Poche chiacchiere e tanto codice per cercare rendere la nostra vita di
sviluppatori più divertente.
Parleremo di JAX-RS, le annotazioni, l'MVC che mette a disposizione e
l'integrazione di Jersey con Guice.
Useremo AOP per gestire log, transazioni e con l'aiuto di Infinispan
limiteremo le chamate concorrenti sul nostro cluster.
REX about JavaFX8 used in SlideshowFX. This presentation covers concept from JavaFX as well as technologies like OSGi, Vert.x, LeapMotion, nashorn and friends in order to make them communicate inside one application developed in JavaFX.
This presentation was made at the ElsassJUG
JavaFX 8 est disponible depuis mars 2014 et apporte son lot de nouveautés. Gradle est en version 2 depuis juillet 2014. Deux technologies plus que prometteuses: JavaFX donne un coup de jeune au développement d’applications desktop en Java en apportant un navigateur web intégré, le support des WebSockets, de la 3D, et bien d’autres. Gradle est l’outil de d’automatisation de build à la mode, apportant de superbes possibilités par rapport rapport à maven, outil vieillissant, grâce à l’engouement de la communauté vis à vis de cet outil mais aussi par le fait de la technologie utilisée en son sein: groovy. Venez découvrir comment il est possible de réaliser rapidement une application à la mode en JavaFX avec un outil à la mode également. Bref venez à une session trendy.
REX about JavaFX8 used in SlideshowFX. This presentation covers concept from JavaFX as well as technologies like OSGi, Vert.x, LeapMotion, nashorn and friends in order to make them communicate inside one application developed in JavaFX.
This presentation was made at the ElsassJUG
JavaFX 8 est disponible depuis mars 2014 et apporte son lot de nouveautés. Gradle est en version 2 depuis juillet 2014. Deux technologies plus que prometteuses: JavaFX donne un coup de jeune au développement d’applications desktop en Java en apportant un navigateur web intégré, le support des WebSockets, de la 3D, et bien d’autres. Gradle est l’outil de d’automatisation de build à la mode, apportant de superbes possibilités par rapport rapport à maven, outil vieillissant, grâce à l’engouement de la communauté vis à vis de cet outil mais aussi par le fait de la technologie utilisée en son sein: groovy. Venez découvrir comment il est possible de réaliser rapidement une application à la mode en JavaFX avec un outil à la mode également. Bref venez à une session trendy.
program list:
WAP program to show constructor overloading using static member.
WAP to implement multilevel inheritance and method overriding.
WAP to implement interface class and show use of package.
WAP to implement multilevel exception handling and create your own exception.
WAP to implement 3 threads such that 1st sleeps for 200ms, 2nd for 400ms and 3rd for 600ms.
WAP to create applet of moving banner.
WAP to make a simple calculator.
Build a client server chat application.
The easy way to develop Java applications has always been the standard stack (Spring, JEE, SQL) that confirms the LAMP equivalent in Java-speak. This presentation compares this model with a real use case based on Guice, Jersey and AppEngine.
program list:
WAP program to show constructor overloading using static member.
WAP to implement multilevel inheritance and method overriding.
WAP to implement interface class and show use of package.
WAP to implement multilevel exception handling and create your own exception.
WAP to implement 3 threads such that 1st sleeps for 200ms, 2nd for 400ms and 3rd for 600ms.
WAP to create applet of moving banner.
WAP to make a simple calculator.
Build a client server chat application.
The easy way to develop Java applications has always been the standard stack (Spring, JEE, SQL) that confirms the LAMP equivalent in Java-speak. This presentation compares this model with a real use case based on Guice, Jersey and AppEngine.
MongoDB is the trusted document store we turn to when we have tough data store problems to solve. For this talk we are going to go a little bit off the path and explore what other roles we can fit MongoDB into. Others have discussed how to turn MongoDB’s capped collections into a publish/subscribe server. We stretch that a little further and turn MongoDB into a full fledged broker with both publish/subscribe and queue semantics, and a the ability to mix them. We will provide code and a running demo of the queue producers and consumers. Next we will turn to coordination services: We will explore the fundamental features and show how to implement them using MongoDB as the storage engine. Again we will show the code and demo the coordination of multiple applications.
Ten useful JavaScript tips & best practicesAnkit Rastogi
In this presentation there are ten useful JavaScript techniques which can be included in your application easily with less friction along with some AngularJs tips and best practices as a bonus. These tips and best practices are accompanied by examples & will cover script loading, design pattern, performance optimization and other areas.
Since best practices are very subjective topics, proper benchmarking needs to be done.
L’eXtensible Markup Language, fin dalla sua nascita, ha avuto un gran consenso da parte di tutti gli attori che operano nel mondo informatico, diventando di fatto la base di molte applicazioni, in particolar modo di quelle che fondano la loro attività sullo scambio di informazioni, per la sua semplicità ed interoperabilità.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. Chi sono?
@PerRequest
public class Presentation {
@GET
@Path("/JugMilano/People/DomenicoBriganti")
@Produces(MediaType.APPLICATION_JSON)
public Response getUserDetails() {
UserDetails userdet = new UserDetails();
userdet.setCompany("Eidon srl");
userdet.setEmail("dometec@gmail.com");
userdet.setLinkedin("http://www.linkedin.com/in/dometec");
userdet.setBlog("http://tipsaboutmywork.blogspot.com/");
...
return Response.ok(userdet).build();
}
JUG Milano – Meeting #48 2
3. Agenda
JAX-RS
Jersey con Guice/AOP
Demos:
Log delle richieste
Trim dei parametri Stringa in ingresso
Evitare chiamate identiche su un cluster
Transazioni
Login cookie
JUG Milano – Meeting #48 3
4. JAX-RS
Java API for RESTful Web Services
Release 1.1, JSR 311, 2009, JEE6 Full
Release futura 2.0, JSR 339, (EDR2 2012), JEE7
Package: javax.ws.rest
Implementazioni: Jersey (RI), Apache CXF,
RESTEasy, Apache Wink
JUG Milano – Meeting #48 4
5. Jersey
Open source, RI for JAX-RS
Jersey 1.x (1.13b1) implements JAX-RS 1.1
Jersey 2.x (mileston 3) implements JAX-RS 2
CDDL + GPL 1.1
JUG Milano – Meeting #48 5
6. Jersey Hello World
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
@Path("/hello")
public class HelloWorldService {
@GET
@Path("/{param}")
public Response getMsg(@PathParam("param") String msg) {
String output = "Echo: " + msg;
return Response.ok(output).build();
}
}
JUG Milano – Meeting #48 6
12. Demo 1 – Log delle richieste (interc.)
public class LogCall implements MethodInterceptor {
public Object invoke(MethodInvocation invocation) throws Throwable {
Logger logger = LoggerFactory.getLogger(invocation.getThis().getClass());
String arg = Joiner.on(", ").useForNull("null").join(invocation.getArguments());
logger.debug("{} ({}).", invocation.getMethod().getName(), arg);
Object result = invocation.proceed();
logger.trace("Output: {}.", result);
return result;
}
}
JUG Milano – Meeting #48 12
13. Demo 1 – Log delle richieste (bind)
public class GuiceConfig extends GuiceServletContextListener {
@Override
protected Injector getInjector() {
return Guice.createInjector(new JerseyServletModule() {
@Override
protected void configureServlets() {
Map<String, String> params = new HashMap<String, String>();
params.put(PackagesResourceConfig.PROPERTY_PACKAGES, "org.example.demo");
...
filter("/*").through(GuiceContainer.class, params);
install(new Module() {
public void configure(Binder binder) {
LogCall logCall = new LogCall();
TrimAndNullInterceptor trimAndNullableInterceptor = new TrimAndNullInterceptor();
bindInterceptor(
Matchers.annotatedWith(Path.class),
Matchers.annotatedWith(GET.class).or(Matchers.annotatedWith(POST.class))
.or(Matchers.annotatedWith(PUT.class)).or(Matchers.annotatedWith(DELETE.class)),
trimAndNullableInterceptor, logCall);
JUG Milano – Meeting #48 13
14. Demo 2 – Trim parametri (interc.)
public class TrimAndNullInterceptor implements MethodInterceptor {
public Object invoke(MethodInvocation invocation) throws Throwable {
for (int i = 0; i < invocation.getArguments().length; i++) {
if (invocation.getArguments()[i] != null &&
invocation.getArguments()[i] instanceof String) {
String sparam = (String) invocation.getArguments()[i];
String trim = sparam.trim();
if (trim.isEmpty())
invocation.getArguments()[i] = null;
else
invocation.getArguments()[i] = trim;
}
}
return invocation.proceed();
}
}
JUG Milano – Meeting #48 14
15. Demo 2 – Trim parametri (bind)
public class GuiceConfig extends GuiceServletContextListener {
@Override
protected Injector getInjector() {
return Guice.createInjector(new JerseyServletModule() {
@Override
protected void configureServlets() {
Map<String, String> params = new HashMap<String, String>();
params.put(PackagesResourceConfig.PROPERTY_PACKAGES, "org.example.demo");
...
filter("/*").through(GuiceContainer.class, params);
install(new Module() {
public void configure(Binder binder) {
LogCall logCall = new LogCall();
TrimAndNullInterceptor trimAndNullableInterceptor = new TrimAndNullInterceptor();
bindInterceptor(
Matchers.annotatedWith(Path.class),
Matchers.annotatedWith(GET.class).or(Matchers.annotatedWith(POST.class))
.or(Matchers.annotatedWith(PUT.class)).or(Matchers.annotatedWith(DELETE.class)),
trimAndNullableInterceptor, logCall);
JUG Milano – Meeting #48 15
16. Evitare richieste duplicate
Problemi:
Ristrasmissioni
Doppi submit (anche Tripli...) da browser
Timeout lato client che scatena altre prove di richieste
Rimedi:
Hashtable con chiamate attualmente in corso
429 Too Many Requests (RFC 6585)
Infinispan con lock condiviso per sistemi cluster
JUG Milano – Meeting #48 16
17. Demo 3 – Richieste duplicate (uso)
@POST
@UniqueCallOnCluster
public Response getAccountBalance(@FormParam("fromuser")...
@POST
@UniqueCallOnCluster
public Response getAccountBalance(@KeyParameter
@FormParam("fromuser")...
JUG Milano – Meeting #48 17
18. Demo 3 – Richieste duplicate (Inter.)
public class UniqueCallOnClusterInterceptor implements MethodInterceptor {
...
public Object invoke(MethodInvocation invocation) throws Throwable {
String classname = invocation.getMethod().getDeclaringClass().getSimpleName();
String methodName = invocation.getMethod().getName();
String key = classname + "_" + methodName + "_" + extractParameterValue(invocation);
TransactionManager tm = keyCallOnClusterService.getTransactionManager();
tm.begin();
boolean success = keyCallOnClusterService.lock(key);
if (!success) {
logger.info("Non posso effettuare il lock sul cluster per la chiave {}.", key);
return Response.status(429).entity("Another call with same parameter is in progress.").build();
}
String runningServer = (String) keyCallOnClusterService.get(key);
if (runningServer != null) {
logger.info("Chiamata già in corso, server {}.", runningServer);
return Response.status(429).entity("Another call with same parameter is in progress.").build();
}
keyCallOnClusterService.put(key, "todo-hostname");
tm.commit();
...
return invocation.proceed();
...
keyCallOnClusterService.remove(key);
}
JUG Milano – Meeting #48 18
19. Demo 3 – Richieste duplicate (bind)
public class GuiceConfig extends GuiceServletContextListener {
@Override
protected Injector getInjector() {
return Guice.createInjector(new JerseyServletModule() {
@Override
protected void configureServlets() {
Map<String, String> params = new HashMap<String, String>();
params.put(PackagesResourceConfig.PROPERTY_PACKAGES, "org.example.demo");
...
filter("/*").through(GuiceContainer.class, params);
install(new Module() {
public void configure(Binder binder) {
UniqueCallOnClusterInterceptor uniqueCallOnClusterInterceptor =
new UniqueCallOnClusterInterceptor();
requestInjection(uniqueCallOnClusterInterceptor);
bindInterceptor(Matchers.any(), Matchers.annotatedWith(UniqueCallOnCluster.class),
uniqueCallOnClusterInterceptor);
JUG Milano – Meeting #48 19
Rel 1.1 Goals: POJO-based, HTTP-centric, Format Independence, Container Independence, Inclusion in Java EE. La release 2.0 si focalizza su HATEOAS e implementazioni client, ma anche su Validation, MVC, Async, Filters/Handlers, migliorie al Content Negotiation. Attualmente Early Draft Review 2.
@FormParam is slightly special because it extracts information from a request representation that is of the MIME media type &quot;application/x-www-form-urlencoded&quot;
Listener per la configurazione dell'injector (bind,AOP). Filter per il processing delle richieste.
Il log delle richieste già lo abbiamo sul access log del nostro webserver o application server. Ma per quanto riquarda il body in POST o PUT non ci viene in aiuto. Con questo Interceptor possiamo loggare sul nostro file applicativo le richieste che arrivano con tutti i parametri in input e il THREAD che evade la chiamata
RFC6585: Additional HTTP Status Codes, April 2012, tra le altre cose: 3. 428 Precondition 4. 429 Too Many Requests 5. 431 Request Header Fields Too Large 6. 511 Network Authentication Required