm O hEigeartaigh
Apache Syncope is a powerful and flexible open source tool to manage and orchestrate user identities for the enterprise. Last year, I wrote a series of four tutorials on Apache Syncope. The first covered how to create an Apache Syncope project, how to set up a MySQL database for internal storage, and how to deploy Apache Syncope to Apache Tomcat. The second covered how to import user identities and attributes from a database (Apache Derby) into ...
Continue reading →
More Articles (+10)

Pages

Subscribe to Talend Community Coders aggregator