| Time |
S |
Nick |
Message |
| 00:01 |
|
pdurbin |
sfisque: can you run a separate application that talks Spring Remoting to the SSO and talks to your main application with RMI or whatever you want? A (hopefully smallish) service in between, I mean, a bridge of sorts. |
| 00:03 |
|
pdurbin |
to avoid polluting the main app |
| 00:03 |
|
whartung |
isn't Hesssian Springs "native" wire protocl? |
| 00:03 |
|
sfisque |
yeah, i know there are "ways" to externalize spring. i'm trying to do this in a way that does not complicate the deployment (we have enough issues having them use glassfish. if "they" had their druthers, we'd be using spring inside of tomcat and there would be no glassfish). i figure if they're talking RMI, we "should" be able to get a remote stub that answers to the interfaces they provide and it's all just vanilla RMI as far as we're concerned. the o |
| 00:03 |
|
sfisque |
i dunno whartung |
| 00:03 |
|
sfisque |
hessian is caucho |
| 00:04 |
|
sfisque |
whether spring uses it "also" natively, i do not know |
| 00:04 |
|
whartung |
yea |
| 00:04 |
|
whartung |
burlap is an old protocol |
| 00:04 |
|
whartung |
so is hessian |
| 00:05 |
|
sfisque |
oh your'e right. brulap is caucho, hessian is spring |
| 00:05 |
|
sfisque |
i just re-read that page closer |
| 00:05 |
|
sfisque |
oh wait, i had it right, hessian is caucho. so now i must google burlap |
| 00:05 |
|
whartung |
yea |
| 00:06 |
|
sfisque |
javaeebot lucky burlap java protocol remote |
| 00:06 |
|
javaeebot |
sfisque: http://www.caucho.com/resin-3.0/protocols/burlap.xtp |
| 00:06 |
|
whartung |
what, no google protocol buffers?!?! |
| 00:06 |
|
sfisque |
that's just an encoding scheme, not a protocol |
| 00:06 |
|
sfisque |
xml-lite |
| 00:06 |
|
sfisque |
the local transit uses that in addition to json |
| 00:06 |
|
whartung |
yea, this is all just RPC over Something |
| 00:07 |
|
whartung |
so you're trying to get a compatible endpoint up? |
| 00:07 |
|
whartung |
to receive messages? |
| 00:07 |
|
sfisque |
i'm just hoping whichever proc they use, spring isnt doing "magic" |
| 00:07 |
|
sfisque |
consume |
| 00:07 |
|
whartung |
so to send messages? |
| 00:08 |
|
sfisque |
central identity service exposes services via spring remoting. i want to call and consume these services WITHOUT spring, if possible |
| 00:08 |
|
sfisque |
from our ee-app in GF 3.1 |
| 00:08 |
|
whartung |
well in theory you should be able to do it with the Caucho hessian jar me thinks |
| 00:08 |
|
sfisque |
IF they are using that proc |
| 00:08 |
|
pdurbin |
sfisque: and it's all JSON? |
| 00:08 |
|
sfisque |
depends on which protocol they have configured |
| 00:08 |
|
whartung |
yea, well, that's the nut -- which are they publishing? |
| 00:09 |
|
sfisque |
no, they have "re-exposed" some of the services to "external clients" via a json interface |
| 00:09 |
|
sfisque |
dunno yet whartung |
| 00:09 |
|
sfisque |
still awaiting "more info" |
| 00:09 |
|
whartung |
then I wouldn't worry about it. |
| 00:09 |
|
whartung |
they're NOT using RMI, cuz RMI is old school and hard to set up. |
| 00:09 |
|
whartung |
they're not using JMS because its RPC |
| 00:10 |
|
sfisque |
so i'm guessing, the "json interface" is probably just the spring web remoting |
| 00:10 |
|
whartung |
They're not using JAX-WS because, you know, ewww, SOAP |
| 00:10 |
|
sfisque |
hey, i like jax-ws |
| 00:10 |
|
whartung |
I bet they're using Hessian CUZ IT'S FAST YO! Rod saysso |
| 00:10 |
|
whartung |
and it's free |
| 00:10 |
|
sfisque |
ROFL |
| 00:10 |
|
whartung |
and it's default out of the box |
| 00:10 |
|
sfisque |
if so, they yeah, we might be able to get away with just linking in the hessian libs and be done with it |
| 00:11 |
|
sfisque |
i'm still putting my money that they are using spring web remoting |
| 00:11 |
|
whartung |
when you view the problem through the Hip/Lazy filters, Hessian is the first choice |
| 00:11 |
|
sfisque |
and all they probably did was document what it looks like "raw" for clients not using spring remoting natively |
| 00:11 |
|
whartung |
oh, maybe, but they still need a wire protocol |
| 00:12 |
|
sfisque |
it looks like hessian is http, the endpoint runs on 8080 |
| 00:12 |
|
sfisque |
so it's probably somethign like binary xml over http |
| 00:12 |
|
whartung |
yea |
| 00:13 |
|
whartung |
I mean, what else would it be lol |
| 00:13 |
|
sfisque |
ip over carrier pigeon |
| 00:13 |
|
sfisque |
:P |
| 00:13 |
|
sfisque |
braille via ip over carrier pigeon |
| 00:14 |
|
whartung |
here you go |
| 00:14 |
|
whartung |
"Spring HTTP invokers use the standard Java serialization mechanism" |
| 00:14 |
|
whartung |
yea, don't do that |
| 00:14 |
|
whartung |
they're just pumping writeObject to HTTP streams |
| 00:14 |
|
whartung |
that's just trouble, IMHO |
| 00:15 |
|
pdurbin |
sfisque: when is the "more info" coming? |
| 00:15 |
|
whartung |
"later", "soon" |
| 00:16 |
|
sfisque |
hopefully by tomorrow afternoon. likely monday or tuesday |
| 00:16 |
|
sfisque |
you know… timely |
| 00:16 |
|
pdurbin |
real soon now |
| 00:16 |
|
whartung |
Real Soon Now(™) |
| 00:17 |
|
sfisque |
whartung - yeah, unless they're base64'ing the payload, that could be REAL trouble |
| 00:17 |
|
whartung |
"nothing to see here, move along" |
| 00:17 |
|
whartung |
all right all, I must skedaddle |
| 00:17 |
|
whartung |
ttyt |
| 00:17 |
|
sfisque |
code strong! |
| 00:17 |
|
sfisque |
me too actually. time for me to pack up. so much time and so little to do..... |
| 00:17 |
|
* sfisque |
waves |
| 00:17 |
|
pdurbin |
o/ |
| 01:12 |
|
|
sfisque joined ##javaee |
| 03:23 |
|
|
sfisque1 joined ##javaee |
| 03:58 |
|
|
scripty joined ##javaee |
| 03:58 |
|
scripty |
Howdy |
| 03:58 |
|
scripty |
All |
| 04:42 |
|
|
dangertools joined ##javaee |
| 04:42 |
|
|
dangertools joined ##javaee |
| 06:00 |
|
scripty |
?? |
| 06:59 |
|
|
cheater_2 joined ##javaee |
| 08:19 |
|
|
AlexCzar joined ##javaee |
| 09:33 |
|
zoot |
so... |
| 10:08 |
|
* pdurbin |
reviews a few more talks: https://github.com/pdurbin/wiki/commits/master/java/javaone/2012.mdwn |
| 11:23 |
|
|
MegaMatt joined ##javaee |
| 12:29 |
|
|
tommmied joined ##javaee |
| 13:20 |
|
|
Naros joined ##javaee |
| 13:44 |
|
|
kobain joined ##javaee |
| 13:45 |
|
|
AlexCzar joined ##javaee |
| 14:08 |
|
|
SLovenberg joined ##javaee |
| 15:29 |
|
|
SLovenberg joined ##javaee |
| 15:32 |
|
|
cheturvedi joined ##javaee |
| 15:53 |
|
|
acuzio joined ##javaee |
| 15:54 |
|
|
SLovenberg joined ##javaee |
| 16:00 |
|
|
AlexCzar joined ##javaee |
| 16:22 |
|
|
acuzio joined ##javaee |
| 16:31 |
|
pdurbin |
new! https://jersey.java.net/release-notes/2.4.html |
| 16:45 |
|
semiosis |
jersey \m/ |
| 16:45 |
|
acuzio |
java.net is a terrible bloody domain |
| 16:45 |
|
acuzio |
it hosts jersey which i love - but 60%+ of the time the site is down - |
| 16:53 |
|
whartung |
I know, java.net is awful |
| 17:39 |
|
pdurbin |
it would be cool if there were a http://blogs.perl.org for Java. a central place where anyone could have a Java blog if they want one |
| 18:14 |
|
|
sfisque joined ##javaee |
| 18:27 |
|
|
cem_ joined ##javaee |
| 18:27 |
|
cem_ |
hi pdurbin |
| 18:28 |
|
pdurbin |
cem_: hey |
| 18:30 |
|
cem_ |
the last post sess and quest talked about caching but i still dont get it how to do caching , how to store the data in browser ? |
| 18:32 |
|
cem_ |
can someone help me |
| 18:33 |
|
whartung |
javabot lucky http caching |
| 18:33 |
|
whartung |
bah |
| 18:33 |
|
whartung |
javabot: lucky http caching |
| 18:33 |
|
whartung |
bah |
| 18:33 |
|
whartung |
I suckk |
| 18:33 |
|
sfisque |
javaeebot lucky http caching |
| 18:33 |
|
javaeebot |
sfisque: http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html |
| 18:33 |
|
whartung |
ah! |
| 18:33 |
|
whartung |
CLOSE! |
| 18:34 |
|
sfisque |
yet so far... |
| 18:34 |
|
sfisque |
:-) |
| 18:34 |
|
sfisque |
g'day |
| 18:34 |
|
whartung |
g'day sir |
| 18:35 |
|
sfisque |
so i was successful in testing "bypassing" the client side camel linkages and sending a template/vars into AMQ and having camel process it and send the desired email out. so i can begin removing camel client side from our build :-) |
| 18:35 |
|
sfisque |
which should drop about 20m from our war |
| 18:35 |
|
sfisque |
about 40% shrinkage |
| 18:35 |
|
whartung |
*cough* omg |
| 18:36 |
|
whartung |
"lightweight" |
| 18:36 |
|
sfisque |
yeah. i think that will speed up our build and deploy steps :-) |
| 18:36 |
|
whartung |
a little |
| 18:36 |
|
sfisque |
next step, hooking up to a remote spring remoted service without consuming spring on the client side. |
| 18:36 |
|
whartung |
get an SSD and quitcherwhining |
| 18:36 |
|
sfisque |
ROFL |
| 18:37 |
|
sfisque |
ssd's are over-rated atm. once i can by a 2.5 inch 2tb drive and not have it cost more than the notebook it's going in, i'm sold |
| 18:37 |
|
whartung |
no no no, hardly omg… (well, it depends...) |
| 18:37 |
|
cem_ |
what is the use of ipad ? |
| 18:38 |
|
whartung |
if you mean just raw storage, yea, but SSDs are stupid fast….stupid stupid stupid fast for writing. |
| 18:38 |
|
sfisque |
my big fear is the "half life" of flash. i'd hate to replace platters with ssd and find that the ssd dies too fast |
| 18:38 |
|
whartung |
IOPS is crazy |
| 18:38 |
|
whartung |
I think that's all hooey today, frankly. |
| 18:38 |
|
sfisque |
*nix OS's are hard on drives |
| 18:38 |
|
whartung |
I have an SSD in my mac here |
| 18:39 |
|
whartung |
hasn't spot it out yet |
| 18:39 |
|
whartung |
cem_: they're great for leveling tables |
| 18:39 |
|
sfisque |
ROFL |
| 18:39 |
|
cem_ |
LOL |
| 18:39 |
|
sfisque |
they're great consumption devices. my wife loves hers, but i could never handle that formfactor for authoring |
| 18:40 |
|
sfisque |
unless point and click programming were to really experience a break through |
| 18:40 |
|
whartung |
thats a granularity problem |
| 18:40 |
|
sfisque |
what the tablet market needs is the 21st century equivalent of hypercard |
| 18:40 |
|
whartung |
programing is too fine grained for "guis" |
| 18:41 |
|
whartung |
save light weight scripting.... |
| 18:41 |
|
sfisque |
depends. HC was phenominal for quickly building an app, but there's no current equivalent |
| 18:41 |
|
whartung |
or rewriting General Motors back end SOA ... |
| 18:45 |
|
pdurbin |
whartung: overheard: "adfs is probably the saml worlds nightmare" |
| 18:45 |
|
whartung |
adfs? |
| 18:45 |
|
whartung |
isn't that the Common Lisp package mangler? |
| 18:45 |
|
pdurbin |
heh. no |
| 18:45 |
|
sfisque |
javaeebot lucky adfs java |
| 18:45 |
|
pdurbin |
javaeebot: lucky adfs microsoft |
| 18:45 |
|
javaeebot |
sfisque: http://stackoverflow.com/a/7015244 |
| 18:45 |
|
javaeebot |
pdurbin: http://technet.microsoft.com/en-us/library/cc736690(v=ws.10).aspx |
| 18:45 |
|
pdurbin |
Active Directory Federation Services (ADFS) |
| 18:46 |
|
whartung |
oh, yea, well, that's AD |
| 18:46 |
|
whartung |
everythings a nightmare |
| 18:46 |
|
sfisque |
"hey, lets leverage kerberos, and add all sorts of non standard extensions…" YAY!!!! |
| 18:46 |
|
whartung |
YAY! |
| 18:47 |
|
pdurbin |
let's start #sso on freenode |
| 18:47 |
|
sfisque |
####sso |
| 18:47 |
|
pdurbin |
heh |
| 18:47 |
|
sfisque |
######################sso |
| 18:48 |
|
sfisque |
##javaPwnzWindowzCanS_ckIt |
| 18:51 |
|
pdurbin |
let's burn all the computers |
| 18:52 |
|
sfisque |
dewd, how can i plaze my g/\m3zzz? |
| 18:52 |
|
sfisque |
:P |
| 18:52 |
|
cem_ |
but how to update cache |
| 19:06 |
|
* pdurbin |
looks at SAML for dummies | SURFnet Blog - https://blog.surfnet.nl/?p=1417 |
| 19:07 |
|
pdurbin |
"You may wonder where exactly SURFconext should be positioned in al this. In fact, SURFconext acts as a proxy between the IDP and the SP. Although this slightly complicates matters when relaying messages between IDPs and SPs, the same basic idea as sketched here applies." |
| 19:08 |
|
pdurbin |
https://www.dataverse.nl/dvn/faces/login/SamlLoginPage.xhtml takes you to http://surfnet.nl |
| 19:13 |
|
pdurbin |
whartung: does that mean surfnet.nl is a "discovery" service? |
| 19:15 |
|
pdurbin |
javaeebot: lucky saml discovery service |
| 19:15 |
|
javaeebot |
pdurbin: https://wiki.oasis-open.org/security/IdpDiscoSvcProtonProfile |
| 19:34 |
|
|
syncsys_ joined ##javaee |
| 19:49 |
|
|
kobain joined ##javaee |
| 19:49 |
|
|
Guest41539 joined ##javaee |
| 19:50 |
|
|
kobain_ joined ##javaee |
| 19:50 |
|
|
Guest15203 joined ##javaee |
| 20:09 |
|
|
kobain99 joined ##javaee |
| 20:20 |
|
whartung |
no idea what that is pdurbin |
| 20:21 |
|
|
tommmied joined ##javaee |
| 20:21 |
|
pdurbin |
whartung: heh. no worries |
| 20:21 |
|
pdurbin |
it's from some other country or something ;) |
| 20:22 |
|
whartung |
looks like a normal profile workflow to me |
| 20:26 |
|
whartung |
they don't really speak as to where they are in the workflow |
| 20:26 |
|
whartung |
there are lots of places they can interject |
| 20:28 |
|
pdurbin |
how dare they interject |
| 20:30 |
|
pdurbin |
I see <file>${file.reference.oiosaml.java-discovery-1.2.war}</file> in nbproject/project.xml |
| 20:30 |
|
pdurbin |
so some discovery must be going on |
| 20:30 |
|
whartung |
I've not looked at any discovery profiles for saml I duynno what they might be discovering |
| 20:34 |
|
pdurbin |
whartung: well, I want to be able to support multiple IdPs per installation of our java ee app |
| 20:34 |
|
whartung |
I mean, that's fine, you don;t need an intermediary for that |
| 20:34 |
|
whartung |
(assuming standard compliance, bla bla bla) |
| 20:35 |
|
pdurbin |
hmm. ok. I was hoping not. that I don't need that surf thing or equivalent |
| 20:37 |
|
whartung |
In the end, to log in, you just need to push the AuthResponse to your app. Where this comes from is pretty much irrelevant |
| 20:38 |
|
pdurbin |
ok. makes sense |
| 20:38 |
|
pdurbin |
right now OIOSAML is doing that for me |
| 20:39 |
|
whartung |
right, you just need to decode the payload, authenticate it, react to the assertions, and move on. The payload source is secondary. |
| 20:48 |
|
pdurbin |
right. I'll work on that next |
| 20:48 |
|
pdurbin |
first I'm verifying that OIOSAML works with all the IdPs I care about |
| 20:48 |
|
whartung |
see the issue is |
| 20:48 |
|
whartung |
there's two issues |
| 20:48 |
|
pdurbin |
as I wrote at [dvn-auth] Is your Shibboleth IdP (Identity Provider) ready for OIOSAML testing? - https://lists.iq.harvard.edu/pipermail/dvn-auth/2013-October/000002.html |
| 20:48 |
|
whartung |
1) is the payload coming from someone you trust. |
| 20:49 |
|
whartung |
that's pretty straight forward (you can just try all of the certs you have, for example) |
| 20:49 |
|
whartung |
the harder problem |
| 20:49 |
|
whartung |
is that when someone hits your site the first time, is where do you redirect them to? |
| 20:49 |
|
whartung |
that's a different issue completely |
| 20:49 |
|
pdurbin |
like... "which institution are you from?" |
| 20:49 |
|
whartung |
since you may have "no idea" who this person is in order to "choose" the correct IDP |
| 20:49 |
|
whartung |
now, you you could prompt them with a list |
| 20:49 |
|
whartung |
yea |
| 20:49 |
|
whartung |
and then forward, and be done |
| 20:50 |
|
pdurbin |
well, that's what that surf page is |
| 20:50 |
|
sfisque |
assumedly, wouldnt u look them up in a directory (like ldap?) and get their ou=xxxx node? |
| 20:50 |
|
pdurbin |
people click their home institution |
| 20:50 |
|
whartung |
right, see that's another way of doing it |
| 20:50 |
|
pdurbin |
whartung: actually three are THREE issues |
| 20:50 |
|
whartung |
the "IdP" can do it. |
| 20:51 |
|
pdurbin |
3. pdurbin has to pick up the kids |
| 20:51 |
|
whartung |
if you send them to school/soccer/whatever with jerky, you don't have to rush off cuz they can live on their own for awhile... |
| 20:51 |
|
pdurbin |
whartung: but let's please pick this up later :) |
| 20:51 |
|
sfisque |
and make sure when they log in, the button is blue, otherwise, it's back to QA for you |
| 20:52 |
|
pdurbin |
or devops. eep! |
| 20:53 |
|
* pdurbin |
reassures the devops: http://irclog.perlgeek.de/crimsonfu/2013-10-25#i_7765455 |
| 21:02 |
|
|
syncsys_ joined ##javaee |
| 23:28 |
|
|
sfisque joined ##javaee |
