This document discusses modularity and OSGi, including:
- What modularity is and why Java needs it to reduce entanglement over time
- An overview of Enterprise OSGi and how it brings enterprise technologies to OSGi
- New features in OSGi Service Platform Release 4 such as a standard application model and bundle repository
- A demonstration of a colors application that uses OSGi bundles and services
Java EE | Modular EJBs for Enterprise OSGi | Tim WardJAX London
2011-11-01 | 05:20 PM - 06:10 PM
Enterprise OSGi is all about enabling Java EE technologies in an OSGi environment. Modular EJB provides support for Enterprise Java Beans running inside OSGi, taking advantage of the framework's modularity. See how to: * Package EJBs for use in an OSGi environment * Make use of EJBs from other OSGi bundles * Consume OSGi services directly within your EJBs * Flow transactions between EJBs and OSGi
Just a brief introduction I have given my team to get into the OSGi topic. Guess it is not the highest academic level, but should be enough to understand the fundamentals of OSGi.
The presentation slides used during WSO2Con 2011 tutorial session. The tutorial included hands on sessions as well. The slides named as 'demo' refers to hadns-on sessions/demos.
Java EE | Modular EJBs for Enterprise OSGi | Tim WardJAX London
2011-11-01 | 05:20 PM - 06:10 PM
Enterprise OSGi is all about enabling Java EE technologies in an OSGi environment. Modular EJB provides support for Enterprise Java Beans running inside OSGi, taking advantage of the framework's modularity. See how to: * Package EJBs for use in an OSGi environment * Make use of EJBs from other OSGi bundles * Consume OSGi services directly within your EJBs * Flow transactions between EJBs and OSGi
Just a brief introduction I have given my team to get into the OSGi topic. Guess it is not the highest academic level, but should be enough to understand the fundamentals of OSGi.
The presentation slides used during WSO2Con 2011 tutorial session. The tutorial included hands on sessions as well. The slides named as 'demo' refers to hadns-on sessions/demos.
The Java platform is an unqualified success story. It’s used to develop applications
for everything from small mobile devices to massive enterprise endeavours.
But this success has come in spite of the fact that Java doesn’t have explicit support for building
modular systems beyond ordinary object-oriented data encapsulation
What does this mean to you? If Java is a success despite its lack of advanced modularization support, then you may wonder if that absence is a problem
Java 9 introduced the Java Platform Module System (JPMS) as a way to modularize the Java platform and it can be also be used by developers to modularize their own applications, although JPMS lack a number of important features for software running on the Java platform.
As people look to support the latest versions of the Java platform, changes introduced in Java 9 related to JPMS led to the needs for some features in the OSGi Core specification. OSGi framework implementations like Eclipse Equinox and Apache Felix and tools like Bnd were updated to support these new features.
In this core java training session, you will learn get introduction to Java. Topics covered in this session are:
• History of Java – A Programmer’s Perspective
• Salient Features of Java
• Major Java Editions
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
Lecture 13 from the IAG0040 Java course in TTÜ.
See the accompanying source code written during the lectures: https://github.com/angryziber/java-course
Bytecode Weaving in OSGi – Enhance Your Classes, Not Your Dependency graph! ...mfrancis
For a long time bytecode weaving in OSGi has been a cumbersome process. Using it's internal hooks Equinox has supported basic transformation since version 3.2, but there has still been no simple, standard way to enhance classes and add new dependencies to the bundle that contains them. The new OSGi WeavingHook whiteboard pattern, which allows any OSGi bundle, not just an Equinox framework extension, to weave classes from, and add dependencies to, other OSGi bundles. Also new in OSGi is the opportunity to scan the classpath of an OSGi bundle. Whilst the isolated, modular classpath of an OSGi bundle provides an excellent system for building Java applications, many extenders and libraries need to be able to search for classes or resources within the bundle. This function further aids weaving implementations by allowing them to search for resources, class and package name patterns, and other configuration without requiring specific metadata to be present. As the lead author for the Bytecode weaving design within the OSGi Alliance, and a committer in the Apache Aries project, Tim will use his expertise to demonstrate the power and flexibility of WeavingHooks, particularly in conjunction with the latest OSGi updates for classpath scanning. Drawing on real-world examples from the Apache Aries project Tim will use real-world examples to prove that first-class weaving support is now available in OSGi.
Java Course 7: Text processing, Charsets & EncodingsAnton Keks
Lecture 7 from the IAG0040 Java course in TTÜ.
See the accompanying source code written during the lectures: https://github.com/angryziber/java-course
Do you know the difference between charset & encoding? Every programmer nowadays MUST understand these terms, how they work, and how to use them. Otherwise we constantly face broken software refusing to work with international characters properly.
Java Core | Java 8 and OSGi Modularisation | Tim Ellison & Neil BartlettJAX London
The talk will cover a bit of background first to set things up: what is a module, why do we need a module system, summary of Java's existing support for modularity. Then it will move on to give a comparison of OSGi's and Jigsaw's dependency models. Pros and cons of each model in different environments will be discussed. Finally, opportunities and challenges for interoperability: from the perspective of both application developers (who may need to integrate modules from both kinds) and from library module developers (who may need to target both module systems)
The Java platform is an unqualified success story. It’s used to develop applications
for everything from small mobile devices to massive enterprise endeavours.
But this success has come in spite of the fact that Java doesn’t have explicit support for building
modular systems beyond ordinary object-oriented data encapsulation
What does this mean to you? If Java is a success despite its lack of advanced modularization support, then you may wonder if that absence is a problem
Java 9 introduced the Java Platform Module System (JPMS) as a way to modularize the Java platform and it can be also be used by developers to modularize their own applications, although JPMS lack a number of important features for software running on the Java platform.
As people look to support the latest versions of the Java platform, changes introduced in Java 9 related to JPMS led to the needs for some features in the OSGi Core specification. OSGi framework implementations like Eclipse Equinox and Apache Felix and tools like Bnd were updated to support these new features.
In this core java training session, you will learn get introduction to Java. Topics covered in this session are:
• History of Java – A Programmer’s Perspective
• Salient Features of Java
• Major Java Editions
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
Lecture 13 from the IAG0040 Java course in TTÜ.
See the accompanying source code written during the lectures: https://github.com/angryziber/java-course
Bytecode Weaving in OSGi – Enhance Your Classes, Not Your Dependency graph! ...mfrancis
For a long time bytecode weaving in OSGi has been a cumbersome process. Using it's internal hooks Equinox has supported basic transformation since version 3.2, but there has still been no simple, standard way to enhance classes and add new dependencies to the bundle that contains them. The new OSGi WeavingHook whiteboard pattern, which allows any OSGi bundle, not just an Equinox framework extension, to weave classes from, and add dependencies to, other OSGi bundles. Also new in OSGi is the opportunity to scan the classpath of an OSGi bundle. Whilst the isolated, modular classpath of an OSGi bundle provides an excellent system for building Java applications, many extenders and libraries need to be able to search for classes or resources within the bundle. This function further aids weaving implementations by allowing them to search for resources, class and package name patterns, and other configuration without requiring specific metadata to be present. As the lead author for the Bytecode weaving design within the OSGi Alliance, and a committer in the Apache Aries project, Tim will use his expertise to demonstrate the power and flexibility of WeavingHooks, particularly in conjunction with the latest OSGi updates for classpath scanning. Drawing on real-world examples from the Apache Aries project Tim will use real-world examples to prove that first-class weaving support is now available in OSGi.
Java Course 7: Text processing, Charsets & EncodingsAnton Keks
Lecture 7 from the IAG0040 Java course in TTÜ.
See the accompanying source code written during the lectures: https://github.com/angryziber/java-course
Do you know the difference between charset & encoding? Every programmer nowadays MUST understand these terms, how they work, and how to use them. Otherwise we constantly face broken software refusing to work with international characters properly.
Java Core | Java 8 and OSGi Modularisation | Tim Ellison & Neil BartlettJAX London
The talk will cover a bit of background first to set things up: what is a module, why do we need a module system, summary of Java's existing support for modularity. Then it will move on to give a comparison of OSGi's and Jigsaw's dependency models. Pros and cons of each model in different environments will be discussed. Finally, opportunities and challenges for interoperability: from the perspective of both application developers (who may need to integrate modules from both kinds) and from library module developers (who may need to target both module systems)
Using Open Source technologies to create Enterprise Level Cloud SystemOpenFest team
Using Open Source technologies to create Enterprise Level Cloud System, optimize your costs and offset your carbon footprint on the environment - Венелин Горнишки, Илиян Стоянов
Android | Busy Java Developers Guide to Android: Persistence | Ted NewardJAX London
2011-11-02 | 10:00 AM - 11:00 AM
The Android ecosystem offers a few different ways to store things across restarts, but because Android also runs Java, a few more options also make themselves available, which means the Android developer has a pretty wide assortment of choices available to her. In this session, we’ll talk about those available choices, the pros and cons of each, and how to and when to use them. (Note: this session assumes you have some familiarity with the Android environment.)
Java Tech & Tools | Just Keep Passing the Message | Russel WinderJAX London
2011-11-01 | 04:20 PM - 05:10 PM
With the increasing ubiquity of multicore and hence parallel systems people are needing better ways of structuring applications than using shared-memory multi-threading. In this session we will look at actors, agents and active objects -- and their implementation in GPars. GPars is a Groovy/Java framework for managing concurrency and parallelism. It leverages all the JSR166 APIs
Biologi Terapan - Laporan Perbedaan Pengaruh Bahan Tanam Terhadap Produktivi...21 Memento
PPT ini dibuat oleh Riksa Rizki Zetta Adeli beserta tim.
Di dalamnya, terdapat hasil pengamatan produktivitas tanaman mentimun. Semoga bermanfaat.
http://facebook.com/rrza28
http://twitter.com/risarizi
http://noonecanfly.blogspot.com
Christmas is approaching quickly, and here are some gift ideas for this holiday season. We will uncover related topics to hot Christmas gifts 2011, handmade Christmas gifts, Christmas holidays, new Christmas recipes for 2011, Christmas decorations 2011, and more!
Apache Tuscany is an open source project that simplifies the development, deployment and management of distributed applications built as compositions of service components. It is based on the Service Component Architecture specifications being defined by the OASIS Open SCA Collaboration. This presentation describe the experience to OSGi enable the Tuscany SCA runtime.
With the release of OSGi Enterprise 4.2, the role of OSGi has been extended into the enterprise, alongside what has traditionally been developed using JEE. This session will cover the best practices for developing OSGi Enterprise applications and OSGi bundles in order to utilise the full power of OSGi technology, followed by a demo of using these best practices to assembly an OSGi application. At the end of the session, you will be able to learn how to use OSGi in a recommended way.
A (very) quick introduction to OSGi for Java developers. These slides are meant to be a quick overview of the technology and make you understand how useful it can be.
A toolbox for statical analysis and transformation of OSGi bundlesOSGi User Group France
Nowadays, OSGi is becoming more and more popular in Java world. Consequently, the quantity of available bundles is increasing rapidly, and the means to verify and assess security guaranties about these artifacts are lacking. In the context of opening its platforms to third party applications, Orange is seeking the necessary mechanisms and tools that could be used in order to ensure platforms' protection and robustness. We propose a platform that offers several services that enable statical analysis and transformation of OSGi bundles. The services range from simple ones, like for instance a service for analyzing bundles' manifests, to more complex ones that allow byte-code inspection and transformation. The platform is itself built on OSGi for modularity and extensibility. We further demonstrate the usefulness of our approach by instrumenting an instance of the Eclipse IDE in order to monitor thread creation and CPU consumption per bundle.
Radu Kopetz, Technical Architect - Orange Labs
Java Tech & Tools | Continuous Delivery - the Writing is on the Wall | John S...JAX London
2011-11-01 | 10:40 AM - 11:40 AM
So you want to do continuous delivery but is it working and how does the team and the organisation know what's going on? Using wallboard, information radiators and even just bits of paper stuck to the wall can help you manage all your development.
Covering the many ways companies have visualised the mashinations of their work and providing tips on setting up your own uber information radiators.
Java Tech & Tools | Mapping, GIS and Geolocating Data in Java | Joachim Van d...JAX London
2011-11-02 | 03:45 PM - 04:35 PM
Introduction to mapping, geographic information systems and geolocalization. After covering basics like layers and projections, data formats and standards we will look at open source tools and Java libraries which can help you to build working solutions.
Keynote | Middleware Everywhere - Ready for Mobile and Cloud | Dr. Mark LittleJAX London
2011-11-01 | 09:45 AM-10:30 AM
The traditional role of middleware in the data center has been challenged to expand and meet the ubiquitous computing demands becoming more prevalent. The way applications are built, deployed, integrated and managed must accommodate the rapidly evolving mobile and cloud paradigms, without sacrificing security or performance. Open Standards, and a more agile stewardship of the Java Community Process will enable developers, architects and IT executives increase return on their existing IT investment and spur innovation in next generation application environments. Please join Dr. Mark Little, Sr. Director Middleware Engineering, as he discusses Red Hat's vision for how JBoss Enterprise Middleware will drive social, mobile and cloud computing.
Spring Day | WaveMaker - Spring Roo - SpringSource Tool Suite: Choosing the R...JAX London
2011-10-31 | 02:15 PM - 03:00 PM
There are many tools out there to help developers working with the Spring framework and its manifold extensions. But it's not always easy to choose the right tool for the job. This talk guides you through the tooling landscape for Spring and illustrates when to use Spring Roo, WaveMaker or the SpringSource Tool Suite. Demos and examples give the audience first-hand insights and useful hints how to use and combine those tools effectively.
Spring Day | Behind the Scenes at Spring Batch | Dave SyerJAX London
2011-10-31 | 01:30 PM - 02:15 PM
Spring Batch has a large user base and a good track record in production systems, but what is it all really about, and why does it work? This presentation provides a short bootstrap to get a new user started with the Batch domain, showing the key concepts and explaining the benefits of the framework. Then it goes into a deeper dive and looks at what holds it all together, with a close look at some of the most important but least understood features, including restart, retry and transactions.
Spring Day | Spring 3.1 in a Nutshell | Sam BrannenJAX London
2011-10-31 | 11:45 AM - 12:30 PM
Spring 3.1 introduces several eagerly awaited features including bean definition profiles (a.k.a., environment-specific configuration), enhanced Java-based application and infrastructure configuration (a la XML namespaces), and a new cache abstraction. This session will provide attendees with a high-level overview of these major new features, plus a quick look at additional enhancements to the framework such as the new c: namespace for constructor arguments, support for Servlet 3.0, improvements to Spring MVC and REST, and Spring's new integration testing support for profiles and configuration classes.
Spring Day | Identity Management with Spring Security | Dave SyerJAX London
2011-10-31 | 11:00 AM - 11:45 AM
Application and platform security requirements are changing under the influence of standards like OpenID and OAuth2, and the increasing demand for lightweight and multi-language platforms. Everyone used to be happy if they could implement single sign on for their Java web applications. That's still important, but there is a growing demand for more extensive Identity Management services, both in the enterprise and for public web applications. CloudFoundry is a nice use case for this new service model: it has multi-language support and security requirements that go beyond simple single sign on. What does that mean, and what does it mean for Spring Security? Come to this presentation to find out.
Spring Day | Spring and Scala | Eberhard WolffJAX London
2011-10-31 | 09:45 AM - 10:30 AM
Spring is widely used in the Java world - but does it make any sense to combine it with Scala? This talk gives an answer and shows how and why Spring is useful in the Scala world. All areas of Spring such as Dependency Injection, Aspect-Oriented Programming and the Portable Service Abstraction as well as Spring MVC are covered.
Java Tech & Tools | Beyond the Data Grid: Coherence, Normalisation, Joins and...JAX London
2011-11-02 | 02:25 PM - 03:15 PM
In 2009 RBS set out to build a single store of trade and risk data that all applications in the bank could access simultaniously. This talk discusses a number of novel techniques that were developed as part of this work. Based on Oracle Coherence the ODC departs from the trend set by most caching solutions by holding its data in a normalised form making it both memory efficient and easy to change. However it does this in a novel way that supports most arbitrary queries without the usual problems associated with distributed joins. We'll be discussing these patterns as well as others that allow linear scalability, fault tolerance and millisecond latencies.
Java Tech & Tools | Social Media in Programming in Java | Khanderao KandJAX London
2011-11-02 | 10:00 AM - 11:00 AM
With the popularity of Social media, businesses require to integrate ERP, CRM and Commerce apps with Social media for consumer monitoring, engagement, analytics, marketing, brand monitoring as well as influencing their purchases. This session covers Java tools, protocols, and frameworks for social media for Social CRM and Social Commerce. Covers: Oauth2, Social Graph, REST, JSON, Facebook & Twitter.
Java Tech & Tools | Grails in the Java Enterprise | Peter LedbrookJAX London
2011-11-01 | 03:00 PM - 03:50 PM
With all the buzz around rapid web application development frameworks, are enterprise developers left looking on enviously? Not at all. Grails brings the same benefits to Java developers while providing many options for enterprise integration. This talk shows you how to build Grails projects with Ant and Maven; what's involved in talking to legacy databases; and how to talk to Java components.
Java EE | Apache TomEE - Java EE Web Profile on Tomcat | Jonathan GallimoreJAX London
2011-11-01 | 04:20 PM - 05:10 PM
This session explores Apache TomEE, pronounced “Tommy”, an all-Apache Web Profile stack built on Tomcat, which adds all the Java EE Web Profile features, while taking nothing away. The session will show you how to get started with TomEE, how to use it with a sample application, and how you can test your application with TomEE using tools like Arquillian.
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...JAX London
2011-11-02 | 05:45 PM - 06:35 PM | Victoria
The Disruptor is new open-source concurrency framework, designed as a high performance mechanism for inter-thread messaging. It was developed at LMAX as part of our efforts to build the world's fastest financial exchange. Using the Disruptor as an example, this talk will explain of some of the more detailed and less understood areas of concurrency, such as memory barriers and cache coherency. These concepts are often regarded as scary complex magic only accessible by wizards like Doug Lea and Cliff Click. Our talk will try and demystify them and show that concurrency can be understood by us mere mortal programmers.
Java Core | JavaFX 2.0: Great User Interfaces in Java | Simon RitterJAX London
2011-11-02 | 01:30 PM - 02:15 PM | Victoria
With the recent release of Java SE 7 the Java platform is back on the move, addressing the needs of developers as platforms and applications change. This session will briefly recap recent developments in Java SE 7 and the Java Community Process before moving onto the current ideas for features in Java SE 8. Discussions are underway within Oracle about the main themes for Java SE 9 and beyond. We'll conclude with an open discussion around what features the audience would like to see included in future releases of the Java platform. Key points from this will be passed back to Java SE product management in Oracle.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
2. Overview
• Modularity and OSGi: what they are and
why Java needs them
• Enterprise OSGi
• What’s new in the OSGi Service
Platform Release 4 Early Draft 2011.09,
and why it’s important
• Demonstration
3. Modularity
So what is Modularity?
“(Desirable) property of a system, such
that individual components can be
examined, modified and maintained
PCIe x16
independently of the remainder of the
system. Objective is that changes in
one part of a system should not lead to
unexpected behavior in other parts.” VGA
DVI
www.cs.bath.ac.uk/~jap/MATH0015/glossary.html
4. Complexity and System Rot
Traditional
system
Modular
system
Modular
system
Traditional
system
Time Time
In a software system, entanglement is the
primary cause of decay.
5. Java needs help: enforcing modularity
makes entanglement less likely
• Java unit of modularity = JAR
• Enterprise apps are collections of
JARs
• But a JAR lacks the primary
characteristics of modularity:
People do
this to software
all the time!
• It does NOT hide its internals
• It does NOT declare its externals
• The global Java classpath does
NOT support versioning
6. What is OSGi?
• “The dynamic module system for Java”
– Mature 10-year old technology
– Governed by OSGi Alliance: http://www.osgi.org
– Used inside just about all Java-based middleware
• IBM WebSphere, Oracle WebLogic, Red Hat JBoss, Sun GlassFish, Paremus
Service Fabric, Eclipse Platform, Apache Geronimo, …
Jar Jar
Package Explicit exports Package
Class Class
Class Class
Class Class
Package Package
Class Class
Class Class
Class Class
Explicit dependencies
6
7. How does OSGi help reduce cost?
• Enforces architecture and simplifies maintenance
• Enables modular deployment
• Enables co-existence of multiple versions of libraries
– Simplifies independent evolution of applications
– Better separation of concern between application and middleware
• Enables truly dynamic update of modules within applications
Bundle Bundle
Package Explicit exports Package
Class Class
Class Class
Class Class
Package Package
Class Class
Class Class
Class Class
Explicit dependencies
7
8. OSGi Modules (aka Bundles)
Classloader
Bundle
• A Jar plus OSGi Manifest, includes: Manifes t-Ver sion : 1.0
Bundle- Manif estV ersi
– Bundle Identity Classloader
Bundle
– Exported Packages
Manifes t-Ver sion : 1.0
Bundle- Manif estV ersi
Classloader
Bundle
– Imported Packages
Manifes t-Ver sion : 1.0
Bundle- Manif estV ersi
• Dependency resolution Classloader
“wires” bundles into
Bundle
a dependency graph
Manifest-Version: 1.0
• Each gets its own
Bundle-ManifestVersion: 2
class loader
• Classloading
delegates via graph
Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: My Example Bundle
Bundle-SymbolicName: com.my.bundle
Bundle-Version: 1.0.0
Export-Package: com.something.i.provide;version="1.0.0"
Import-Package: com.something.i.need;version="[1.1,2.0)"
9. Dynamic Lifecycle
Bundle
• Bundles have a dynamic
lifecycle
• Can come and go
independently
• APIs enable graceful
reaction to changes
10. OSGi Services
service
Consumer get register Provider
Bundle Bundle
listen
• Publish/find/bind service model
– Fully dynamic
– Local
– Non-durable
• Primary mechanism for bundle collaboration
• POJO advertised with properties and/or interface and/or
class
11. OSGi Enterprise Specification
• Enterprise 4.2: Released 22 March 2010
– OSGi Enterprise Expert Group (EEG)
• Brings Enterprise technologies and OSGi together
• Using existing Java SE/EE specifications:
– JTA, JPA, JNDI, JMX, WebApps…
• Adds Spring-derived Blueprint component model and DI container
• New in the OSGi Service Platform release 4 early draft 2011.09:
– Standard application model
– Bundle repository
• Java EE provides the core enterprise application programming
model
• OSGi encourages modular design, simplifies reuse, and enables
dynamic module updates
12. OSGi Bundle Repository
• Standardizes the entities required to resolve requirements
– Used by the Subsystems specification for deployment
• Environment – enables context and policy
• Resolver – similar to runtime framework resolver
• Repository – provides candidate solutions to requirements
• Repository XML – interchange XML
Repository1
Resolver Environment Repository2
XML
Subsystem Repository3
13. Subsystems: Disclaimer
• Subsystems is an in-progress RFC.
What follows is a snapshot in time of the
expert group thinking and is subject to
change.
14. Subsystems: Motivation
• Enterprise Java platforms are awash with bundle
collections
– Apache Aries – Applications
– Apache Geronimo - Applications
– Apache Karaf – Features
– Eclipse Virgo – Plans, PARs
– IBM WebSphere Application Server –
Applications, Composites, Liberty Features
– Oracle GlassFish – Applications
– Paremus Service Fabric – Systems
• Crying out for standardization
– Portability
– Tools
– Ecosystem
15. Subsystems Model: Hierarchy
• Most common model is subsystem
hierarchy and so
Subsystems are no subsystem
different
– Each has 1 parent subsystem
– Each can have many children
subsystem subsystem
– Children of the same parent
are siblings
• Visually represented by subsystem subsystem
containment
16. Feature Subsystems
• Collection of Resources (e.g. feature
Bundles) bundle
• Shared life-cycle
• Can be nested feature
• No isolation or affinity bundle
• Repository-based
bundle
provisioning
bundle
• Examples: Karaf Features,
Virgo unscoped Plans
bundle bundle
18. Application Subsystems
• Model for hosted
applications application
bundle
• Isolated
• No sharing out, implicit bundle
sharing in
bundle
• Affinity
• Repository-based
provisioning
bundle bundle
• Examples: Aries
Application, Virgo Scoped
Plans, Virgo PARs
19. Example Combination
• Subsystem Types can be framework
mixed and matched
application application
• Example shows:
– Features used to assemble
a Composite composite
– Composite providing a feature feature
‘platform’ to Applications
feature
20. Portability
• Subsystem Manifests are
portable to a point Subsystem Definition
– Target Environment + Transitive
Dependencies must support the
required resource implementation Transitive
types (e.g. Blueprint, WAB, DS, Dependencies
etc)
• Transitive dependencies Target Environment
may be portable
– Different Target Environments
likely to require different Transitive
Dependencies
21. Packaging
• Packaged in a Subsystem my.first.subsystem.ssa
Archive
OSGI-INF/SUBSYSTEM.MF
• A zip file with .ssa
extension: OSGI-INF/DEPLOYMENT.MF
– Subsystem Manifest (optional)
– Deployment Manifest (optional)
an.osgi.bundle-1.0.0.jar
– Resources
(optional)
an.osgi.bundle2-1.0.0.jar
22. Start with an empty
Example Composite
Composite ACTIVE
23. Application Subsystem
Example installed and resolved
Composite ACTIVE
Application RESOLVED
bundle
RESOLVED
transitive bundle
RESOLVED
24. Second Application
Subsystem installed and
Example started
Composite ACTIVE
Application RESOLVED Application ACTIVE
bundle bundle
RESOLVED ACTIVE
transitive bundle transitive bundle
ACTIVE ACTIVE
25. Second Application
Example Subsystem uninstalled
Composite ACTIVE
Application RESOLVED Application UNINSTALLED
bundle bundle
RESOLVED UNINSTALLED
transitive bundle transitive bundle
RESOLVED UNINSTALLED
26. First Application Subsystem
Example uninstalled
Composite ACTIVE
Application UNINSTALLED Application UNINSTALLED
bundle bundle
UNINSTALLED UNINSTALLED
transitive bundle transitive bundle
UNINSTALLED UNINSTALLED
27. Subsystems: Summary
• With the publication of the next OSGi Service
Platform specification, subsystems will be the
standard way to manage groups of resources
• Version ranges allow flexibility in resource selection
• Subsystem types define sharing semantics
• Deployment definition
– locks down versions and sharing
– Identifies transitive dependencies
• API enables management of Subsystem life-cycle
29. Colors by WebSphere:
Bundles and Services
colors.provider.red
colors.web colors.blender
colors.provider.green
colors.provider.blue
colors.api
30. Colors by WebSphere: Color
services
Color services colors.provider.red
colors.web colors.blender
colors.provider.green
colors.provider.blue
colors.api
31. Colors by WebSphere: Color
services
Adjustment Service
colors.provider.red
(Extension Point)
colors.web colors.blender
colors.provider.green
colors.provider.blue
colors.api
32. Summary
• Modularity and OSGi: what they are and
why Java needs them
• Enterprise OSGi
• What’s new in the OSGi Service
Platform Release 4 Early Draft 2011.09,
and why it’s important
• Demonstration