Friday, June 20, 2014

IAM, un lusso che non possiamo (non) permetterci

Tre notizie fresche fresche, di questi giorni:
  1. Acquisti pubblica amministrazione, portale colabrodo. Dati personali aperti a tutti
  2. Truffa buste paga, 11 arresti a Palermo - Dipendenti società comune Palermo violavano sistema informatico
  3. Hanno forzato il sito dell’Invalsi, denunciati tre giovani
E questo è niente: con l'arrivo della fatturazione elettronica e (speriamo!) della dematerializzazione le cose diventeranno sempre più serie.

D'altronde, se Quattro italiani su dieci non hanno mai usato internet e pc (e almeno quattro dei rimanenti sei realizzano a fatica cosa vuol dire avere il telefonino sempre connesso a "Uozzap"), forse forse c'è qualcosa che non va.

La mia azienda si occupa di sicurezza delle identità e degli accessi (IAM il magico acronimo in inglese), roba che può sembrare abbastanza esotica al primo impatto.
Tant'è vero che non è per niente facile, andando su e giù per penisola, cercare di far capire a funzionari pubblici e responsabili privati perché hanno un grosso problema di sicurezza di cui non si sono ancora accorti.

Eppure non è difficile intuire, anche senza essere cultori della materia, che pubblicare un servizio su Internet - accessibile da tutto il mondo a qualsiasi ora - senza prendere adeguate misure è come andare in sella "alla bersagliera" (riferimento non colto? date un'occhiata al video qua sotto).

...oppure si può fare la figura(ccia) dell'ARIT.

Sunday, October 16, 2011

A new place for "Forte e Gentile"

The new place for the technical stuff is at Tirasa blog, where I have also copied all old posts from this blog.

See you there!

Wednesday, September 21, 2011

Getting started with Activiti (with Maven)

[See this post in the new blog]

Syncope needs a new workflow engine, for many good reasons: here's why I've started playing around with Activiti.

Activiti looks really interesting because of features and Apache 2.0 license; moreover, its spicy story makes it even more attractive.

Unfortunately, the documentation is fully Eclipse and ANT oriented: this sounds a bit cumbersome for people (like me, of course) used to be in love with Maven and quite allergic to the dark (hem, let's say, more in love with everything that used to be connected to the Sun).
Anyway, Activiti team did not forget completely the rest of us and is regularly publishing artifacts to Alfresco's repository.

Hence, I've downloaded the latest 5.7 version, got the source code examples, and wrote a simple multi-module Maven project, able to compile and run all tests defined. Source code is available at GitHub.

Friday, July 15, 2011

Cocoon 3 and Hippo CMS at work

[See this post in the new blog]

I recently presented some aspects of the renewed Apache Cocoon power through its latest (and not yet completed) release, 3.0.

Today I am going to present some features of the Hippo Cocoon Toolkit, whose aim is to provide an alternative, Cocoon 3.0 based, toolkit for building front-end web sites while relying upon Hippo CMS and Repository.

This project is still rather immature, but it already provides some interesting features like XML and PDF generation of documents stored in the Hippo repository.

HCT can be used either as standalone webapp - and in this case it takes control of the whole navigation - or embedded in the official Hippo Site Toolkit: this would allow to benefit from HCT's (and Apache Cocoon 3.0's) features while staying in the traditional way of dealing with Hippo-powered websites.

Here it follows what I did:
  1. generated a new project (I used archetype version 1.04.00 just to stay on the edge :-P)
    Update: as reported in Hippo wiki, "The archetypes for Hippo CMS 7.6 are in the 1.03.xx range and are production ready. The latest micro version of that range is the one you will want to use. Archetype versions in the 1.04.xx range are unstable development releases. Unless you want to check out the new and upcoming features we strongly advice you not to use these."
    This means that the code attached to this post is not meant to be used in any production environment.
  2. went to the CMS console web interface and added a couple of new sitemap items for news/**.xml and news/**.PDF (the capital PDF is needed because otherwise the HST components seem to try loading a PDF asset)
  3. wrote a couple of java classes - namely HST components - HCTXml and HCTPdf
  4. prepared a couple of JSPs to handle the results provided by the two new HST components

Both HST components inherit from a common abstract class in which a basic Cocoon 3 pipeline is set up; the relevant part of this source code is shown below:

final Pipeline<SAXPipelineComponent> pipeline =
                new NonCachingPipeline<SAXPipelineComponent>();

        pipeline.addComponent(new XMLGenerator("<hct:document "
                + "xmlns:hct=\"\" "
                + "path=\"" + hippoBean.getPath() + "\"/>"));

        final Map<String, String> hrtParams = new HashMap<String, String>();
        hrtParams.put(HippoRepositoryTransformer.PARAM_USERNAME, "admin");
        hrtParams.put(HippoRepositoryTransformer.PARAM_PASSWORD, "admin");
        final HippoRepositoryTransformer hrt = new HippoRepositoryTransformer();

A basic pipeline is created, starting with an XML string that simply contains a request that can be interpreted by the subsequent HippoRepositoryTransformer instance.
Note here that the repository URL and credentials are passed to the transformer and that the document is re-read from the repository while it is already contained in hippoBean: HCT is not yet mature, as written above...

Generating an XML output is now pretty straightforward:

final XMLSerializer serializer = XMLSerializer.createXMLSerializer();

        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
        try {
        } catch (Exception e) {
            throw new HstComponentException(e);

        request.setAttribute("xml", new String(baos.toByteArray()));

and (JSP):

<%@page contentType="text/xml" pageEncoding="UTF-8" trimDirectiveWhitespaces="true"%>
<%@ taglib uri="" prefix="c" %>
<c:out value="${requestScope.xml}" escapeXml="false"/>

Consider that you could add here an additional XSLT transformation to customize the XML output in the desired way.

Generating a PDF file requires a little more work, since an intermediary XSLT transformation from the source XML to XSL-FO (required by Apache FOP) is needed:

final Map<String, Object> params = new HashMap<String, Object>();
        params.put("scheme", request.getScheme());
        params.put("servername", request.getServerName());
        params.put("serverport", Integer.valueOf(request.getServerPort()));
        params.put("contextPath", request.getContextPath());
        final XSLTTransformer xslt = new XSLTTransformer(

        pipeline.addComponent(new FopSerializer());

        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
        try {
        } catch (Exception e) {
            throw new HstComponentException(e);

        request.setAttribute("pdfArray", baos.toByteArray());

and (JSP):

<%@page contentType="application/pdf" trimDirectiveWhitespaces="true"%>
    response.getOutputStream().write((byte[]) request.getAttribute(

To test all this, build and run the source code in the usual way and point your favorite browser to http://localhost:8080/site/news/.

Now you can click on one of the three news items shown, go to the address bar of your browser and replace .html with .xml or .PDF and you can get a raw XML and PDF view of your Hippo document.

Thursday, July 7, 2011

AOP – Spring – JPA for background threads / jobs

[See this post in the new blog]

I've recently come up to a very wicked problem in Syncope, and a saving blog post pointed me in the right direction:

Getting your persistence access right when working with background jobs in Spring can be tricky. Most people rely on the Open Session In View pattern using Filters or Interceptors that act on the regular app server threads and close and open sessions for each request.

Nevertheless, I had to refactor a bit the source code to be JPA 2.0 (and not strictly Hibernate) compliant: the result is available here. I have also added some @Transactional support.

Thursday, June 30, 2011

Build rich XML-enabled applications with Apache Cocoon 3.0 and Apache Wicket

[See this post in the new blog]

Some articles are already around about Apache Cocoon 3.0, a deep rewrite of an Apache project that is bringing to the community innovative concepts since 1998.

To be honest, the latest release is slowly approaching to a stable level, especially if compared to the wide spread and appreciation that 2.x series used to have - and still has, to a certain extent - all around the world. Consider only the date of this post reporting the official announcement of the initial work: almost three years ago now, normally enough to consider an Open Source project barely death.

Anyway, the user base seems to be wider than (at least, I've) expected, and still messages pass in Apache Cocoon's mailing lists asking for help, considerations, feature requests. Moreover, some blog entries like this and this recently appeared about Apache Cocoon 3.0, showing that there seems to be still room for the "Cocoon way" to Internet applications.

Ok, I might not be completely objective, but I really do believe that there is still nothing around comparable to Apache Cocoon, when it comes to deal with XML content.
An example of this is the Hippo Cocoon Toolkit project aiming to provide an alternative, Apache Cocoon 3.0 based, toolkit for building front-end web sites while relying upon Hippo CMS.

Apache Cocoon 3.0 has a very slimmed-down and targeted nature if compared to its ancestors (especially 2.1), thought for implementing any kind of web interaction, from portals to CRUD applications. But, from the other side, it provides any mean for a smooth integration in almost any environment.

Let's briefly see how simple and extremely powerful can be to build a web application capable of fancy AJAX stuff and, at the same time, strong XML processing.
Start by downloading the source code of the sample web application: as you can see, all you need to run is Apache Maven (2.2.1 or 3.0.3) installed in your workstation; then uncompress, cd and launch
 # mvn clean package jetty:run
Now point your favorite browser to http://localhost:8888/: voilà! You can now see three different kinds of interaction available in this sample web application:
  1. Embed content produced by Cocoon pipelines in Wicket pages (source code: you can then, for example, place somewhere in your Wicket form a snippet generated by a Cocoon pipeline; note here that Cocoon pipelines are written as pure Java code, no XML;
  2. Use full featured Cocoon pipelines (source code: sitemap.xmap): just empower Cocoon the good old way;
  3. Use full featured Wicket pages (I just grab the source code from the AJAX section of Wicket samples).

Nice, isn't it? ;-)

All this above can be considered as a very first insight in the many facets of Apache Cocoon 3.0: take a tour of its features to have a better idea; did I tell you, for example, about its RESTful attitude?

Friday, May 20, 2011

HSQLDB 2.0.0, BLOB & Hibernate

[See this post in the new blog]

HSQLDB is a very nice and complete all-Java DBMS, particularly useful when doing quick test-outs or maven tests.

A while ago, a bug has been discovered in release 2.0.0 that is causing issues with BLOB management: this is a considerable issue especially with @Lob fields in Hibernate.

The bug was actually fixed in 2.1.0; latest stable release is by today 2.2.1.

Unfortunately, the latest release available at the Maven Central Repository is "only" 2.0.0. [Update: release 2.2.4 is now available (June 25th 2011)]

Taking inspiration from this StackOverflow question, I've elaborated a simple solution working for Hibernate.

First of all, create a simple Java class like as the following:

public class HSQLSafeDialect extends HSQLDialect {

    public HSQLSafeDialect() {

        registerColumnType(Types.BLOB, "longvarbinary");
        registerColumnType(Types.CLOB, "longvarchar");

Then configure your Hibernate instance to use xxx.yyy.HSQLSafeDialect instead of standard org.hibernate.dialect.HSQLDialect.

Basically, this disables BLOB and CLOB supported introduced as new in  HSQLDB 2.0.0, reverting to 1.8.X style.
Not fancy, but enough to make your maven tests run smoothly. Enjoy.