This blog on blogspot.com is now closed. I've moved all my posts over to my new domain:
http://blog.ypmania.net
See you there!
Thursday, April 22, 2010
Friday, January 8, 2010
WS-Security by WS-Obscurity (cont.)
In a previous post, I described a step to achieve a particular variant of WS-Security, which is the .NET way of signing a SOAP message with a Username token.
As it turns out, that's not always the full story. Although the signing is correctly done this way, the default implementation of WSS4J (which Apache CXF uses) sends timestamps with a millisecond accuracy. Although this is fully in line with the "RECOMMENDED" part of the WS-Security 1.0 specification, it is apparently something that Microsoft did not consider when writing WSE 1.0. As you can read, WSE 1.0 rejects the message if it has a millisecond time stamp.
I did find it quite surprising to find no other reference of this on the internet, except a page on MSDN which describes the "Microsoft.com Web Service".
Luckily, there's a quick way to switch off milliseconds for time stamps in CXF: just add a parameter
As it turns out, that's not always the full story. Although the signing is correctly done this way, the default implementation of WSS4J (which Apache CXF uses) sends timestamps with a millisecond accuracy. Although this is fully in line with the "RECOMMENDED" part of the WS-Security 1.0 specification, it is apparently something that Microsoft did not consider when writing WSE 1.0. As you can read, WSE 1.0 rejects the message if it has a millisecond time stamp.
I did find it quite surprising to find no other reference of this on the internet, except a page on MSDN which describes the "Microsoft.com Web Service".
Luckily, there's a quick way to switch off milliseconds for time stamps in CXF: just add a parameter
"precisionInMilliseconds" with the value "false" to the parameter map of your WSS4JOutInterceptor.
Thursday, November 12, 2009
JavaNight presentation
On the Capgemini Java Night, December 7th, I'll present a short session on Griffon. View my slides here:
You can download the example Griffon program here: mapper.zip
You can download the example Griffon program here: mapper.zip
Monday, October 12, 2009
WS-Security by WS-Obscurity
There's this great framework for Java webservice development called Apache CXF. In it's latest incarnation it's very well designed, completely configurable as Spring beans with minimal configuration, and in line with general WS-Security tendencies (usernametoken, timestamp, and X.509 signing). There are loads of online examples on how to configure CXF to achieve this.
Over on the .NET side, a popular way to deal with WS-Security apparently is to sign the request with the username token. I think I recall reading an example on MSDN doing exactly that. It's a perfectly valid part of the WS-Security standard, btw. However, since no private/public key is involved in the signing, it actually doesn't give you any security! Anybody could intercept the message and re-sign it, and so it doesn't add any value. That's probably the reason we don't see it over on the Java side.
Now the big question to me was, how do I call into such a .NET webservice from Java, knowing that it'll kick me out if I don't sign it? I looked long and hard into the CXF source code, and was about ready to write it myself. But, as it turns out, the solution was quite simple. The WSS4J framework (which CXF calls underneath) already has support for it!
Just take a look at
A quick Spring snippet for reference:
Over on the .NET side, a popular way to deal with WS-Security apparently is to sign the request with the username token. I think I recall reading an example on MSDN doing exactly that. It's a perfectly valid part of the WS-Security standard, btw. However, since no private/public key is involved in the signing, it actually doesn't give you any security! Anybody could intercept the message and re-sign it, and so it doesn't add any value. That's probably the reason we don't see it over on the Java side.
Now the big question to me was, how do I call into such a .NET webservice from Java, knowing that it'll kick me out if I don't sign it? I looked long and hard into the CXF source code, and was about ready to write it myself. But, as it turns out, the solution was quite simple. The WSS4J framework (which CXF calls underneath) already has support for it!
Just take a look at
org.apache.ws.security.handler.WSHandlerConstants. These are the (cryptic) strings that go into the "action" property of the WSS4JOutInterceptor, in your Spring configuration file. And there you go: if you include an action "UsernameTokenSignature", presto! The SOAP request is now (still pointlessly) signed with the username. A quick Spring snippet for reference:
<bean id="wss4jOutInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameTokenSignature Timestamp" />
<entry key="passwordType" value="PasswordDigest" />
<entry key="user" value="MYUSERNAME" />
<entry key="passwordCallbackRef">
<bean class="mypackage.MyPasswordCallback"/>
</entry>
</map>
</constructor-arg>
</bean>
Tuesday, September 29, 2009
TraktorSync 1.0 released
TraktorSync is a simple application that copies the "date added" field from your iTunes music library into your Traktor library. It does this by reading both program's library files, and then saving a new, updated version of the Traktor library file.
Download it here: TraktorSync-1.0.zip (link fixed)
Usage
First, make sure that neither Traktor nor iTunes is running. Also, you should have at least Java 1.5 installed.
Unzip the TraktorSync-.zip file into it's own folder. Open a command prompt, and enter:
Enter the correct paths to your iTunes music library (the XML file), and you Traktor collection.NML. To start the import process, press "Import".
A new collecion.nml file will be written to the current working directory (where you double-clicked the JAR file). You can use this file to replace your original traktor.nml (after making a backup).
The program will maintain a file ~/.traktorsync.properties, where the selected paths are remembered for future runs.
Please refer to the readme.txt file for additional information, and leave any feedback on traktorsync (AT) jan (DOT) ypmania (DOT) nl.
Download it here: TraktorSync-1.0.zip (link fixed)
Usage
First, make sure that neither Traktor nor iTunes is running. Also, you should have at least Java 1.5 installed.
Unzip the TraktorSync-
java -Xmx512M -jar TraktorSync.jarEnter the correct paths to your iTunes music library (the XML file), and you Traktor collection.NML. To start the import process, press "Import".
A new collecion.nml file will be written to the current working directory (where you double-clicked the JAR file). You can use this file to replace your original traktor.nml (after making a backup).
The program will maintain a file ~/.traktorsync.properties, where the selected paths are remembered for future runs.
Please refer to the readme.txt file for additional information, and leave any feedback on traktorsync (AT) jan (DOT) ypmania (DOT) nl.
Sunday, July 5, 2009
Decks times four
Distributing your time amongst so many creative interests can be a challenge. As some of you know, I'm actively trying to balance between learning to play the guitar, practicing keyboard riffs for my band, looking into photography, learning kung-fu, and practicing Danish in the meantime. Throw in a demanding job, an attempt at a social life, and you might understand why it's been a while since my last recorded mix.
BUT: The times have changed. The groove is back. Times four, this time! My new set-up controls 4 players at once. That makes for some very creative blends! Enough talking, go and listen to it for yourself:
Crazy Dutchman - July 2009 Mix (mp3)
Tracklist
1. You Re Not Alone 2009 - Liz Kay (Dave Darell Remix)
2. If You Knew - Chris Lake ft. Nastala (Atfc Main Mix)
3. Pulverturm 3.0 - Niels van Gogh vs. Eniac (Yvan & Dan Daniel Remix)
4. Party People - Ralvero ft. Mc Boogshe (Original Vocal Mix)
5. Chunga - Havana Funk vs. Friscia Lamboy (Phunk Investigation Mix)
6. Put Your Hands On - No Halo (Alex Gaudino Remix)
7. Kick Out The Jams - Moguai (Original Mix)
8. The Pressure - Haji & Emanuel ft. Beverly Knight (Seamus Haji Remix)
9. Bruised Water - Chicane ft. Natasha Bedingfield (Michael Woods Full Vocal Mix)
10. All The Things She Said - JensO (Michael Mind Mix)
11. Do It All Night - Darius & Finlay (Michael Mind Remix)
12. Dirty Music - Scooter and Lavelle (The Fidgitive's More Dirty Remix)
13. Human - The Killers (Ferry Corsten Dub Remix)
14. Me And Myself - Ben DJ ft Sushy (Wolfgang Gartner Remix)
15. Deep In Chicago - Funky Soldiers ft. K Alexi (Central Avenue Mix)
16. Release Yourself - Lissat & Voltaxx (Vocal Club Mix)
17. Partouze - Steve Angello & Sebastian Ingrosso (Jean Elan Remix)
18. Keep This Fire Burning - Outsiders ft. Amanda Wilson (Christian Fischer Mix)
19. Show Me Love - Steve Angello & Laidback Luke ft. Robin S (Hardwell Sunrise Mix)
20. Gebongt - Heiko & Maiko (Francesco Morelli Remix)
21. Take Me There - Kim Jofferey and Natalie Konan (Chris Kaeser Remix)
22. Acid Hero - Tokyo Love Link (Aqualuce's Trip Mix)
23. Give Me A Reason EP - Digital Manges (Mightyfools Remix)
24. Nice Boys - Amy Studt (Soha & Adam K Dub)
25. Keep Control Plus - Sono (Fedde Le Grand Remix)
26. Mana Mana - Finger and Kadel (Bigroom Mix)
27. Clap - Wolfgang Gartner
28. Is It Love - The Teachers (2-4 Grooves Remix)
29. Wash My World - Laurent Wolf (Anton Wick Remix)
30. Modern Times - Steve Forest vs. Chriss Ortega feat. Marcus Pearson (Chriss Ortega Mix)
31. Poker Face - Lady GaGa (Dave Aude Club Mix)
BUT: The times have changed. The groove is back. Times four, this time! My new set-up controls 4 players at once. That makes for some very creative blends! Enough talking, go and listen to it for yourself:
Crazy Dutchman - July 2009 Mix (mp3)
Tracklist
1. You Re Not Alone 2009 - Liz Kay (Dave Darell Remix)
2. If You Knew - Chris Lake ft. Nastala (Atfc Main Mix)
3. Pulverturm 3.0 - Niels van Gogh vs. Eniac (Yvan & Dan Daniel Remix)
4. Party People - Ralvero ft. Mc Boogshe (Original Vocal Mix)
5. Chunga - Havana Funk vs. Friscia Lamboy (Phunk Investigation Mix)
6. Put Your Hands On - No Halo (Alex Gaudino Remix)
7. Kick Out The Jams - Moguai (Original Mix)
8. The Pressure - Haji & Emanuel ft. Beverly Knight (Seamus Haji Remix)
9. Bruised Water - Chicane ft. Natasha Bedingfield (Michael Woods Full Vocal Mix)
10. All The Things She Said - JensO (Michael Mind Mix)
11. Do It All Night - Darius & Finlay (Michael Mind Remix)
12. Dirty Music - Scooter and Lavelle (The Fidgitive's More Dirty Remix)
13. Human - The Killers (Ferry Corsten Dub Remix)
14. Me And Myself - Ben DJ ft Sushy (Wolfgang Gartner Remix)
15. Deep In Chicago - Funky Soldiers ft. K Alexi (Central Avenue Mix)
16. Release Yourself - Lissat & Voltaxx (Vocal Club Mix)
17. Partouze - Steve Angello & Sebastian Ingrosso (Jean Elan Remix)
18. Keep This Fire Burning - Outsiders ft. Amanda Wilson (Christian Fischer Mix)
19. Show Me Love - Steve Angello & Laidback Luke ft. Robin S (Hardwell Sunrise Mix)
20. Gebongt - Heiko & Maiko (Francesco Morelli Remix)
21. Take Me There - Kim Jofferey and Natalie Konan (Chris Kaeser Remix)
22. Acid Hero - Tokyo Love Link (Aqualuce's Trip Mix)
23. Give Me A Reason EP - Digital Manges (Mightyfools Remix)
24. Nice Boys - Amy Studt (Soha & Adam K Dub)
25. Keep Control Plus - Sono (Fedde Le Grand Remix)
26. Mana Mana - Finger and Kadel (Bigroom Mix)
27. Clap - Wolfgang Gartner
28. Is It Love - The Teachers (2-4 Grooves Remix)
29. Wash My World - Laurent Wolf (Anton Wick Remix)
30. Modern Times - Steve Forest vs. Chriss Ortega feat. Marcus Pearson (Chriss Ortega Mix)
31. Poker Face - Lady GaGa (Dave Aude Club Mix)
Sunday, February 22, 2009
Interesting video about money mechanics
I've recently watched the video below, "Money as Dept". Although not new information for me, it has a surprisingly accesible way of describing the modern fractional reserve banking system, and it's inherent problems. This is one of the few videos on the topic that is able to describe it objectively, without resorting too much to terms like "fraud" and "guilt". I wonder how the public reaction to the current economic recession would be, if people all had the information in this video :-)
Subscribe to:
Posts (Atom)