Ralph's Open Source Blog

24/06/2017

JSF – RequestScoped CDI Beans and Imixs-Workflow

You can use Imixs-Workflow with a RequestScoped CDI Bean in JSF easily. The thing which is important is that you add two hidden fields into your form containing the $uniqueid and $version.

<!-- Workflow Events -->
 <ui:repeat var="event" value="#{workflowController.events}">
 <h:commandButton action="#{workflowController.process}"
 value="#{event.item['txtname']}">

 <f:setPropertyActionListener
 target="#{workflowController.workitem.item['$ActivityID']}"
 value="#{event.item['numactivityid']}" />

 </h:commandButton>
 </ui:repeat>
 <h:inputHidden value="#{workflowController.workitem.item['$uniqueid']}" />
 <h:inputHidden value="#{workflowController.workitem.item['$version']}" />

This mechanism ensures that the form can not be posted back to the server if the workitem was processed in the meantime. This situation can occur if the user opens the same workitem in multible browser tabs and tries to submit the same workitem form different tabs without refreshing the content. It also secures the situation when the user opens different worktiems in different tabs and tries to submit.

The Imixs-JSF project still uses ConversationScoped CDI Beans. The reason is an issue with the fileUploadController. But I think we will got back to RequestScoped also for the workflowController CID Bean in the future.

18/05/201710/05/2018

Why we Should not blindly Trust in Microservices

Today, a great deal is written every week about microservices on the Internet. I myself think, that Microservices offer many advantages. And so also I build such kind of services in my own open source workflow engine project. But today I read an article about Microservices which contained a funny picture. The picture should underpin the advantages of separating functions into a microservice architecture with an almost non-existent centralized management. The picture looks something like this:

I asked myself: Which of the two diagrams appears to me, as a software architect, as the clearer one…?

Have we not worked out for years an architecture, that allows us to reduce complexity? With Java EE, which seems to be an synonym for the evil monolithic architecture, we have now a concept which allows us to combine and connect different components (services) in an easy way. And with Java EE application servers we have a professional platform to control all these kinds of services.

Of course, it is painful to learn all the concepts about EJBs, Transactions, JNDI Resources and Pool-Management. And yes, as a beginner you are confronted with all these concepts if you try to succeed with the Java EE platform. But after that, you have a highly scalable, easy to manage platform running your piece of software.

When I am reading all the adulation for having separated databases, with services implemented in different languages, connected to each other without explicit contracts, I’m pretty sure, that in the next few years we have a lot of work, to bring back systems to the left side of the image.

26/04/201710/05/2018

Eclipse: Avoid Validation of Maven /target Folders

In eclipse maven project it’s annoying that Eclipse IDE always validates all files from the /target/ folders – which makes no sense in any case.

To avoid this validation you can disable the specific validator in the workspace preferences. Go to validators and edit the XML and JSF Validator and add a ‘Exclude Group – Rule’ for the folder

/target

You can also exclude specific files. In my case I exclude the file

glassfish-application.xml

23/04/201707/10/2020

Run a Docker Container with Non-Privileged User

When you build your own Docker Image with a Dockerfile, your process inside this container will typically run as the root user per default. This can be a security issue for productive environments in case your process becomes vulnerable. Continue reading “Run a Docker Container with Non-Privileged User”

22/04/201710/05/2018

How to Setup a Private Docker Registry

In this short tutorial I will show how to setup a private Docker registry. A private registry can be helpful if you want to distribute docker images in a large developer team or provide docker images to your customers. The tutorial assumes that you have a server with a docker daemon running in your network environment or internet. The goal is to push locally build docker images to the docker registry, so that other team members or customers can pull those images without the need to build the images from a Docker file. In the Imixs-Workflow Project we use such a private registry to support our customers with custom docker images. Continue reading “How to Setup a Private Docker Registry”

17/12/2016

Deploy Gitbucket on Wildfly

When trying to deploy the Gitbucket project into wildfly I go tthe following error message:

WARN [org.jboss.modules] (ServerService Thread Pool -- 81) Failed to define class liquibase.serializer.core.yaml.YamlSerializer$LiquibaseRepresenter in Module "deployment.gitbucket.war:main" from Service Module Loader: java.lang.NoClassDefFoundError: Failed to link liquibase/serializer/core/yaml/YamlSerializer$LiquibaseRepresenter (Module "deployment.gitbucket.war:main" from Service Module Loader): org/yaml/snakeyaml/representer/Representer ...

This is a known issue and discussed here.

You can fix it if you add the file ‘jboss-deployment-structure.xml’ into the WEB-INF/ folder with the following content:

<jboss-deployment-structure>
  <deployment>
    <dependencies>
      <system export="true">
        <paths>
          <path name="com/sun/net/ssl/internal/ssl" />
          <path name="com/sun/net/ssl" />
        </paths>
      </system>
      <!-- add snakeyaml dependency -->
      <module name="org.yaml.snakeyaml"/>
    </dependencies>
  </deployment>
</jboss-deployment-structure>

How to install:

The following is a short install guide how to modify the gitbucket.war downloaded form the project release page:

1.) Download latest version from release page:

wget https://github.com/gitbucket/gitbucket/releases/download/4.7.1/gitbucket.war

change the version if needed

2.) unzip the war file

unzip gitbucket.war -d tmp/gitbucket.war

3.) create the ‘jboss-deployment-structure.xml’ file and add the content as explained above. Than copy the file into the WEB-INF folder

cp jboss-deployment-structure.xml /tmp/gitbucket.war/WEB-INF/

4.) create the doDeploy file

touch tmp/gitbucket.war/gitbucket.war.dodeploy

5.) start deployment by moving the folder to the wildfly deploy directory

cd tmp/
mv gitbucket.war /opt/wildfly/standalone/deployments/

Install Script

You can use also my install script from here to install gitbucket on Wildfly 9.x & 10.x under Linux.

/bin/bash wildfly-install.sh [INSTALLDIR] [GITBUCKET-VERSION]

You can specify the install directory of your wilfly installation and the gitbucket version.

Example:

/bin/bash wildfly-install.sh [INSTALLDIR] [GITBUCKET-VERSION]

Note: The script must be run as root. The script assumes that wildfly is running with the user ‘wildfly’. You can change this in your script if needed.

10/12/201610/05/2018

Using Keycloak for Wildfly Applications

Keycloak is a Open Source Identity and Access Management Server which can be used together with Wildfly to authenticate users with a modern authentication mechanism based on OpenID Connect and OAuth.

This is a short tutorial how to setup a Keycloak server and configure a wildfly web application to use keycloak to authenticate users. Continue reading “Using Keycloak for Wildfly Applications”

19/11/201610/05/2018

Why we should secure Business Objects?

Most applications deal with security in a functional way. This means that a business application typically defines different functional roles which are mapped to different users. For example let’s look on a simple Ordering System. In an Ordering System we will have roles like

‘Order-Creator‘ – creating the order
‘Order-Approver‘ – validating and approving
‘Order-Executor‘ – execution

These roles are typical for such an business application and mostly tightly coupled to the corresponding business methods – e.g. createOrder(), approveOrder() and executeOrder(). This works well in a monolithic business application where we can control the security layers as also the business logic. But as more complex the business application becomes, also the enclosed security becomes more complicated. For modern application design in addition we often have to deal with external web services and business logic which need to be adapted easily to changing requirements. So this static security model leads into a hell of hard coded business rules or, what is worse, can no longer guarantee the security. Continue reading “Why we should secure Business Objects?”

22/10/2016

Wildfly – Install PostgreSQL JDBC Driver as a Module

Instead of deploying a JDBC driver with the wildfly auto-deploy feature, the driver can be alternatively installed as an module. This is also necessary to be used with XA-Datasources. So it is a recommended way to install the driver as a module. The following section shows how to a jdbc driver module is created. Continue reading “Wildfly – Install PostgreSQL JDBC Driver as a Module”

05/09/201610/05/2018

Why it’s Better to Trust in Java EE?

These days it seems to me that everyone blabs about the blessing of microservices and the new architectural style. In most articles about the new glory architecture of microservices, it’s generally assumed, that Java EE is slow, dull and scales poorly. There seems to be a big misunderstanding about what Java EE really is. And I even assume that not many of the young believers in the new world of microservices have engaged much with the concepts of Java EE. I’m taking here three examples each developer is confronted with. And perhaps you will rethink of these scenarios in the light of Java EE. Continue reading “Why it’s Better to Trust in Java EE?”