In October, Apache Isis became a top-level project after 2 years in the incubator. Isis is an interesting project. It's a Java framework for developing domain-driven and RESTful applications using the Naked Objects pattern.
How do you accommodate RESTful service composition patterns where identities need to be propagated across nested service invocations, or any RESTful Web service client that is not browser based for that matter? How should brokered authentication for such RESTful service calls be handled?
This week marks the release of DZone's 170th Refcard. Author Christian Posta is a Senior Consultant and Architect at Red Hat, the card's sponsor, and he took a few minutes to answer some questions we had about the authorship of the card.
Recently I tweeted as a #linktuesday link the 10 Worst API Practices post from ProgrammableWeb. The responses I got have been organized to form a list of useful API anti-patterns that you should watch out for.
Pirates are known for drawing treasure maps to their most prized possession. These documents detail the decisions pirates made in order to hide and find their chests of gold. As software engineers, programmers, and architects we need to treat software implementations much like our treasure chest.
Pushing RabbitMQ's scaling limits at myYearbook.com has provided good insight in how to scale RabbitMQ clusters while avoiding RabbitMQ's common pitfalls.
The use of Aspect oriented architecture greatly helped me define what components I needed to create and what each of those components could do.
Although certain RESTful web services are of a ‘public’ nature and do not have specific security requirements such as authentication and authorization, any service that has an entry point from an untrusted network is subject to attack and proper threat protection measures are always an essential consideration.
Service orientation is about agility. Without a resulting agility, there is no point of doing SOA. Unfortunately, enterprise SOA infrastructure initiatives sometimes fail in part because its security mechanisms and processes demolish any agility that was built into the SOA itself.
When I first started programming with Microsoft .Net (1.0 Framework) I had a strong desire to learn how search engines indexed web sites. I built a spider and I had no real idea what I could/should do with it until I found the MSN Search API.
I've gathered together a substantial list of useful resources for the best and worst practices when it comes to building an API. Hope you find this curated list very bookmarkable!
Apache Camel provides an event notifier support class which allows you to keep information about what happened on Exchange, Route and Endpoint. One of the benefits of this class is that you can easily audit messages created in Camel Routes, collect information and report that in log by example.
To simplify the development of Web projects on Apache Karaf/Apache ServiceMix, we have created archetypes to setup WAR or WAB projects. They are very basic but they can be enriched with framework like Struts 2, Wicket, plain JSP or MyFaces JSF
Is Product Management different when your product is an API? How do the key people in the API value chain set the tone for product management of APIs? Strategic and tactical considerations for planning, building, and evolving an API to make direct and indirect users successful.
In continuation with my earlier blog on Enabling SSL on Tomcat, in this blog I will go to next step and enable CLIENT-CERT based authorization on Tomcat.
In continuation of my earlier blogs Enabling CLIENT-CERT based authorization on Tomcat and Enabling SSL in Tomcat, in this blog I will demonstrate, how you can configure multiple application to control access to their web resources using CLIENT-CERT mechanism.
This talk explores how shared resources in other fields are managed for the common good, and draws analogies and lessons which can be applied to the shared ‘resource’ of a software architecture.
The most important question to be asked when developing a new software system is "How will we replace it?" It is however a question seldom asked.
How many of us have been forced to select one technology over another when designing a new system? What factors do we and should we consider? How can we ensure the correct business decision is made?
One of the common misconceptions about OAuth is that it provides identity federation by itself. Although supporting OAuth with federated identities is a valid pattern and is essential to many API providers, it does require the combination of OAuth with an additional federated authentication mechanism.
Learn the best practices for queuing algorithms and optimizations from the pros at Salesforce.com. They use several techniques to provide for low latencies and fair resource allocation even under widely varying traffic patterns and resource conditions.
It's important to check more than one source when comparing two technologies. Today we're taking a look at some messaging protocols, AMQP and MQTT.
Domain Specific Software Engineering (DSSE) believes that creating every application from nothing is not advantageous when existing systems can be leveraged to create the same application in less time and with less cost. This belief is founded in the idea that forcing applications to recreate exiting functionality is unnecessary.
Check out this quick snippet including the necessary code for registering an OSGi service in WSO2 Appfactory.