JRebel 5.0 released - Now fighting redeploys locally and in the cloud

Sky-Tiger

The next example shows Boolean operations on events. The rule describes a possible theft condition, when there has been a product reading on a shelf (possibly through RFID), followed by a non-occurrence of a checkout on that product, followed by a reading of the product at a scanner near the door.

within 12 hours
from
ShelfReading[TagId=tag; ProductName=pname] as onShelf,
CounterReading[TagId=tag] as checkout,
ExitReading[TagId=tag; AreaId=area] as exit
on onShelf fby not(checkout) fby exit
output [TagId=t; ProductName=pname; AreaId=area];

The next example shows how to raise an alert if a user tries to log in to an account unsuccessfully three times within 5 minutes.

from
LoginAttempt[IpAddress=ip; Account=acct; Result=0] as login1,
LoginAttempt[IpAddress=ip; Account=acct; Result=0] as login2,
LoginAttempt[IpAddress=ip; Account=acct; Result=0] as login3,
LoginAttempt[IpAddress=ip; Account=acct; Result=1] as login4
on (login1 fby login2 fby login3) and not(login4)
output [Account=acct];

People wishing to break into computer systems often scan a number of TCP/IP ports for an open one, and attempt to exploit vulnerabilities in the programs listening on those ports. Here’s a rule that checks whether a single IP address has attempted connections on three ports, and whether those have been followed by the use of the “sendmail” program.

within 30 minutes
from
Connect[Source=ip; Port=22] as c1,
Connect[Source=ip; Port=23] as c2,
Connect[Source=ip; Port=25] as c3
SendMail[Source=ip] as send
on (c1 and c2 and c3) fby send
output [Source=ip];

Sky-Tiger

Aleri provides many interfaces out of the box for an easy integration with source and target systems.  Through these interfaces/adapters the Aleri platform can communicate with standard relational databases, messaging frameworks like IBM MQ, sockets and file system files. Data in various formats like csv, FIX, Reuters market data, SOAP, http, SMTP is easily consumed by Aleri  through standardized interfaces.

Following are available techniques for integrating Aleri with other systems.


Pub/sub API is provided in Java, C++ and dot net - A standard pub/sub mechanism
SQL interface with SELECT, UPDATE, DELETE and INSERT statements  used through ODBC and JDBC connection.
Built in adapters for market data and FIX  
In the next part of this series we will look at the Aleri Studio, the gui that helps us build the CEP application the easy way.

Sky-Tiger

For you folks hearing about us for the first time, JRebel is Java’s most popular redeploy killer productivity tool for Java developers that instantly updates the running application whenever changes are made to class structures, resource files and framework configuration files.
Using JRebel, developers can eliminate the need to build and re-deploy the application during development, saving an average of 10.5 minutes out of each coding hour, according to a recent report on Java EE Productivity. This comes out to over 5 work weeks each year – which is over 1 month salary for each developer on a team.
JRebel 5.0 was just released and introduces a new functionality called JRebel Remoting (fresh out of Beta) that enables JRebel to be used in the scenarios where the application is running in remote environments.
With the remoting feature it will be very easy to develop and test Java applications in cloud environments, and Jelastic PaaS is totally suitable for this. Jelastic is a highly-scalable, cloud-based Java host platform that we’ve been following with interest for some time at ZeroTurnaround.
So that’s why we are excited to show you how to setup and configure JRebel in Jelastic. Yee-freakin’-ha!

Sky-Tiger

Installing JRebel to Jelastic PaaS

First, we need an environment that we’ll use to host the application. In the development scenario, it is sufficient to have only one container to which to deploy the application. Let’s describe the procedure for Tomcat, the most widely used application server according to the recent Developer Productivity Report 2012.

Sky-Tiger

Once the environment is created, we can install the JRebel agent into the environment. To do that, we have to upload jrebel.jar from JRebel distribution. Don’t forget the license file which has to reside in{user.home}/.jrebel directory:

Sky-Tiger

Next, we have to enable the JRebel agent for the container that we’ll use to deploy the application. Jelastic has introduced the support for custom JVM properties some time ago and we’ll leverage this feature in order to configure JRebel. The variables.conf file is the one that we have to modify for this matter.

Besides the -javaagent parameter, in order for the remoting functionality to work, we have to enable the “JRebel remoting plugin” using the special JVM argument: -Drebel.remoting_plugin=true. It is useful to enable JRebel logging in order to check if JRebel was installed correctly.

Sky-Tiger

Once the variables.conf is modified and saved, Tomcat node requires a restart in order to apply the new configuration parameters. After the container is restarted, if JRebel was installed correctly, we’ll seejrebel.log – meaning that JRebel agent has bootstrapped with the container and started to work as expected.

N.B! Setting JRebel for Jetty isn’t any different from what we did for Tomcat – there’s the variables.conf file that is used for specifying the auxiliary JVM arguments. Installing JRebel for Glassfish is slightly different as instead of variables.conf Glassfish uses domain.xml configuration file. So we can either modify the configuration file, or set the arguments via Glassfish administration console.

Configuring The Application

JRebel Remoting requires two configuration files to be included into the deployed package: rebel.xmland rebel-remote.xml. JRebel usually requires the rebel.xml configuration file in order to map the running application back to the workspace, so that the classloaders would be able to see the changes made to the project files directly.

The rebel-remote.xml configuration file is specifically required for the remoting functionality to work. It is a very simple configuration file containing two parameters, the ID of the module and the URL, where the application is accessible.

Both the configuration files can be generated using JRebel plugin for Eclipse, which is available fromEclipse Marketplace.

Sky-Tiger

JRebel Remoting in Action

Once both the configuration files are generated, we can package the application and deploy it to Jelastic environment.

After the application up and running we can start making changes to the project and update the application instantly with JRebel.

For the example we’re using the Petclinic demo application built with Spring Framework. Here’s what the first page of the application looks like:

Now we could make a change to the welcome.jsp that implements the first page and make it to display “Welcome to Jelastic!” instead of “Welcome”. Once the value is changed we can push the changes made to the project by calling “Sync Now” action provided by JRebel IDE plugin.

After calling the synchronization action we can observe JRebel messages in the IDE console:

Manually triggered JRebel remoting synchronization.
Scheduling JRebel Remoting synchronization for projects: petclinic
Starting manual synchronization for project: petclinic
Parsing configuration for /Users/anton/work-src/petclinic
Directory target/classes/ will be used for uploading
Directory src/main/webapp/ will be used for uploading
…
JRebel-Remoting uploaded changes successfully, have fun!

Sky-Tiger

Despite the talent and hard work of today's Java developers, enterprise Web and mobile applications may not be as secure as they should be. More than ever before, Java developers are code ninjas and mobile application magicians. Java applications running on Android phones let us take care of our banking errands, wire money, send and receive emails,  make purchases, keep tabs on our investments, schedule appointments, and even help us keep fit. We can run them just about anywhere. These apps are powerful and easy to use. They connect us to the world in ways that were impossible not so long ago.

Unfortunately, the developers that work so much power into such small devices may not be the best candidates for making sure that power stays in the right hands. According to Gardner's VP of security research, Ramon Krikken, enterprise application development could stand some improvement. He cites research from WhiteHat Security Inc. that implies it would take the banking industry (one of the most regulated and therefore best secured industries) over thirteen months to patch 90% of the flaws that exist in their applications.

Sky-Tiger

Krikken suggests mitigating security risks with a Web app firewall (WAF):

A WAF is an appliance or server software add-on that can monitor and block traffic to and from applications. They have become common in many enterprises, especially those that must comply with the Payment Card Industry Data Security Standard (PCI DSS), which calls for either use of a WAF or frequent application code reviews.

“I’m usually the last one to recommend – if you have a problem – throwing a piece of technology at it or putting something in front of it and filtering it, because it’s a good idea to build secure applications right from the start,” Krikken said, “but you can’t do that with all applications.”

“I have an increasing number of customers starting to question whether putting a Web application firewall in front of an application to fix something is all that much worse than fixing the code.”

What do you think about securing Java Web applications. Is a WAF firewall appliance or add-on security server a valid strategy? Do developers need to bake security into Web applications? Is this potentially a growth area for new Web developers? Leave us a comment to let us know what you think