Presentation of RelProxy (mainly Java features) in Madrid Java User Group (MadridJUG) on January 28, 2015
Note: original was created with Google Presentations
FxContainer is the ONLY IoC Container written in JavaFX and specifically developed to be used in JavaFX applications. It is powerful, lightweight and 75K in footprint and open source.
Project website: https://fxobjects.dev.java.net
Making Java more dynamic: runtime code generation for the JVMRafael Winterhalter
While Java’s strict type system is a great help for avoiding programming errors, it also takes away some of the flexibility that developers appreciate when using dynamic languages. By using runtime code generation, it is possible to bring some of this flexibility back to the Java virtual machine. For this reason, runtime code generation is widely used by many state-of-the-art Java frameworks for implementing POJO-centric APIs but it also opens the door to assembling more modular applications. This presentation offers an introduction to the complex of runtime code generation and its use on the Java platform. Furthermore, it discusses the up- and downsides of several code generation libraries such as ASM, Javassist, cglib and Byte Buddy.
FxContainer is the ONLY IoC Container written in JavaFX and specifically developed to be used in JavaFX applications. It is powerful, lightweight and 75K in footprint and open source.
Project website: https://fxobjects.dev.java.net
Making Java more dynamic: runtime code generation for the JVMRafael Winterhalter
While Java’s strict type system is a great help for avoiding programming errors, it also takes away some of the flexibility that developers appreciate when using dynamic languages. By using runtime code generation, it is possible to bring some of this flexibility back to the Java virtual machine. For this reason, runtime code generation is widely used by many state-of-the-art Java frameworks for implementing POJO-centric APIs but it also opens the door to assembling more modular applications. This presentation offers an introduction to the complex of runtime code generation and its use on the Java platform. Furthermore, it discusses the up- and downsides of several code generation libraries such as ASM, Javassist, cglib and Byte Buddy.
Mastering Mock Objects - Advanced Unit Testing for JavaDenilson Nastacio
A high-level description of mock testing techniques and their implementation for the Java programming language.
This presentation specifically focus on the JMockit and JMock frameworks.
Java agents and their instrumentation API offer developers the most powerful toolset to interact with a Java application. Using this API, it becomes possible to alter the code of running applications, for example to add monitoring or to inject security checks as it is done by many enterprise products for the Java ecosystem.
In this session, developers will learn how to program Java agents of their own that make use of the instrumentation API. Doing so, developers learn how the majority of tooling for the JVM is implemented and will learn about Byte Buddy, a high level code generation library that does not require any knowledge of Java byte code that is normally required for writing agents. In the process, developers will see how Java classes can be used as templates for implementing highly performant code changes that avoid the boilerplate of alternative solutions such as AspectJ or Javassist while still performing better than agents implemented in low-level libraries such as ASM.
Serialization & De-serialization in JavaInnovationM
When you create a class, you may create an object for that particular class and once we execute/terminate the program, the object is destroyed by itself (Garbage Collector thread).
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Christian Schneider
In this session we begin with modelling the attack surface of Java deserialization, which often leads to remote code execution (RCE), by showcasing vulnerabilities we found in modern and widely used applications and frameworks. We extend existing research about risks of deserialization broadening the attack surface. After a live demo of getting a Meterpreter shell in a modern Java endpoint setup we delve into the exploitation styles for this vulnerability to lay the foundation of the first of three key takeaways for the attendees:
The first key takeaway is identification of test types that should be executed during a dynamic assessment of an application in order to find this kind of vulnerability. This includes analyzing the deserialization interface and using blackbox tests to create payloads with gadgets matching the application’s classpath to verify the RCE. Discussion extends to cover indirect deserialization interfaces that use non-binary data formats, such as XML-based interfaces, which can also act as a driver for deserialization within the application.
The next key takeaway covers the realm of static code analysis (SAST). We present code patterns security reviewers should look for when doing whitebox assessments of applications or frameworks. This is especially interesting for code offering dynamic functionality including AOP, generic mappings, reflection, interceptors, etc. - all of which have a high probability of including code that can facilitate as deserialization gadgets and thus help the attackers in exploiting deserialization vulnerabilities. In this section we present the techniques used to find the vulnerabilities within the popular frameworks showcased during the live demo at the session’s start.
Finally we conclude with tips on implementing different techniques of hardening measures for applications offering deserialisation interfaces (either direct binary deserialization interfaces or indirect XML-based ones) to give the attendees the third key takeaway: protecting applications properly. This includes ways to verify data integrity prior to deserialization and ways to properly inspect the data before it’s handled by the Java deserialization process.
--
This talk was presented by Christian Schneider & Alvaro Muñoz at the OWASP BeNeLux Day 2016.
With its ninth version, the Java platform has shifted gear and introduced biyearly releases. This was followed by a license change where Oracle, the steward of Java, now publishes a commercial and a non-commercial release of the Java virtual machine while other vendors took more space to promote their alternative builds of the OpenJDK. And in another flood of news, the Java EE specification was terminated and resolved into the Jakarta EE namespace.
A lot has been happening in the traditionally conservative Java ecosystem, to say the least, and many users are wondering if they still can rely on the platform. This talk gives an overview of the Java ecosystem, summarizes the changes that have been, that to expect and why the evolution of the platform is good news to the community.
Spring Certification Questions and Spring Free test are tests created to demonstrate all the functions of our mock exams. You will be able to access ten full questions and will have ten minutes of time for finishing the test.
There are several components you can interact with when you take our mock exams:
Take a look at the progress bar at the top; it will tell how you are progressing through the exam.
Read the question and select only the answers you think are correct by checking the corresponding check box.
Navigate the spring questions using the "Previous" and "Next" buttons.
Mark the spring questions you wish to review later. All the questions you have marked will be listed on the right in the section "marked questions". You will be able to jump directly to the question from this list.
If you want to take a look at the correct answers for a question, just click the "Solution" button. In the solution section you will be able to check your answers as well as find a full explanation of the question.
Keep an eye on the countdown. This will tell you how much time is remaining. When the countdown expires, the test will be automatically submitted.
Once the test is submitted, the "result" section will expand. Here, you will be able to review all the questions of the test. From here, you can also navigate directly to each question.
Talk given by Pierre Ernst, Product Security Lead at Salesforce, at Hack Fest 2016 on November 2016
Pierre Ernst has 20 years of professional experience in building and breaking applications. His current focus is helping organisations improve their security posture by playing both offense and defense. In his spare time, he still enjoys finding high-value vulnerabilities and tries to make open source components more secure using his weapon of choice: code review. His favorite research topics include: weaponizing XML External Entity (XXE) attacks and XPath injections, finding novel ways of triggering hash table collisions and exploiting all sorts of deserialization technologies.
Fixing the Java Serialization mess
Deserializing untrusted input with Java has been known to be a risky proposition for at least 10 years. More recently, several vulnerabilities exploiting this flaw have been published. These deserialization vulnerabilities can be divided into 2 groups: endpoints allowing deserialization of arbitrary classes known to the application, or serialization “gadgets” allowing to weaponize malicious input for these endpoints. When it comes to fixing this class of vulnerabilities, it is hard to reach a consensus: some library maintainers consider that there is no point fixing the “gadgets” and that all application should simply stop accepting serialized input. Easier said than done…
While the root cause of the issue lies with a lenient Java API (not allowing to specify which class is to be deserialized), we need an immediate fix. This is why Pierre Ernst came up with the seminal “Look-ahead Java deserialization” concept in 2013.
During this talk, the current look-ahead implementation will be bypassed with a live demo, and a more robust mitigation will be presented.
Lecture 6 from the IAG0040 Java course in TTÜ.
See the accompanying source code written during the lectures: https://github.com/angryziber/java-course
Gives an overview how a software developer should organize their daily work, apart from technical skills.
Introduces Agile software development practices from XP and Scrum.
Adding a modern twist to legacy web applicationsJeff Durta
Avoid misery of working with legacy code
We will see how you can add independent and isolated components to existing pages; pages that may be difficult to change
React and Flux allow you to make self-contained additions that handle their own data access/persistence
Mastering Mock Objects - Advanced Unit Testing for JavaDenilson Nastacio
A high-level description of mock testing techniques and their implementation for the Java programming language.
This presentation specifically focus on the JMockit and JMock frameworks.
Java agents and their instrumentation API offer developers the most powerful toolset to interact with a Java application. Using this API, it becomes possible to alter the code of running applications, for example to add monitoring or to inject security checks as it is done by many enterprise products for the Java ecosystem.
In this session, developers will learn how to program Java agents of their own that make use of the instrumentation API. Doing so, developers learn how the majority of tooling for the JVM is implemented and will learn about Byte Buddy, a high level code generation library that does not require any knowledge of Java byte code that is normally required for writing agents. In the process, developers will see how Java classes can be used as templates for implementing highly performant code changes that avoid the boilerplate of alternative solutions such as AspectJ or Javassist while still performing better than agents implemented in low-level libraries such as ASM.
Serialization & De-serialization in JavaInnovationM
When you create a class, you may create an object for that particular class and once we execute/terminate the program, the object is destroyed by itself (Garbage Collector thread).
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Christian Schneider
In this session we begin with modelling the attack surface of Java deserialization, which often leads to remote code execution (RCE), by showcasing vulnerabilities we found in modern and widely used applications and frameworks. We extend existing research about risks of deserialization broadening the attack surface. After a live demo of getting a Meterpreter shell in a modern Java endpoint setup we delve into the exploitation styles for this vulnerability to lay the foundation of the first of three key takeaways for the attendees:
The first key takeaway is identification of test types that should be executed during a dynamic assessment of an application in order to find this kind of vulnerability. This includes analyzing the deserialization interface and using blackbox tests to create payloads with gadgets matching the application’s classpath to verify the RCE. Discussion extends to cover indirect deserialization interfaces that use non-binary data formats, such as XML-based interfaces, which can also act as a driver for deserialization within the application.
The next key takeaway covers the realm of static code analysis (SAST). We present code patterns security reviewers should look for when doing whitebox assessments of applications or frameworks. This is especially interesting for code offering dynamic functionality including AOP, generic mappings, reflection, interceptors, etc. - all of which have a high probability of including code that can facilitate as deserialization gadgets and thus help the attackers in exploiting deserialization vulnerabilities. In this section we present the techniques used to find the vulnerabilities within the popular frameworks showcased during the live demo at the session’s start.
Finally we conclude with tips on implementing different techniques of hardening measures for applications offering deserialisation interfaces (either direct binary deserialization interfaces or indirect XML-based ones) to give the attendees the third key takeaway: protecting applications properly. This includes ways to verify data integrity prior to deserialization and ways to properly inspect the data before it’s handled by the Java deserialization process.
--
This talk was presented by Christian Schneider & Alvaro Muñoz at the OWASP BeNeLux Day 2016.
With its ninth version, the Java platform has shifted gear and introduced biyearly releases. This was followed by a license change where Oracle, the steward of Java, now publishes a commercial and a non-commercial release of the Java virtual machine while other vendors took more space to promote their alternative builds of the OpenJDK. And in another flood of news, the Java EE specification was terminated and resolved into the Jakarta EE namespace.
A lot has been happening in the traditionally conservative Java ecosystem, to say the least, and many users are wondering if they still can rely on the platform. This talk gives an overview of the Java ecosystem, summarizes the changes that have been, that to expect and why the evolution of the platform is good news to the community.
Spring Certification Questions and Spring Free test are tests created to demonstrate all the functions of our mock exams. You will be able to access ten full questions and will have ten minutes of time for finishing the test.
There are several components you can interact with when you take our mock exams:
Take a look at the progress bar at the top; it will tell how you are progressing through the exam.
Read the question and select only the answers you think are correct by checking the corresponding check box.
Navigate the spring questions using the "Previous" and "Next" buttons.
Mark the spring questions you wish to review later. All the questions you have marked will be listed on the right in the section "marked questions". You will be able to jump directly to the question from this list.
If you want to take a look at the correct answers for a question, just click the "Solution" button. In the solution section you will be able to check your answers as well as find a full explanation of the question.
Keep an eye on the countdown. This will tell you how much time is remaining. When the countdown expires, the test will be automatically submitted.
Once the test is submitted, the "result" section will expand. Here, you will be able to review all the questions of the test. From here, you can also navigate directly to each question.
Talk given by Pierre Ernst, Product Security Lead at Salesforce, at Hack Fest 2016 on November 2016
Pierre Ernst has 20 years of professional experience in building and breaking applications. His current focus is helping organisations improve their security posture by playing both offense and defense. In his spare time, he still enjoys finding high-value vulnerabilities and tries to make open source components more secure using his weapon of choice: code review. His favorite research topics include: weaponizing XML External Entity (XXE) attacks and XPath injections, finding novel ways of triggering hash table collisions and exploiting all sorts of deserialization technologies.
Fixing the Java Serialization mess
Deserializing untrusted input with Java has been known to be a risky proposition for at least 10 years. More recently, several vulnerabilities exploiting this flaw have been published. These deserialization vulnerabilities can be divided into 2 groups: endpoints allowing deserialization of arbitrary classes known to the application, or serialization “gadgets” allowing to weaponize malicious input for these endpoints. When it comes to fixing this class of vulnerabilities, it is hard to reach a consensus: some library maintainers consider that there is no point fixing the “gadgets” and that all application should simply stop accepting serialized input. Easier said than done…
While the root cause of the issue lies with a lenient Java API (not allowing to specify which class is to be deserialized), we need an immediate fix. This is why Pierre Ernst came up with the seminal “Look-ahead Java deserialization” concept in 2013.
During this talk, the current look-ahead implementation will be bypassed with a live demo, and a more robust mitigation will be presented.
Lecture 6 from the IAG0040 Java course in TTÜ.
See the accompanying source code written during the lectures: https://github.com/angryziber/java-course
Gives an overview how a software developer should organize their daily work, apart from technical skills.
Introduces Agile software development practices from XP and Scrum.
Adding a modern twist to legacy web applicationsJeff Durta
Avoid misery of working with legacy code
We will see how you can add independent and isolated components to existing pages; pages that may be difficult to change
React and Flux allow you to make self-contained additions that handle their own data access/persistence
Adding a modern twist to legacy web applicationsJeff Durta
Avoid misery of working with legacy code
We will see how you can add independent and isolated components to existing pages; pages that may be difficult to change
React and Flux allow you to make self-contained additions that handle their own data access/persistence
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
4. What is?
● A simple Java and Groovy automatic class reloader
from source
o In development … and production if you want
● Converts pure Java on the fastest scripting language
o Compiling on demand, not a new language like BeanShell
o Including an interactive shell
7. Why?
● Envy of Groovy’s “false” scripting
● Groovy is NOT really a scripting/interpreted language, it
“just” compiles on the fly to conventional Java bytecode
o More correctly Groovy is a dynamic language
● I realized this when making an example of embedding
Groovy on ItsNat web framework
8. Why?
● Envy for automatic class reload of other web
frameworks & dynamic langs with just a page reload
● Auto context reloading (Tomcat etc) is TEDIOUS
o Everything is reloaded per file save => slowing all and PermGen
o Session is lost, start again and again
● ItsNat, a Java based web framework, asked his father
for support of automatic class reloading
o It suffers of “me too” syndrome
o Very soon I realized it could be an independent project
10. How it works
● The Java Reload Proxy
● A shell scripting language named Java
● JSR-223 Java Scripting API
● Bonus: Groovy loves Java. The Groovy Reload Proxy
12. The Java Reload Proxy
GOAL:
Automatic recompile and reload changed source
files/classes in web with a simple page reload
WITHOUT CONTEXT RELOADING!!
DISABLE IT!! => read the Manual
13. The Java Reload Proxy
InvocationHandler
VersionedObject Object
JProxyEngine
Change
Detector And
Compiler
Class
Reloader
java.lang.ref
lect.Proxy
public
method
invoked
ask
reload
needed
reload
JProxyClass
Loader
new
instance
versioned
method
called
14. The Java Reload Proxy
● Advantages over JVM HotSwap in Debug
o JVM standard HotSwap is limited to change method bodies
RelProxy/JProxy gives you more freedom, even add new classes
● Advantages over Context Reloading
o Context Reloading reloads ANYTHING
RelProxy only loads a subset of your code
o In CR session is lost
o In CR, in practice, reloading happens per file save
15. The Java Reload Proxy
● Everything cannot and should not be reloaded
o Server state must be kept when source code is changed
o Reloading data hold by singletons is dangerous
● Stateless/functional classes are candidates for
reloading
o In ItsNat, code doing page load/event rendering on request, that is
code dependent from ItsNatServletRequestListener
o The method
public void processRequest(ItsNatServletRequest request,ItsNatServletResponse response)
o is called on page load time
16. The Java Reload Proxy
package example.javaex;
import org.itsnat.core.event.ItsNatServletRequestListener;
import org.itsnat.core.ItsNatServletRequest;
import org.itsnat.core.ItsNatServletResponse;
import org.itsnat.core.html.ItsNatHTMLDocument;
public class JProxyExampleLoadListener implements ItsNatServletRequestListener
{
protected FalseDB db;
public JProxyExampleLoadListener() { }
public JProxyExampleLoadListener(FalseDB db) { this.db = db; }
public void processRequest(ItsNatServletRequest request, ItsNatServletResponse response)
{
System.out.println("JProxyExampleLoadListener 1 " + this.getClass().getClassLoader().hashCode());
new example.javaex.JProxyExampleDocument(request,(ItsNatHTMLDocument)request.getItsNatDocument(),db);
}
}
17. The Java Reload Proxy
FalseDB db = new FalseDB();
String pathPrefix = context.getRealPath("/") + "/WEB-INF/jproxyex/pages/";
ItsNatDocumentTemplate docTemplate;
docTemplate = itsNatServlet.registerItsNatDocumentTemplate("jproxyex","text/html",
pathPrefix + "jproxyex.html");
ItsNatServletRequestListener listener = new example.javaex.JProxyExampleLoadListener(db);
docTemplate.addItsNatServletRequestListener(listener);
● In a conventional ItsNat web application,
JProxyExampleLoadListener is a singleton
registered with something like this:
18. The Java Reload Proxy
public void processRequest(ItsNatServletRequest request, ItsNatServletResponse response)
{
System.out.println("JProxyExampleLoadListener 10 " + this.getClass().getClassLoader().hashCode());
new example.javaex.JProxyExampleDocument(request,(ItsNatHTMLDocument)request.getItsNatDocument(),db);
}
● Remember the JProxyExampleLoadListener code:
● If we are able of reloading JProxyExampleLoadListener we are also able to fully reload
JProxyExampleDocument and dependent code on a page load =>VIEW LOGIC RELOADED
Every page reload
creates a new instance
19. The Java Reload Proxy
Because JProxyExampleLoadListener is a singleton
we can reload the code => fields must not change (state)
Q) How can we detect source code changes of the
singleton class and related classes and apply them in real
time?
A) Registering a proxy instead of the original singleton,
when a method is called, it is performed on the proxy
instead of the original Java object => reload classes
This is why com.innowhere.relproxy.jproxy.JProxy exists
20. The Java Reload Proxy
package example.javaex;
import java.io.File;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;
import javax.servlet.*;
import javax.tools.Diagnostic;
import javax.tools.DiagnosticCollector;
import javax.tools.JavaFileObject;
import org.itsnat.core.event.ItsNatServletRequestListener;
import org.itsnat.core.http.HttpServletWrapper;
● Configuration in the servlet
o Part of this code can be put in a ServletContextListener
21. The Java Reload Proxy
import org.itsnat.core.tmpl.ItsNatDocumentTemplate;
import com.innowhere.relproxy.RelProxyOnReloadListener;
import com.innowhere.relproxy.jproxy.*;
public class JProxyExampleServlet extends HttpServletWrapper
{
public JProxyExampleServlet() { }
@Override
public void init(ServletConfig config) throws ServletException
{
super.init(config);
ServletContext context = getServletContext();
String realPath = context.getRealPath("/");
String inputPath = realPath + "/WEB-INF/javaex/code/";
String classFolder = null; // Optional: context.getRealPath("/") + "/WEB-INF/classes";
Iterable<String> compilationOptions = Arrays.asList(new String[]{"-source","1.6","-target","1.6"});
long scanPeriod = 300;
JProxy config params
Java sources to reload
are here!!
22. The Java Reload Proxy
RelProxyOnReloadListener proxyListener = new RelProxyOnReloadListener() {
@Override
public void onReload(Object objOld, Object objNew, Object proxy, Method method, Object[] args) {
System.out.println("Reloaded " + objNew + " Calling method: " + method);
}
};
JProxyInputSourceFileExcludedListener excludedListener = new JProxyInputSourceFileExcludedListener() {
@Override
public boolean isExcluded(File file, File rootFolderOfSources) { return false; }
};
JProxyCompilerListener compilerListener = new JProxyCompilerListener(){
@Override
public void beforeCompile(File file) { System.out.println("Before compile: " + file); }
@Override
public void afterCompile(File file) { System.out.println("After compile: " + file); }
};
Listener monitor of class
reloading
Listener monitor of file
compiling
Filter for excluding files
of reloading
25. The Java Reload Proxy
String pathPrefix = context.getRealPath("/") + "/WEB-INF/javaex/pages/";
ItsNatDocumentTemplate docTemplate;
docTemplate = itsNatServlet.registerItsNatDocumentTemplate("javaex","text/html",
pathPrefix + "javaex.html");
FalseDB db = new FalseDB();
ItsNatServletRequestListener listener = JProxy.create(
new example.javaex.JProxyExampleLoadListener(db),ItsNatServletRequestListener.class);
docTemplate.addItsNatServletRequestListener(listener);
}
}
Registers ItsNat HTML
template
Proxy creation wrapping
the load listener singleton
Registering the load listener
singleton associated to the
template
26. The Java Reload Proxy
● FalseDB and related are not reloaded in this example
o It is not proxied and is an external dependency
● Just calling setEnabled(false) in production and
performance impact is ZERO
● JProxy is ItsNat agnostic
o In spite of previous example is based on ItsNat
● JProxy can be used in similar use cases in your Java
project
o Web or not web
31. How JProxy can help you in
development time, a GWT example
● We can define normal Java source code folders as
reloadable
o No need of source code below WEB-INF/
o No need to publish source code in production
o Of course this is NOT valid for production
● We will show this feature through a GWT-RPC example
● Download and install Eclipse (Luna is supposed) and
Google Plugin for Eclipse
● Create a GWT-RPC project
o Select New/Other/Google/Web Application Project
o Add relproxy-x.y.z.jar to WEB-INF/lib
32. How JProxy can help you in
development time, a GWT example
● Structure generated
o Name/package relproxy_ex_gwt/com.innowhere.relproxyexgwt
relproxy_ex_gwt (root folder of project)
src/com/innowhere/relproxyexgwt
client
GreetingService.java
GreetingServiceAsync.java
Relproxy_ex_gwt.java
server
GreetingServiceImpl.java
shared
FieldVerifier.java
Relproxy_ex_gwt.gwt.xml
33. How JProxy can help you in
development time, a GWT example
● We are only be able to reload classes executed in server
o Classes below server/ folder
o That is, the servlet GreetingServiceImpl.java
● Initial code of GreetingServiceImpl
package com.innowhere.relproxyexgwt.server;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
import com.innowhere.relproxyexgwt.client.GreetingService;
import com.innowhere.relproxyexgwt.shared.FieldVerifier;
/**
* The server side implementation of the RPC service.
*/
@SuppressWarnings("serial")
public class GreetingServiceImpl extends RemoteServiceServlet implements GreetingService {
34. How JProxy can help you in
development time, a GWT example
public String greetServer(String input) throws IllegalArgumentException {
// Verify that the input is valid.
if (!FieldVerifier.isValidName(input)) {
// If the input is not valid, throw an IllegalArgumentException back to
// the client.
throw new IllegalArgumentException("Name must be at least 4 characters long");
}
String serverInfo = getServletContext().getServerInfo();
String userAgent = getThreadLocalRequest().getHeader("User-Agent");
// Escape data from the client to avoid cross-site script vulnerabilities.
input = escapeHtml(input);
userAgent = escapeHtml(userAgent);
return "Hello, " + input + "!<br><br>I am running " + serverInfo +
".<br><br>It looks like you are using:<br>" + userAgent;
}
35. How JProxy can help you in
development time, a GWT example
/**
* Escape an html string. Escaping data received from the client helps to
* prevent cross-site script vulnerabilities.
*
* @param html the html string to escape
* @return the escaped string
*/
private String escapeHtml(String html) {
if (html == null) {
return null;
}
return html.replaceAll("&", "&").replaceAll("<", "<").replaceAll(">", ">");
}
}
● Converted to use JProxy...
36. How JProxy can help you in
development time, a GWT example
package com.innowhere.relproxyexgwt.server;
import java.io.File;
import java.lang.reflect.Method;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.tools.*;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
import com.innowhere.relproxy.RelProxyOnReloadListener;
import com.innowhere.relproxy.jproxy.*;
import com.innowhere.relproxyexgwt.client.GreetingService;
/**
* The server-side implementation of the RPC service.
*/
@SuppressWarnings("serial")
public class GreetingServiceImpl extends RemoteServiceServlet implements
GreetingService {
37. How JProxy can help you in
development time, a GWT example
protected GreetingServiceDelegate delegate;
public void init(ServletConfig config) throws ServletException {
super.init(config);
ServletContext context = config.getServletContext();
String inputPath = context.getRealPath("/") + "/../src/";
JProxyInputSourceFileExcludedListener excludedListener =
new JProxyInputSourceFileExcludedListener() {
@Override
public boolean isExcluded(File file, File rootFolder) {
String absPath = file.getAbsolutePath();
if (file.isDirectory()) return absPath.endsWith(File.separatorChar + "client") ||
absPath.endsWith(File.separatorChar + "shared");
else return absPath.endsWith(GreetingServiceDelegate.class.getSimpleName() + ".java") ||
absPath.endsWith(GreetingServiceImpl.class.getSimpleName() + ".java");
}
};
Your source !!
Folders excluded
Concrete files excluded
38. How JProxy can help you in
development time, a GWT example
String classFolder = null; // Optional: context.getRealPath("/") + "/WEB-INF/classes";
Iterable<String> compilationOptions =
Arrays.asList(new String[]{"-source","1.6","-target","1.6"});
long scanPeriod = 300;
RelProxyOnReloadListener proxyListener = new RelProxyOnReloadListener() {
public void onReload(Object objOld,Object objNew,Object proxy,Method method,Object[] args){
System.out.println("Reloaded " + objNew + " Calling method: " + method);
}
};
JProxyCompilerListener compilerListener = new JProxyCompilerListener(){
public void beforeCompile(File file) {
System.out.println("Before compile: " + file);
}
public void afterCompile(File file) {
System.out.println("After compile: " + file);
}
};
39. How JProxy can help you in
development time, a GWT example
JProxyDiagnosticsListener diagnosticsListener = new JProxyDiagnosticsListener() {
public void onDiagnostics(DiagnosticCollector<JavaFileObject> diagnostics) {
List<Diagnostic<? extends JavaFileObject>> diagList = diagnostics.getDiagnostics();
int i = 1;
for (Diagnostic diagnostic : diagList) {
System.err.println("Diagnostic " + i);
System.err.println(" code: " + diagnostic.getCode());
System.err.println(" kind: " + diagnostic.getKind());
System.err.println(" line number: " + diagnostic.getLineNumber());
System.err.println(" column number: " + diagnostic.getColumnNumber());
System.err.println(" start position: " + diagnostic.getStartPosition());
System.err.println(" position: " + diagnostic.getPosition());
System.err.println(" end position: " + diagnostic.getEndPosition());
System.err.println(" source: " + diagnostic.getSource());
System.err.println(" message: " + diagnostic.getMessage(null));
i++;
}
}
};
40. How JProxy can help you in
development time, a GWT example
JProxyConfig jpConfig = JProxy.createJProxyConfig();
jpConfig.setEnabled(true)
.setRelProxyOnReloadListener(proxyListener)
.setInputPath(inputPath)
.setJProxyInputSourceFileExcludedListener(excludedListener)
.setScanPeriod(scanPeriod)
.setClassFolder(classFolder)
.setCompilationOptions(compilationOptions)
.setJProxyCompilerListener(compilerListener)
.setJProxyDiagnosticsListener(diagnosticsListener);
JProxy.init(jpConfig);
this.delegate = JProxy.create(
new GreetingServiceDelegateImpl(this),GreetingServiceDelegate.class);
} // init
41. How JProxy can help you in
development time, a GWT example
public String greetServer(String input) throws IllegalArgumentException {
try {
return delegate.greetServer(input);
}
catch(IllegalArgumentException ex) {
ex.printStackTrace();
throw ex;
}
catch(Exception ex) {
ex.printStackTrace();
throw new RuntimeException(ex);
}
}
public HttpServletRequest getThreadLocalRequestPublic() {
return getThreadLocalRequest();
}
}
42. How JProxy can help you in
development time, a GWT example
● GreetingServiceImpl is a servlet, therefore a
singleton in practice, we cannot reload this singleton
● This is why we have moved the code to
GreetingServiceDelegateImpl
o implementing the interface GreetingServiceDelegate
● This new delegation singleton is registered on JProxy
and can be reloaded
this.delegate = JProxy.create(
new GreetingServiceDelegateImpl(this),GreetingServiceDelegate.class);
43. How JProxy can help you in
development time, a GWT example
● When a source change is detected JProxy needs to
reload dependent classes in a new class loader
● But the servlet GreetingServiceImpl cannot be
reloaded, neither client and shared classes, nor
GreetingServiceDelegate => EXCLUDED
public boolean isExcluded(File file, File rootFolder) {
String absPath = file.getAbsolutePath();
if (file.isDirectory()) return absPath.endsWith(File.separatorChar + "client") ||
absPath.endsWith(File.separatorChar + "shared");
else return absPath.endsWith(GreetingServiceDelegate.class.getSimpleName() + ".java") ||
absPath.endsWith(GreetingServiceImpl.class.getSimpleName() + ".java");
}
44. How JProxy can help you in
development time, a GWT example
● GreetingServiceDelegateImpl is basically the
same as the original servlet generated
package com.innowhere.relproxyexgwt.server;
import com.innowhere.relproxyexgwt.shared.FieldVerifier;
public class GreetingServiceDelegateImpl implements GreetingServiceDelegate
{
protected GreetingServiceImpl parent;
public GreetingServiceDelegateImpl() { } // Needed by JProxy
public GreetingServiceDelegateImpl(GreetingServiceImpl parent) {
this.parent = parent;
}
45. How JProxy can help you in
development time, a GWT example
public String greetServer(String input) throws IllegalArgumentException {
// Verify that the input is valid.
if (!FieldVerifier.isValidName(input)) {
throw new IllegalArgumentException("Name must be at least 4 characters long");
}
String serverInfo = parent.getServletContext().getServerInfo();
String userAgent = parent.getThreadLocalRequestPublic().getHeader("User-Agent");
input = escapeHtml(input);
userAgent = escapeHtml(userAgent);
return "Hello, " + input + "!<br><br>I am running " + serverInfo
+ ".<br><br>It looks like you are using:<br>" + userAgent;
}
private String escapeHtml(String html) {
if (html == null) { return null; }
return html.replaceAll("&", "&").replaceAll("<", "<")
.replaceAll(">", ">");
}
}
46. How JProxy can help you in
development time, a GWT example
● Run this example
o Run As / Web Application / GWT Super Dev Mode
● Open http://127.0.0.1:8888/Relproxy_ex_gwt.html
47. How JProxy can help you in
development time, a GWT example
48. How JProxy can help you in
development time, a GWT example
● Click on the “Close” button
● Modify in Eclipse GreetingServiceDelegateImpl
o just change "Hello" by "Hello <b>BROTHER</b>" and save:
return "Hello <b>BROTHER</b>, " + input + "!<br><br>I am running " + serverInfo
+ ".<br><br>It looks like you are using:<br>" + userAgent;
● Click again on “Send to Server” button
o The RPC callback will be called
o In this example a page reload is not needed
49. How JProxy can help you in
development time, a GWT example
51. A shell scripting lang named Java
● Your JDK includes a built-in API for compiling Java files
o Since Java 1.6
o The compiler API used by web app servers to compile servlets and
JSPs when changed (previously generated as servlet)
● RelProxy includes a script named jproxysh to execute
Java from source code
o Supported Windows and Unixes
● To execute code like this:
(file example_java_shell)
#!/usr/bin/env jproxysh
String msg = args[0] + args[1];
System.out.println(msg);
System.out.println("example_java_shell 1 ");
example.javashellex.JProxyShellExample.exec();
52. A shell scripting lang named Java
● Obviously Java code is the code in main method
● jproxysh must be in PATH
● JAVA_HOME and CLASSPATH standard environment
variables must be defined
o CLASSPATH must include relproxy-X.Y.jar
● This is the expected hierarchy in this example
<root_folder>
example_java_shell (file)
example (folder)
javashellex (folder)
JProxyShellExample.java (file)
53. A shell scripting lang named Java
● Configuration options are defined by using environment
variables
● Example:
export JAVA_OPTS="-client -Xmx100m"
export JPROXYSH_CACHE_CLASS_FOLDER="/tmp/java_shell_test_classes"
export JPROXYSH_COMPILATION_OPTIONS="-source 1.6 -target 1.6"
./example_java_shell "HELLO " "WORLD!"
Not really needed (just an ex.)
To avoid recompiling (optional)
54. A shell scripting lang named Java
● Nothings prevents of executing a complete root class
o File example_java_shell_complete_class
#!/usr/bin/env jproxysh
import example.javashellex.JProxyShellExample;
public class example_java_shell_complete_class {
public static void main(String[] args) {
String msg = args[0] + args[1];
System.out.println(msg);
System.out.println("example_java_shell_complete_class 1 ");
JProxyShellExample.exec();
}
}
55. A shell scripting lang named Java
● Of course a conventional root class is valid
o Yes you can execute a conventional Java program from source code!!
jproxysh $PROJECT/code/example_normal_class.java "HELLO " "WORLD!"
● Or just a code snippet
jproxysh -c 'System.out.print("This code snippet says: ");'
'System.out.println("Hello World!!");'
● Or just start an interactive shell
jproxysh
57. JSR-223 Java Scripting API
● Yes RelProxy provides an implementation of JSR-223
API for a scripting language named “Java” or “FuckYou”
JProxyConfig jpConfig = ...;
JProxyScriptEngineFactory factory = JProxyScriptEngineFactory.create();
ScriptEngineManager manager = new ScriptEngineManager();
manager.registerEngineName("Java", factory);
manager.getBindings().put("msg","HELLO GLOBAL WORLD!");
ScriptEngine engine = manager.getEngineByName("Java");
((JProxyScriptEngine)engine).init(jpConfig);
try
{
Bindings bindings = engine.createBindings();
bindings.put("msg","HELLO ENGINE SCOPE WORLD!");
StringBuilder code = new StringBuilder();
JProxyScriptEngine
has the same API as
JProxy + eval(...)