Apache Sling as an OSGi-powered REST middlewareRobert Munteanu
Apache Sling is an innovative web framework built on top of the Java Content Repository (JCR), that uses OSGi for its component model and fosters RESTful application design.
This presentation will showcase how the Apache Sling framework can be used to build a unified REST-based middleware for multiple data sources, such as MongoDB, Apache Cassandra, Apache Jackrabbit Oak or classical relational databases. In doing so it will present the benefits that come from a single Resource API over multiple data stores, both at the library level and at the HTTP boundary.
In this talk, we’ll discuss the benefits of the document-based data model that MongoDB offers by walking through how one can build a simple app. We'll show you how to design a full-blown RSS Aggregation service to replace the loss the world suffered when Google Reader was shutdown.
We'll dive deeper into topics, such as how to model your data and create your REST API using MongoDB, Express.js and Node.js (core components of the MEAN stack). This session will jumpstart your development knowledge of MongoDB.
SOAP Web Services have a well established role in the enterprise, but aside from the many benefits of the WS-* standards, SOAP and XML also carry additional baggage for developers. Consequently, REST Web Services are gaining tremendous popularity within the developer community. This session will begin by comparing and contrasting the basic concepts of both SOAP and REST Web Services. Building on that foundation, Sam Brannen will show attendees how to implement SOAP-based applications using Spring-WS 2.0. He will then demonstrate how to build a similar REST-ful application using Spring MVC 3.0. The session will conclude with an in-depth look at both server-side and client-side development as well as efficient integration testing of Web Services using the Spring Framework.
Apache Sling as an OSGi-powered REST middlewareRobert Munteanu
Apache Sling is an innovative web framework built on top of the Java Content Repository (JCR), that uses OSGi for its component model and fosters RESTful application design.
This presentation will showcase how the Apache Sling framework can be used to build a unified REST-based middleware for multiple data sources, such as MongoDB, Apache Cassandra, Apache Jackrabbit Oak or classical relational databases. In doing so it will present the benefits that come from a single Resource API over multiple data stores, both at the library level and at the HTTP boundary.
In this talk, we’ll discuss the benefits of the document-based data model that MongoDB offers by walking through how one can build a simple app. We'll show you how to design a full-blown RSS Aggregation service to replace the loss the world suffered when Google Reader was shutdown.
We'll dive deeper into topics, such as how to model your data and create your REST API using MongoDB, Express.js and Node.js (core components of the MEAN stack). This session will jumpstart your development knowledge of MongoDB.
SOAP Web Services have a well established role in the enterprise, but aside from the many benefits of the WS-* standards, SOAP and XML also carry additional baggage for developers. Consequently, REST Web Services are gaining tremendous popularity within the developer community. This session will begin by comparing and contrasting the basic concepts of both SOAP and REST Web Services. Building on that foundation, Sam Brannen will show attendees how to implement SOAP-based applications using Spring-WS 2.0. He will then demonstrate how to build a similar REST-ful application using Spring MVC 3.0. The session will conclude with an in-depth look at both server-side and client-side development as well as efficient integration testing of Web Services using the Spring Framework.
Consuming REST services with ActiveResourceWolfram Arnold
Talk given at the SF Ruby Meetup on 12/8/2011.
It references these github projects:
demo project:
git://github.com/wolframarnold/SFMeetup-Talk-on-ActiveResource-2011-12-08.git
server:
git://github.com/wolframarnold/where-have-you-been.git, branch: sfmeetup_2011_12_08
REST Easy - Building RESTful Services in Zend FrameworkChris Weldon
The epicenter of data sharing in "Web 2.0" are web services. Whether you like it or not, you are consuming literally hundreds of services a day, whether it be searching in Google, running Facebook on your mobile device, or searching the App Store on your tablet. Yet, despite our hunger for services, few have ever written one. In this session, you'll learn what are RESTful web services and how to get started creating them in Zend Framework.
Automating Your Daily Tasks with Scripting - RubyConf 2015 TaiwanAdler Hsieh
This talk aims to go through basic scripting skills in Ruby. Participants will have a better understanding in managing their daily tasks with scripting. For example, we can setup automated scripts to delete old files on a daily basis instead of doing it manually. These can be done with Bash, Perl and many other scripting languages, but among of which Ruby is better known for its readability. It is easier to write, maintain, and reuse. It saves some time on system management and allows us to put more focus on the projects.
Browsers nowadays are competing with operating systems as the next application development platform. The rapid development of Web 2.0 keeps pushing browser developers into implementing advanced features that allow the creation of interactive multimedia applications. This sets the grounds for a new fertile environment in which a new breed of malware can come to life. Malware that is OS and architecture independent, as covert as a cutting edge rootkit but at the same time implemented through a series of API\'s and a generous variety of high-level OOP languages simplifying the task
Consuming REST services with ActiveResourceWolfram Arnold
Talk given at the SF Ruby Meetup on 12/8/2011.
It references these github projects:
demo project:
git://github.com/wolframarnold/SFMeetup-Talk-on-ActiveResource-2011-12-08.git
server:
git://github.com/wolframarnold/where-have-you-been.git, branch: sfmeetup_2011_12_08
REST Easy - Building RESTful Services in Zend FrameworkChris Weldon
The epicenter of data sharing in "Web 2.0" are web services. Whether you like it or not, you are consuming literally hundreds of services a day, whether it be searching in Google, running Facebook on your mobile device, or searching the App Store on your tablet. Yet, despite our hunger for services, few have ever written one. In this session, you'll learn what are RESTful web services and how to get started creating them in Zend Framework.
Automating Your Daily Tasks with Scripting - RubyConf 2015 TaiwanAdler Hsieh
This talk aims to go through basic scripting skills in Ruby. Participants will have a better understanding in managing their daily tasks with scripting. For example, we can setup automated scripts to delete old files on a daily basis instead of doing it manually. These can be done with Bash, Perl and many other scripting languages, but among of which Ruby is better known for its readability. It is easier to write, maintain, and reuse. It saves some time on system management and allows us to put more focus on the projects.
Browsers nowadays are competing with operating systems as the next application development platform. The rapid development of Web 2.0 keeps pushing browser developers into implementing advanced features that allow the creation of interactive multimedia applications. This sets the grounds for a new fertile environment in which a new breed of malware can come to life. Malware that is OS and architecture independent, as covert as a cutting edge rootkit but at the same time implemented through a series of API\'s and a generous variety of high-level OOP languages simplifying the task
1. Isomorphic JavaScript is the pattern of running JavaScript code on both server & client.
2. People are using it for production today. Ask Facebook, Yahoo, Asana, Airbnb, Rising Stack, …
3. This is not another talk about NodeJS!
Intro to node.js - Ran Mizrahi (27/8/2014)Ran Mizrahi
Node.js is a platform built on Chrome V8 javascript runtime engine for building fast and scalable, non-blocking, real-time and network applications. In this session Ran will introduce node.js and how to develop large code bases using it. He'll cover the following aspects:
• What is node.js?
• Apache vs. Nginx performance (One thread per connection vs. event loop) and what it has to do with node.js.
• Why node was written in Javascript?
• Main tools and frameworks (Express, socket.io, mongoose etc.)
• TDD/BDD with node.js using mocha and Chai.
Ran Mizrahi, Founder of CoCycles, Passionate entrepreneur and software engineer who loves to continuously innovate and deliver meaningful products while having true fun with the right team.
Arabidopsis Information Portal, Developer Workshop 2014, IntroductionJasonRafeMiller
The Arabidopsis Information Portal (araport.org) is a resource for the plant genomics research community. The AIP conducts developer workshops to help other labs get involved. This presentation introduces the web site with a case study about contributing new module built around a legacy data set.
This session introduces the Spring Web Scripts and the Spring Surf framework describing how they are used to underpin the Alfresco Share user interface. As well as covering the basic concepts, this session will cover the history and future roadmap for the frameworks.
This session introduces the Spring Web Scripts and the Spring Surf framework describing how they are used to underpin the Alfresco Share user interface. As well as covering the basic concepts, this session will cover the history and future roadmap for the frameworks.
Palestra ministrada no OWASP Floripa Day - Florianópolis - SC |
A palestra tem como objetivo mostrar os conceitos e funcionamento de algumas funcionalidades que foram adicionadas ao HTML5, levando em consideração os aspectos de segurança do client-side. Para as funcionalidades destacadas, foram criados cenários de ataques visando ilustrar a obtenção de informações sensíves armazenadas no browser ou até mesmo usar o browser da vítima para lançar ataques contra outros sistemas. Através da exploração das funcionalidades existentes no HTML5, técnicas de exploração como XSS e CSRF, tornam-se mais poderosas e eficientes, sendo possível em alguns casos contornar algumas restrições do Same Origin Policiy (SOP).
The web has changed! Users spend more time on mobile than on desktops and expect to have an amazing user experience on both. APIs are the heart of the new web as the central point of access data, encapsulating logic and providing the same data and same features for desktops and mobiles. In this workshop, Antonio will show you how to create complex APIs in an easy and quick way using API Platform built on Symfony.
Angular jS Introduction by Google
A to Z angular introduction about Angular Framework which is single page application.
Angular JS and angular is very important for single page applications.
The web has changed! Users spend more time on mobile than on desktops and they expect to have an amazing user experience on both platforms. APIs are the heart of the new web as the central point of access data, encapsulating logic and providing the same data and same features for desktops and mobiles.
In this talk, I will show you how in only 45 minutes we can create full REST API, with documentation and admin application build with React.
RESTful API, nevidljiva spona koja spaja web-facing mobilne aplikacije sa online bazama podataka, server-side ishodište koje pokreće Javascript MVVM-based projekte često je nedovoljno istraženo područje čak i za iskusne programere. Ako vas zanima POST - PUT rat ili stvari poput idempotentnih nesigurnih metoda odgovore ćete pronaći u ovom predavanju.
Predavanje je održano 27. aprila 2014. godine u Beogradu na Google Code Day http://gcd.phpsrbija.rs/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
15. Today’s Web Applications
“Learning JavaScript used to
mean you weren't a serious
software developer.
Today, not learning Javascript
means the same thing.” -
Jens Ohlig
18. Same Origin Policy
• Important security concept within modern browsers
• Originally released with Netscape Navigator 2 (March 1996)
• Permits script tags, images, css from any site (origin)
• Permits XHR only from the same site (origin)
• Prevents access to most methods and properties across different sites
(origins)
22. JSONP
• Stands for JSON with Padding
• Script tags are exception to the Same Origin Policy
• Just loading a script with JSON data cannot help us (will be lost in the
global context)
• The padding allows us to wrap the result with a global callback
• The response will be evaluated by the JavaScript interpreter and invoked
24. Why not use JSONP?
• Only valid for GET requests
• Limited payload size
• Not flexible (no headers etc.)
• Insecure
• Causes IE to leak memory (most implementations)
26. CORS
• Stands for Cross Origin Resource Sharing
• A W3C spec that allows cross-domain communication from the browser
• Defines a way to determine whether or not to allow the cross-origin
request
• Works by adding new HTTP headers
28. Why not use CORS?
• Only IE9+ support it natively (IE8 only via XDomainRequest)
• Requires “preflights” for requests other than GET or POST (with certain
MIME types) and for JSON.
31. lpAjax to the rescue
• Developed in LivePerson
• Self contained (Vanilla JS)
• Easy to use
• Used by entire LivePerson clients as a transport layer
• Supports three main transport types: XHR, JSONP
AND
postMessage
32. Browser to server communications
url.com
api.liveperson.com
api.liveperson.com/pm.html
lpAjax postmessage client
pm.html
Postmessage server
xhr
33. lpAjax postMessage
• It works!!!
• Almost as fast as JSONP
• Can work with REST API’S
• Very small latency for first API call (iframe creation)
• Small latency for serialization of data for use with postMessage
• Beware: 401 Response Codes & failed requests issues
37. Backbone with lpAjax postMessage
• Backbone utilizes jQuery as a transport
• jQuery allows us to manipulate ajax transports at multiple levels
• $.ajaxPrefilters - Handle custom options/modify existing options before
request is processed by $.ajax()
• $.ajaxTransport - Creates an object that handles the actual transmission
of Ajax data and used by $.ajax() to issue requests
• Converters – to manipulate and parse the data returned from the
response
38. Our custom ajaxPrefilter
// Register jQuery Ajax Prefilter that detects cross-domain requests and set the request data-type to "postmessage".
$.ajaxPrefilter(function (options, originalOptions, jqXHR) {
// Get our current origin
var originBrowser = window.location;
// Get the API url origin
var originApi = document.createElement("a");
originApi.href = options.url;
// Skip Same Origin API URL's
if (originApi.hostname == originBrowser.hostname &&
originApi.port == originBrowser.port &&
originApi.protocol == originBrowser.protocol) {
return;
}
// If the domains aren't the same and this isn't a jsonp request, force the data-type of the request to "postmessage".
if ("jsonp" !== options.dataType.toLowerCase()) {
// Redirect to our “postmessage” temporary transport type
return "postmessage";
}
});
39. Our ajaxTransport Implementation
// Create the postmessage transport handler (which will proxy the request to lpAjax) and register it for handling postmessage
// (the '+' forces overriding any existing implementations for a transport).
$.ajaxTransport("+postmessage", function (options, originalOptions, jqXHR) {
// Remove the temporary transport dataType
options.dataTypes.shift();
return {
send:function (requestHeaders, done) {
// Build the request object based on what jQuery created for us so far
var req = $.extend({}, lpTag.taglets.lpAjax_request);
req.headers = requestHeaders;
req.method = originalOptions.type;
req.data = originalOptions.data;
req.url = options.url;
// Implement the success and error handlers
req.success = function (data) {
handlePostMessageResponse(data, done);
};
req.error = function (data) {
handlePostMessageResponse(data, done);
};
// Issue the request using lpAjax postMessage.
lpAjax.postmessage.issueCall(req);
},
abort:function () {}
};
}));
40. Implement the response handler
// Create the response handler for lpAjax to call
var handlePostMessageResponse = function (data, done) {
// Do any parsing on the response if needed - Here I do nothing for simplicity
// Now call the jQuery callback to return the response to jQuery handling
done(
data.code, // status,
data.status, // nativeStatusText,
data.body, // responses,
data.headers // headers
);
};
41. Backbone with lpAjax postMessage
“If you can’t explain it simply,
you don’t understand it well
enough.” -Leonardo Da Vinci
Creates each domain iframe only onceThere are browsers which already support postMessage with objects (with no need for serialization)401 response code will cause the browser to pop up an authentication (can be fixed by overriding the default WWW-Authenticate: Basic realm=“xxx”header) 8 consecutive failed requests from the same iframe will abort the iframe usage
Creates each domain iframe only onceThere are browsers which already support postMessage with objects (with no need for serialization)401 response code will cause the browser to pop up an authentication (can be fixed by overriding the default WWW-Authenticate: Basic realm=“xxx”header) 8 consecutive failed requests from the same iframe will abort the iframe usage
Creates each domain iframe only onceThere are browsers which already support postMessage with objects (with no need for serialization)401 response code will cause the browser to pop up an authentication (can be fixed by overriding the default WWW-Authenticate: Basic realm=“xxx”header) 8 consecutive failed requests from the same iframe will abort the iframe usage
Creates each domain iframe only onceThere are browsers which already support postMessage with objects (with no need for serialization)401 response code will cause the browser to pop up an authentication (can be fixed by overriding the default WWW-Authenticate: Basic realm=“xxx”header) 8 consecutive failed requests from the same iframe will abort the iframe usage
Creates each domain iframe only onceThere are browsers which already support postMessage with objects (with no need for serialization)401 response code will cause the browser to pop up an authentication (can be fixed by overriding the default WWW-Authenticate: Basic realm=“xxx”header) 8 consecutive failed requests from the same iframe will abort the iframe usage