Apache OFBiz as portal solution? - apache

We currently need a portal solution. One of our service providers has already suggested that we develop the portal in Apache OFBiz.
Now I would like to know if Apache OFBiz is still state of the art or if it is already on the way down.
Or is there another technology we should consider.
Best Regards,
Foerstar

Apache OFBiz is a solid Open Source framework that is actively maintained and updated by its community that is part of the Apache Software Foundation.
While the OFBiz architecture has been outlined years ago, it is still a modern framework that incorporates several pragmatic patterns and is designed to be flexible and extendable. Moreover various components and technologies have been kept up to date or replaced with newer ones over the years.
It is impossible to tell you if OFBiz is a good fit for your portal solution because I don't know your specific needs but my recommendation is to at least consider it especially if in your portal you will publish content related to products or other business entities: if this is the case then the OFBiz universal data model will be a valuable resource that will help you to achieve your goals efficiently and with high quality.

Related

Is there any reason not to host a software repository with a standard web hosting service?

I have webspace and I was thinking of setting up a git repository on it.
If I am developing software and I want to host a repository (CVS, SVN, git, etc) online, is there any reason not to use a standard web hosting provider (GoDaddy, etc) to do this?
I'm thinking in terms of security, reliability, etc.
One reason for not using a standard-company is that usually shell-access is needed to setup a Version Control System (VCS). Many providers don't give shell access on normal webspaces.
When you are developing open-source software I'd recommend hosting at SourceForge, github, Google Code or similar providers, as your code is public there, you will get an issue tracker and several other tools that may help you. On github for example adding more developers to your project is very easy.
When you are developing closed-source software you still can use github, this gives you the same advantages as mentioned above, but of course it costs you a few bucks a month. Open-Source projects are free.
So while there is no real reason to not use standard hosting providers there are good reasons to use a company dedicated on hosting code.
As you asked especially for security: github (I use it as an example, as I host my code there as well) gives you a full list of information of what they do to ensure your code is safe.

TRAC host that allows plugin customisation

My research and development environment calls for a heavily customised TRAC with a corresponding subversion repository and a binary file store (e.g. WebDAV).
I have my eye on at least 10 plugins that I would like to use (from integration with time tracking software, to specialist mathematics/code rendering). I'd also like to write my own plugins.
I am looking for a commercial host that will allow me to self-manage my TRAC plugins. I've looked into (and contacted) a few of the commercial providers from the TRAC Commercial Services list, including:
Project Locker
Repository Hosting
SVN Repository
Project Locker have described that they do a code review of plugin requests and handle it on their end (unspecified time period). Repository Hosting have said that they "will probably not add support for that in the near future". SVN Repository have said "you won't be able to install any new plugins" and have suggested one of their VPS accounts instead.
Short of managing my own VPS or dedicated server, does anybody know of a commercial SVN/TRAC host who allows paying customers to install their own plugins? I would have thought a chroot environment would have made this a no-brainer!
(Note: this was originally posted on programmers but was down-voted and I was advised to move it here. Quoting from their FAQ: implementation issues or programming tools (ask on Stack Overflow instead))
You'll probably find a hard time finding what you're looking for because as Craig mentioned in his comment, the concept of commercial hosting services typically revolves around limiting a customer's ability to customize. Keeping things relatively uniform means that the hosting company can manage systems and deploy automated updates much more easily and won't have to worry about their scripts breaking because of something odd that one customer installed or re-configured.
If you want to be able to install and configure plugins at will, I highly recommend going the VPS route and managing the server yourself. It's easier than you might expect (I was thrown into this situation and was pleasantly surprised). You can start with something like the Bitnami Trac stack, which is a virtual machine image that has a Linux OS plus Trac and all of the support tools (database, webserver, etc) set up and ready to go. If you use that as a starting point, all you should have to do is customize your Trac settings and install your plugins.
If you really don't want to have anything to do with the management aspect, remember that you can always go the VPS route and contract out the administration work separately. It might be easier if the hosting provider and the system admin come from the same company, but it's not a requirement. Given the flexibility and customization that you need, this might be a more realistic option.

Clarification re the term "Application Infrustructure"

Apologies if what I am going to ask is too generic and please feel free to mark it as community wiki or even close it but after getting a good answer please.. Here goes nothing.
I had a heated debate over the term application infrastructure with a consultant from a BIG company and hence I am here to see what the experts think as I myself need a good understanding as well. I am a puny software developer and was trying to have a chat about software architecture and stuff and then we kinda got stuck up at the term application infrastructure.
As per my rival's understanding, this is solely used re the back-end hardware components and whereas I thought he is mixing the contexts and from the context of software eng it should refer to stuff that supports the application such as logging, ORM, or even framework (.net) etc.
To what extent am I wrong and if I am please shed some light on the definition...it's really gonna help a lot.
Thanks
Here are a few links with a little description about the term Application Infrastructure extracted from them:
Application Infrastructure -- f5.com
Application infrastructure, comprised of application servers, web servers, and often database servers, is a core component in most network architectures. This part of the network infrastructure delivers high performance application services to the LAN as well as to employees, partners and customers on the WAN.
Some of the key functionality of application infrastructure includes transaction management, clustering, reliable application-to-application messaging, system management, advanced application development tools, proprietary access, and interoperability with legacy technologies.
Application Infrastructure -- networkmagazineindia.com
A (common/standard) platform is required to make different applications in an enterprise work across geographies or multiple locations, and to manage a large number of users and transactions taking place within an enterprise. This platform which ensures that different applications work with each other, is known as an application infrastructure.
Application Infrastructure -- bitpipe.com
A high performance, reliable, and secure integrated technology infrastructure for managing multiple hosted applications by Application Service Providers.
What he seem to be describing is the platform for software (I'll leave it open if that is the same thing as the software platform. I do include software service in the Application Infrastructure definition and also include connectivity/networking along with hardware and software as the three foundation corner stones of Infrastructure. Infrastructure is the general purpose commodity components as opposed to the domain specific components which will typically always be Software; (A possible exception would be an organisation uses custom hardware). AIH; IBM pitch WebSphere as Appliction Infrastructure and Microsoft Consider their Windows Server to the Application Infrasture both agree with you and I.
From what I can see it speaks to HW and SW (middleware and API management).
Gertner definition : Application infrastructure is software platforms for the delivery of business applications, including development and runtime enablers.
Interesting info from Gartner:
http://wso2.com/resources/analyst-reports/comparing-vendors-of-comprehensive-application-infrastructure-suites/

Deployment/Distribution/Installation of Apache modules

I am a student and on an internship currently. I was developing an Apache module, that will be available for my company's clients to download and use.
I have completed the module now. Now I want to know what are the best practices regarding the deployment of module.
Should I provide binaries of the module or source files ? What can I assume about the technical competence of the webmasters who usually maintain the servers ?
Additionally the biggest problem that I see is that different OS distros usually mess with the Apache directory structure, so it is very difficult to even provide a standard guide that will help user's to install the module.
Does anyone has had experience with this kind of a situation ? What are the usual practices of software distribution/deployment/installation ?

Enterprise SSO & Identity management / recommendations

We've discussed SSO before. I would like to re-enhance the conversation with defined requirements, taking into consideration recent new developments.
In the past week I've been doing market research looking for answers to the following key issues:
The project should should be:
Requirements
SSO solution for web applications.
Integrates into existing developed products.
has Policy based password security (Length, Complexity, Duration and co)
Security Policy can be managed using a web interface.
Customizable user interface (the password prompt and co. screens).
Highly available (99.9%)
Scalable.
Runs on Red Hat Linux.
Nice to have
Contains user Groups & Roles.
Written in Java.
Free Software (open source) solution.
None of the solutions came up so far are "killer choice" which leads me to think I will be tooling several projects (OWASP, AcegiSecurity + X??) hence this discussion.
We are ISV delivering front-end & backend application suite. The frontend is broken into several modules which should act as autonomous unit, from client point of view he uses the "application" - which leads to this discussion regrading SSO.
I would appreciate people sharing their experience & ideas regarding the appropriete solutions.
Some solutions are interesting
CAS
Sun OpenSSO Enterprise
JBoss Identity IDM
JOSSO
Tivoli Access Manager for Enterprise Single Sign-On
Or more generally speaking this list
Thank you,
Maxim.
What about FreeIPA?
"FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 (formerly known as Fedora Directory Server), MIT Kerberos, NTP, DNS. It consists of a web interface and command-line administration tools."
If you focus on web applications, check out http://oauth.net/.
CAS has strong adoption, user-base, and a strong lead (who recently switched jobs, but is still comitted to the project). It is straightforward to integrate (if you're comfortable writing Java code/configuring Spring beans), and can do all your requirements, noteably:
SSO solution for web applications.
YES
Integrates into existing developed products.
YES (though some cleaner than others - but many modules are available for major products, and it supports common standards (SAML, OpenID).
has Policy based password security (Length, Complexity, Duration and co)
*YES - can easily be implemented, and some extensions to integrate with LDAP (probably the most common user store) are supported
Security Policy can be managed using a web interface.
NO - though one could be build fairly simply - if you're comfortable with development, and given that this is likely to be a non-trivial project, I'd recommend considering this a non-blocker given that the product is open-source
Customizable user interface (the password prompt and co. screens).
YES - easily customized through some basic HTML/CSS editing
Highly available (99.9%)
YES - both reliable, and can support multiple node/failover scenarios easily
Scalable.
YES - used in many high-traffic environments both intranet and internet
Runs on Red Hat Linux.
YES
Oracle Enterprise Single Sign-On is not what you're after - it requires a Windows executable to be deployed. Oracle Access Manager is closer to what you're after (though it's not free or Java-based).
The major commercial players in the Identity and Access Management (IAM) market space are CA, Oracle, IBM, Sun and Novell. None of these are free solutions but they have many of the features that you are looking for.
For free software, I recommend DACS: The Distributed Access Control System. I know that one department where I work has implemented this with great success. It doesn't have as many features the commercial IAM products but otherwise is a good solution.
I have used Tivoli Access Manager backing onto Websphere and IIS boxes - the way it writes access information into the page headers is very useful. On the downside, I didnt find the DB2 Ldap backend very scalable or reliable, and you know with IBM this isn't going to come cheap.
Also the asynchronous paths (junctions) used to identify different servers is a bit of a hack really eg http://mysite/myserver/myapp - a very bad idea and not thought through very well.