Request header rewrites with Java servlet filters
A collegue and I have been looking at a setup with completely separate Oracle Portal (with SSO) and Oracle Collabsuite installations, and we wanted a simple way to have users automatically logged into Collabsuite after logging into Portal. If you are not familiar with Collabsuite, just think "J2EE" application.
Normally you would deploy a consolidated infrastructure, which makes this a no-brainer, but for various reasons we wanted to keep these two environments quite separate.
The details of how we did this are not really pertinent, but the bottom line is that we had everything sorted with one exception: the LDAP realm on Portal did not match Collabsuite. Everything was nicely working except the Collabsuite web applications keeled over, because the "osso-user-dn" request header set by the Portal SSO did not match Collabsuite.
If only we could hack/rewrite the osso-user-dn to fixup the realm part!
Now with Apache 2.0, this is probably quite easy by using the RequestHeaders directive in httpd.conf. That didn't exist in Apache 1.3, which unfortunately is what we are using.
This lead me to investigate what could be done at the J2EE level, and I discovered for the first time the servlet filter features in the Servlet API 2.3.
There are a few good tutorials floating around the web, such as Jason Hunter's JavaWorld article, but nothing I've found yet specifically demonstrates header rewrite.
Its pretty simple though. I've put together a demo RewriteRequestHeaderFilter with sources (download: RewriteRequestHeaderFilter-1.0-src.zip). It contains a complete demo site, but is also packaged and ready to insert into any arbitrary web application (just deploy the jar and fiddle the site's web.xml).
So, if you ever find yourself wanting to fiddle request headers in the J2EE environment and don't have "external" options, the RewriteRequestHeaderFilter could be just the ticket.
Postscript 2008-06-02: I've moved this to its own sourceforge project now.
read more and comment..
Who's bound to that port?
Recently wanted to track down the details of the process that had a specific port open. I checked out the O'Reilly Linux Server Hacks book, and hack #56 was pretty much what I wanted. I scriptified it somewhat as follows. Note that this only looks at tcp:
#!/bin/bash
port=$1
procinfo=$(netstat --numeric-ports -nlp 2> /dev/null | grep ^tcp | grep -w ${port} | tail -n 1 | awk '{print $7}')
case "${procinfo}" in
"")
echo "No process listening on port ${port}"
;;
"-")
echo "Process is running on ${port}, but current user does not have rights to see process information."
;;
*)
echo "${procinfo} is running on port ${port}"
ps -uwep ${procinfo%/*}
;;
esac
As you can see, this works by getting a little bit of process info from netstat, then using ps to get the full details. Download the script here: whosOnPort.sh
read more and comment..
A quiet revolution in KM?
Many thanks to Justin Kestelyn who recently highlighted Alejandro Vargas' Blog. Alejandro has been quietly putting together a powerful Body of Knowledge on RAC and related issues [still not a "Featured Employee Blog", but it should be!].
I must say, this was a Damascan Road event for me.
During the mid to late 90's, I was heavily involved in Content and Knowledge Management solutions for enterprises. We struggled with concepts of "Human Capital" and "Intellectual Property". In most cases, I was involved in helping companies setup the technical and organisational infrastructure to better empower "knowledge workers" to share, find and reuse information. The solutions of the day were corporate intranets, portals, search engines, mail, groupware and such-like.
I have been somewhat removed from that scene over the past 5 years, and it was only when seeing Alejandro's blog that it really struck me that a quiet revolution has been underway in Corporate Knowledge Management (KM).
The main problems we used to face in knowledge management were cultural, not technical. How to encourage participation? How to reward contribution and reuse? How to effectively organise and locate relevant information? How to measure and align with corporate goals? After years of practice (in both senses of the word), I came to the realisation that the most important contributing factor always came down to having a pivotal community member (not necessarily the formal "leader") around which others would cluster and be inspired to act.
Ironically, the solution to such cultural issues appears to have been technical if I am reading the megatrends correctly.
We saw the first inklings of progress with wikis, which facilitate rapid collective development of a body of knowledge, but now I realise that it is with blogs and podcasts that we are in the process of making a significant step-change.
Now blogs are nothing new. But predominantly we have seen them as a pop cultural phenomenon, creating our first issue of Web Celebs.
Alejandro's blog however epitomises the new breed of not-quite corporate blogging... blogging on a specific topic of interest that relates to their work, but done under personal editorial control. In the past (and still true today), Alejandro's employer would have provided corporate facilities to capture and share the kind of information he is publishing. I'm sure Alejandro still diligently complies with such mandated systems, but it is his blog which is having the most positive impact on the world.
So how is corporate knowledge management evolving with the advent of blogs and podcasts? To my mind, there are two important factors to note:
- Accessibility If a tree falls in a forest and no one is there, does it make a sound? Similarly with knowledge management, what is the value of sharing if no-one uses your work? Corporate knowledge management systems were once able to deliver the optimal audience for your work (if you tried very very hard over a very very long period of time), but the rise of the internet and blogging in particular has changed that dynamic forever.
- Attribution some would say "ego". One critical factor in the success of blogs is that the primary structural organisation is by attribution. It is your collection. Secondary organisation by news aggregators, semantic web or search engines cannot dilute the fact. The days of consigning your masterpiece into the black hole of corporate knowledge are fast receeding. For some, "ego" may be the prime motivation, but I believe it is usually a little more complex than that. Blogs tend to tell a story over time. Posts will be related. As a blog author, you will continually have you history of posts in front of you. Not only does this reinforce the sense of continuing narrative, it illuminates the "gaps" in your story and therefore compels further contribution to fill the void. Just as a novellist may feel compelled to complete their work no matter how unlikely it may be to find a welcoming readership, the blogger is likewise committed to continue what they start. Note that wikis are tapping into a fundamentally different attribution dynamic, one not so much governed by "ego", but by "tribal" aliegance.
"Information is power" is a hackneyed phrase. And I think it doesn't do justice to what is happening in the world today. It is too small town.
I prefer to think in terms of "potential accessibility x attribution = self-perceived value", and "referenced accessibility x attribution = actual value" i.e. power. And I think what we are seeing now is that the tools available (wikis and blogs in particular) are delivering a "value/power" formula that is starting to unleash an unprecedented wave of knowledge sharing and collaboration.
Implicit in the above is a decided shift in "editorial control". No longer is it a neat case of the knowledge worker submitting their work to the whims of the corporate machine. The blogger is in control. That is a significant challenge to the corporation, especially those for which information is the primary product they sell. Alejandro is perhaps fortunate to work a company that makes its money from selling software ... sales that his blogging supports and enhances. But a tax or legal firm? That's a different kettle of fish, since they primarily trade in "knowledge" i.e. expert advice.
So what response should we expect from corporations and developers of "km"/blogging software? Here are a few thoughts...
- We need to see the modern tools (blogs, wikis and podcasts) incorporated as primary sources for corporate KM strategies. That means integration between blogging tools and the corporate KM systems such as customer care/help systems, search engines, semantic webs and intranet/internet portals.
- Locking away such tools as "internal only" resources works against the accessibility imperitive. There are of course valid concerns over confidentiality. To accomodate this dilemma, metadata (and systems) need to support the concept of confidentiality. That is, employees should be able to selectively target internal, customer and public audiences when they post or broadcast. We should be able to adapt approval/moderation processes in accordance with confidentiality.
- In a corporate setting, it doesn't take long before people start questioning the "business value" of all this blogging etc. Personally, I hav ea foot in both camps. On the whole, I believe very few people can justify blogging exclusively on company time. People like Tom Kyte for example [ if we consider Ask Tom a specialised kind of blog]. For most of us however, it's a shared "value capture" equation. Sure, the blogs/wikis etc may enhance our contribution to the business, but a large part can also be a personal development exercise in enhancing our long term career value. In crude terms, maybe that next job will be clinched on the strength of your blog. So just like I read professional books of my choice on personal time, that's when I blog too. As employees, we need to be realistic about this and manage our time accordingly.
- For the corporations themselves, "value capture" can be a trickier proposition. And this depends on the nature of the business too. For a company like Oracle, having employees and users positively blog about its software can arguably give a major (but unmeasurable) sales boost by enhancing "brand value". Maybe we are not quite there yet, but I can imagine a day soon where the lack of an active blogsphere around your software product will make it almost impossible to sell. However to take an extreme example, consider CNN. What if all your reporters actively blogged too? Or if all Ernst & Young's accountants popped up on blogspot? It is harder to implicitly conclude there would be a positive impact on the bottom line. At this point, I see no other solutions than trying to achieve a suitable compromise. The softwares we use play an important role in providing the functionality to achieve that balance faster.
All of the above may be bleeding obvious to some and well discussed in the KM journals, but everyone needs their "Ah-ha" moment, and I just had mine.
read more and comment..
Securing your home router #2
Just listening to Security Now #80 in which Steve and Leo discuss a Javascript exploit that aims to compromise home routers with default password.
I strikes me that its a very short leap to combine this Javascript approach with the broken security implementation in certain routers that I blogged on recently. In fact, the Javascript approach overcomes the main limitation of the vulnerability hack which is that it required LAN access to your router to do anything more than mischief.
read more and comment..