Today will be my last day at Oracle.

In retrospect of my 11 years at Oracle, it has been a fun and enjoyable experience.

One of the things I want to do in my life is to learn and try out new things, and I think I am blessed in Oracle, as it provides me the opportunity to do so. At the time when I started at Oracle in Financials, building web applications using Java was new, and I jumped into projects using Oracle Applications Framework right away and worked on release 12. You will be surprised how little I need to know about Oracle Forms even 11 years ago. I took on a relatively complex module called the Funds Checker, which is responsible to ensure there are funds available in accounts before money can be withdrawn. This is an important requirement for Public Sector and Federal, and software vendors can not sell software to these sectors without it. Funds Check requires high scalability to process potentially millions of transactions from Subledgers and General Ledger, and APIs and performance considerations from the start is critical and essential.

I then worked on building Oracle Intercompany for R12 from scratch, and that was a great experience for me, as I got to know inside out in how to build and maintain an application. Recently, I learned from a friend of mine that she is working as a consultant on an implementation project for Intercompany on R12. It gave me a funny feeling when someone told you they only start using what you built 7 years later. With my past achievements, I eventually led a team of about 20 developers in the Budgetary Control project for Fusion as a Senior Dev Manager. At leisure, I also maintained a server and provide development tools for product managers and developers that can help ease their day-to-day tasks.

In 2007, I had a feeling that I am not learning as much as I used to anymore. Web 2.0, Social Web were booming that time, and I want to get my hands on them. The timing was interesting as Jake approached me and told me about AppsLab. I still remember the day when he told me about it in my office. The thought of being in an innovative tank is nothing I can resist, so I shifted gear.

In these past couple years in the AppsLab, the experience is invaluable. We built Connect, and Mix. We built mobile applications, browser extensions, javascript, and ruby libraries, SSO integration in Java, file sharing, etc.. We uses technologies like jQuery, HTML5, Shindig, Rails as our development tools. I find it amazing on how 4 people can achieve when we have the passion on the technologies and the work we do. I loved the team and the work. I agree with Rich completely that every company should have such a team to do innovations. It is truly an amazing experience to me. Kudos to Jake for telling me about it and bringing me on board.

During my adventure at Oracle, I met lots of good people, and I value our friendship. On the other hand, I was approached by a great opportunity recently, and my mind tells me that I should do a big move. It is time to say goodbye. I will be working on a SaaS product, focusing on the social and mobile platform. It should be fun.

Please stay in touch. You can find me on Twitter, LinkedIn, Facebook, and Google+.Possibly Related Posts:

• Why Ruby on Rails is the perfect framework for building next generation Enterprise Apps
• The Scoop on WebCenter Evangelism
• Meeting Marian
• The Final Countdown
• We’re Joining WebCenter

So, how does SSO help opensocial apps?  Well, if the backend of the opensocial app is also SSO enabled, it gives hugh benefits.  Every employees has a single-sign on account, and once the user logs on into Connect, he/she is authenticated across all services.  Every time when an open social app requests data from its own backend, Connect acts as a proxy and forward the request along with the user credentials to the backend server, and the user is already authenticated.  The SSO account basically serves as an Open ID, and there is even no need for an OAuth token exchange.  I personally find this very cool and it really leverages the power of SSO.  This gives users much better user experience, less hassle in signing on again and again through the OAuth service if you require security, and it saves users time and key strokes.

For the backend servers that support open social apps, SSO serves as the authentication mechanism.  Such backend service no longer needs to worry about adding additional layers of security as long as they verify the request is legitimate and do come from a server it trusts.

Not only that, for  open social apps, normally they need to keep a mapping between the user id of the opensocial site and their own internal ids.  In addition, there is no mechanism of knowing the true identity of their friends other than knowing their user ids of the opensocial site and their names.  With SSO, the picture flips around.  By using the single-sign on user id, it is globally unique across all sites, and you can even use LDAP to look up more details regarding to a particular user.  There is no need for a user id mapping, and you know the true identity of the user.  If you have data currently exists that is related to the user, you can also choose to present these additional information to him/her as well.  Google is trying to identify users through the Social Graph API over the convoluted Internet, but we get this for free and in a very simple elegant manner within the firewall.Possibly Related Posts:

• Deploy OpenSocial Locally with a Sample Network
• OpenSocial’izing Our Apps
• Now We’re a Social Network
• Another Call for OpenSocial App Thoughts
• What OpenSocial Apps Do You Want?

We know the basics about communicating with a single sign-on server. Simply put, authenticate if your apps ask you to, keep users logged in if the their sessions are not timed out, and log them out if the users want to. Simple, eh?

After we started testing the code we have written, funny issues just keep coming up when we debug it. Ok, the page does show up. Why? No idea. Ok, now java throws up with illegal state exceptions? Ok, the redirection request to SSO server takes forever and never completes? As we dig into it a bit more, issues will come up, and we need careful analysis to figure out what is really wrong.

For the HttpServletRequest, it only allows read, not write. For the HttpServletResponse, it only allows write, not read. However, in order to set user credentials and pass the information to your app, and to be able to intercept the response and redirect to Single sign-on server, you need write access to the request object and read access to the response object. One way is to use wrappers around these objects and overwrite the functions. The key thing is you need to make sure you implemented all the functions that you need to overwrite and implement these functions appropriately. The problem is that you would never know what you don’t know, as you only know what you know.

Caveats:

1. You can not allow your app to actually output anything to the outputstream, as the response would considered to be committed and you would not be able to modify it when you receive it at your filter. An illegalstateexception would be thrown. There are all sorts of ways an app can possibly output to the outputstream, and you basically needs to be able to capture them all.

2. After you can avoid users from outputting to the response, your redirection request to the sso server may hang or takes a long time to respond. One potential reason which took some time to figure out is that somewhere some place has called response.getOutputStream() or response.getWriter(). If these functions are called, java would think that there is a possibility the app would be writing to the stream, so it will not close the response, waiting for the data which would never arrive, and your browser would just hangs there forever. In addition, you also need to set the content length to 0 to ensure java knows that it is safe to send out the response.

The caveat list can be very long, and the above is just to give you a taste of it. These things are not mentioned in javadocs, and you can only realize them as you run into them. Even you know quite a lot about security, networking, java, filter, apps, java containers, and all the concepts required to implement SSO, it is just not enough. A lot have to do with trial-and-error and your patience in executing it through. I guess that is why employers ask whether you have experience on this, and experience on that?Possibly Related Posts:

• Opensocial with SSO for corporate users
• A Java ME Phone Like No Other
• Mix Adds Account Merge
• Mix Gets a Plug at Google
• JRuby on Rails: Oracle SSO Integration

1. I have joined Oracle over 7 years, reaching my 8th year anniversary. Studied in UC Berkeley for my Bachelor and Stanford for my Master degree.

2. I love table-tennis, table-tennis, and… table-tennis. Started playing when I was 5, I was a school team member for my elementary school, middle school, high school, and college even since 10, non-stop. Although I got beaten up badly by a girl from the US Olympics team 2 years ago, I am still proud of my skills.

3. Solving riddles and algorithm questions is my favorite. Check out http://www.ocf.berkeley.edu/~wwu/riddles/intro.shtml if you like some fun as well.

4. I have a brother living in Cupertino, and I got 2 nephews. They are cute and smart, and I enjoy the good times with them. Recently I taught them how to play Starcraft, and my goal is to have them better than the Korean professionals out there and get the winning prizes and plaques.

5. I decided to go back to the snow mountains and snowboard this year, and have been there for about 5 times. Started out not able to move, to leave falling, then to traversing. I can now handle greens, working on blues. My 5-year-old nephew joined the Kirkland Jet team this year. It is funny to think that while I am struggling in easy terrains, my little nephew is actually racing down the double black diamonds slopes with other Kirkwood team members. He asked me couple times to race with him, and my answer was always, “wait till you grow up”.

6. I like to travel, been in China, Thailand, Macau, 8 European countries, Hawaii, and Las Vegas. My friends somehow are more interested in going to Las Vegas these days, so I went there 2 years in a row.

7. I started using mac since last year, got a mini-mac last year and a macbook pro this year. Have both Ubuntu and Windows VMs installed, working great. Now my Windows-mobile PDA is syncing with Leopard. Not sure how Windows can compete with Mac and Linux.

8. Last but not least, joined the fun cool Oracle Appslab team last year. It is enjoyable to work in ruby and RoR. Thought they were good programming language and good framework originally, and after I doing some hands-on work, now think they are even much better than I imagined. Yukihiro and David, you guys rock!Possibly Related Posts:

• Thanks and Good Luck Rich
• Adventures in Bad Design
• Farewell Anthony
• Welcome Anthony
• The Scoop on WebCenter Evangelism