Pre-conference seminar from the March 2010, Jasig (www.jasig.org) conference in San Diego, CA.
Additional presentation materials are available at the following page - http://www.ja-sig.org/wiki/display/JCON/JSR+286+Seminar+March+2010
Java Portlet 2.0 (JSR 286) SpecificationJohn Lewis
The Java Portlet 2.0 specification (JSR 286) introduces major new features for Portlet development. This session will detail the changes present in this new specification, including: a new eventing phase that allows portlets to communicate with each other, the ability to serve up resources directly out of the portlet, and full filtering support of portlet requests, along with a number of other minor changes and improvements.
This presentation gives an overview on Java standard portlets. It speaks about the trends in java portals and java specification requests created to achieve the Java portlet programming. It also tells the portal advantage over the conventional approach of web programming based on Java platform.
In this session, attendees will learn how to secure JSR-168 Portlets using the latest version of Acegi Security, called Spring Security 2.0. The 2.0 release of Spring Security includes new support for JSR-168 Portlet development. In this session we'll cover how the Acegi security model translates into the Portlet world, show how to configure the authentication provider for JSR-168 Portlets, and discuss the special interceptors for processing Portlet requests and for storing the security context in the Portlet session. Finally we'll show how Portlets and Servlets in the same webapp can share security context, which allows for secure AJAX calls and dynamic images from within Portlets.
Martin Nicklous, Software Architect, IBM Deutschland Research & Development GmbH
Neil Griffin, Software Architect, Liferay Inc
Portlet Specification 3.0 (JSR 362) is now feature-complete. This session discusses the new features and how easy it is for Java EE developers to write portlet applications. Demos include configuring portlets via annotations, integrating with microservices, integrating with client-side frameworks such as Angular/React/jQuery, client-side IPC via the portlet hub, CDI features, server-side async for long-running requests, and support for JSF 2.2 via the portlet bridge.
Java Portlet 2.0 (JSR 286) SpecificationJohn Lewis
The Java Portlet 2.0 specification (JSR 286) introduces major new features for Portlet development. This session will detail the changes present in this new specification, including: a new eventing phase that allows portlets to communicate with each other, the ability to serve up resources directly out of the portlet, and full filtering support of portlet requests, along with a number of other minor changes and improvements.
This presentation gives an overview on Java standard portlets. It speaks about the trends in java portals and java specification requests created to achieve the Java portlet programming. It also tells the portal advantage over the conventional approach of web programming based on Java platform.
In this session, attendees will learn how to secure JSR-168 Portlets using the latest version of Acegi Security, called Spring Security 2.0. The 2.0 release of Spring Security includes new support for JSR-168 Portlet development. In this session we'll cover how the Acegi security model translates into the Portlet world, show how to configure the authentication provider for JSR-168 Portlets, and discuss the special interceptors for processing Portlet requests and for storing the security context in the Portlet session. Finally we'll show how Portlets and Servlets in the same webapp can share security context, which allows for secure AJAX calls and dynamic images from within Portlets.
Martin Nicklous, Software Architect, IBM Deutschland Research & Development GmbH
Neil Griffin, Software Architect, Liferay Inc
Portlet Specification 3.0 (JSR 362) is now feature-complete. This session discusses the new features and how easy it is for Java EE developers to write portlet applications. Demos include configuring portlets via annotations, integrating with microservices, integrating with client-side frameworks such as Angular/React/jQuery, client-side IPC via the portlet hub, CDI features, server-side async for long-running requests, and support for JSF 2.2 via the portlet bridge.
Starting with Spring MVC 2.5, Annotation-Based Controllers became the preferred model for development (the Interface-based Controller hierarchy will be deprecated in Spring 3). This session will teach developers familiar with the old model how to use the new Annotation-based Controllers. This will also provide the basis for writing JSR 286 portlets using Spring 3.
Sample code available here:
http://www.ja-sig.org/wiki/x/vYS8AQ
Full screencast available here:
http://vimeo.com/10020881
This seminar provides an introduction to Portlet development using the Spring MVC framework. Topics include: quick introductions to Spring and JSR 168 Portlets, setting up a Portlet development environment, an overview of the Spring MVC API, and then a series of sample applications that cover specific topics like Handler Mappings, Controllers, Interceptors, Form Controllers, File Uploads and the new Annotation-based Mappings introduced in Spring 2.5.
Sample code is available at:
http://www.ja-sig.org/wiki/x/CACDAQ
This session will provide a complete tour of using the Spring MVC framework to build Java Portlets. It will include an in-depth review of a sample portlet application developed using the latest features of Spring MVC, including Annotation-based Controllers. If you are writing Portlets and using Spring, this session is for you.
We'll begin by discussing the unique differences and challenges when developing Portlets instead of traditional Servlet webapps. Then we'll talk about the unique approach that Spring MVC takes towards Portlets that fully leverages the Portlet lifecycle, instead of masking it like many other frameworks. We'll take an extensive tour of a sample application so we can see all the unique pieces of the framework in action. Finally we'll conclude with discussion of the upcoming support for the Portlet 2.0 (JSR 286) specification that will be part of Spring 3.0.
Starting with Spring MVC 2.5, Annotation-Based Controllers became the preferred model for development (the Interface-based Controller hierarchy will be deprecated in Spring 3). This session will teach developers familiar with the old model how to use the new Annotation-based Controllers. This will also provide the basis for writing JSR 286 portlets using Spring 3.
Sample code available here:
http://www.ja-sig.org/wiki/x/vYS8AQ
Full screencast available here:
http://vimeo.com/10020881
This seminar provides an introduction to Portlet development using the Spring MVC framework. Topics include: quick introductions to Spring and JSR 168 Portlets, setting up a Portlet development environment, an overview of the Spring MVC API, and then a series of sample applications that cover specific topics like Handler Mappings, Controllers, Interceptors, Form Controllers, File Uploads and the new Annotation-based Mappings introduced in Spring 2.5.
Sample code is available at:
http://www.ja-sig.org/wiki/x/CACDAQ
This session will provide a complete tour of using the Spring MVC framework to build Java Portlets. It will include an in-depth review of a sample portlet application developed using the latest features of Spring MVC, including Annotation-based Controllers. If you are writing Portlets and using Spring, this session is for you.
We'll begin by discussing the unique differences and challenges when developing Portlets instead of traditional Servlet webapps. Then we'll talk about the unique approach that Spring MVC takes towards Portlets that fully leverages the Portlet lifecycle, instead of masking it like many other frameworks. We'll take an extensive tour of a sample application so we can see all the unique pieces of the framework in action. Finally we'll conclude with discussion of the upcoming support for the Portlet 2.0 (JSR 286) specification that will be part of Spring 3.0.
This presentation gives a high level concepts and more of code to take a stab at developing a simple Restful server. I targeted people who would like to build a simple RESTFul server from scratch and experiment.
HTTP Whiteboard - OSGI Compendium 6.0 - How web apps should have been! - R Augemfrancis
OSGi Community Event 2014
Abstract:
The new HTTP Whiteboard API is a significant improvement over Http Service 1.2. In this talk we'll explore the uses and benefits of the new API and how that this should have been what java webapps were from the start.
3.1 Identify the uses for and the interfaces (or classes) and methods to achieve the following features:
Servlet context init. Parameters
Servlet context listener
Servlet context attribute listener
Session attribute listeners
3.2 Identify the WebApp deployment descriptor element name that declares the following features:
Servlet context init. Parameters
Servlet context listener
Servlet context attribute listener
Session attribute listeners
Pearson International has chosen to build a new offering using the Sakai Collaboration and Learning Environment to support instructors and students in many different regions around the world, including Japan, Germany, France, Sweden and more. This demo will look at what is unique to the project and what Sakai offers "out of the box."
Using Sakai Site Archive for Good not EvilCris Holdorph
The Sakai Site Archive feature has never been intended to be a general purpose import/export facility. However, when a recent project required this exact kind of behavior, the Sakai Site Archive facility was used as a starting point. This session will look at the the benefits of starting with Sakai's Site Archive system in order to create a general purpose import / export facility. We will look at how the system works with Sakai's modular tools and what problems/pitfalls come along with using it.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
178. Should be used when setting headers, cookies, the title, or next portlet modes
179.
180. RENDER_MARKUP on the second call, so now render the actual markup
181.
182. These cookies may be stored by the Portal and may not actually reach the client
183. Cookies set in the response of one phase will be available in subsequent phases (e.g. a cookie set in the action phase will be available during the render phase)
184.
185. Provided DOM element should be added to the markup <head> section of the response to the client
186. Support for this property is optional – verify via the MARKUP_HEAD_ELEMENT_SUPPORT property on the PortalContext
187. For a Render Response, should be done in RENDER_HEADERS sub-phase