Tuesday, March 31, 2009

Java Logging API and How To Use It

Java Logging API and How To Use It

On tomcat 5.5 we have the JULI library which replaces the standard java logger.
So to get per-context logging, put
logging.properties into WEB-INF/classes with the following contents:
handlers = org.apache.juli.FileHandler, java.util.logging.ConsoleHandler

############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################

org.apache.juli.FileHandler.level = FINE
org.apache.juli.FileHandler.directory = ${catalina.base}/logs
org.apache.juli.FileHandler.prefix = myapp-prefix.

java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter

ps: here are the standard set of JULI properties:
  • org.apache.juli.FileHandler.directory
  • org.apache.juli.FileHandler.prefix
  • org.apache.juli.FileHandler.suffix
  • org.apache.juli.FileHandler.level
  • org.apache.juli.FileHandler.filter
  • org.apache.juli.FileHandler.formatter

Tuesday, March 24, 2009

Disabling Certificate Validation in an HTTPS Connection (Java Developers Almanac Example)

Whilst suffering extreme pain due to self-signed certificates (hint: UTS IT ?) here is a nify trick to roll your own non certificate checking class:
Disabling Certificate Validation in an HTTPS Connection (Java Developers Almanac Example E502)

e502. Disabling Certificate Validation in an HTTPS Connection
By default, accessing an HTTPS URL using the URL class results in an exception if the server's certificate chain cannot be validated has not previously been installed in the truststore. If you want to disable the validation of certificates for testing purposes, you need to override the default trust manager with one that trusts all certificates.
exception if the server's certificate chain cannot be validated has not previously been installed in the truststore. If you want to disable the validation of certificates for testing purposes, you need to override the default trust manager with one that trusts all certificates.

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};

// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
   


Client:

// Now you can access an https URL without having the certificate in the truststore
try {
URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {
}

Friday, March 20, 2009

Critical Steps to Secure Tomcat on Windows NT/2K/XP

Critical Steps to Secure Tomcat on Windows NT/2K/XP

wow, running tomcat can really cause security holes.
fancy
Runtime rt = Runtime.getRuntime();
rt.exec("c:\\SomeDirectory\\SomeUnsafeProgram.exe")

running under the system context (As Administrator!!) of windows.

boo yaa!

Wednesday, March 18, 2009

this is a blog post using w.bloggar http://wbloggar.com/download.php

A quick way of entering blog entries.

chris

Tuesday, March 17, 2009

converting unix date to excel date

been bugged by this for while - on unix the date timestamp is number of seconds since 1/1/1970
On excel, it's 1/1/1900
So to convert the unix timestamp to microsoft excel, use the formula:
=timestamp/86400 + "1/1/1970"
(where 86400 = 24 * 60* 60 ie: # seconds in a day).
Oh you might also want to add/subtract an offset for the timezone (depending on the timezone settings of your unix box). eg: for +10 GMT (sydney, melbourne, canberra) add 10/24 ie: 0.416667

ps: make the cell format Date or Time or Custom format.
Personally I prefer ddd dd/mm/yyyy HH:mm:ss (ie: Tue 03/03/1999 23:59:43)

Sunday, March 15, 2009

2008 SOA magazine readers choice

I'm personally a bit dubious about the readers choice result from SOA magazine ( http://soa.sys-con.com ) since it gives very high rankings to IBM websphere software.

Some make sense and some don't.
Best App server:
  1. IBM websphere (yeah, huge number of commercial, plus ambigous since this includes WASCE and probably Apache Geronimo)
  2. Glassfish (big push from SUN)
  3. Weblogic (ol' favorite, but Oracle owns this now and god knows how they market it)
  4. WSO2 (** weird?? Where did this come from? Maybe manipulation?)
  5. JBoss (huh, would have thought this near #2 or #4)
Best IDE
  1. NetBeans (assuming 6.1, which is excellent)
  2. Rational Application Developer (eclipse)
  3. Oracle JDeveloper (not eclipse)
What's weird is where are all the other Eclipse-oid based IDE's?

Best Integration Server
  1. Websphere Integration Developer
  2. Fiorano ESB
  3. Java CAPS (glassfish++)
Agree with IBM being the big gorilla here. What's surprising is the gain of Sun servers, which traditionally are a pile of dog sh*t (since Sun never seemed to understand the enterprise and hence the dogs breakfast of J2EE 1.3/1.4)

Best Opensource SOA
  1. WASCE (does this include Apache Geronimo??)
  2. Sun openESB
  3. SoapUI
Since where was WASCE SOA? This is yet another Java EE server. Also what the heck is SoapUI doing here? This is just a test/development IDE (although as a JNLP java applet)

Best Portal
  1. IBM Websphere Portal
  2. Sun Portal
  3. Weblogic Portal 10.2
Yeah yea, Websphere blah blah. IBM must have stacked the whole review with their internal staff. or fanboys. Still surprising Sun is in the list. Maybe they gave staff a couple of hours to fill the survey too :-)



Best Security
  1. IBM Datapower XML security gateway XS40
  2. Sun access manager/open SSO
  3. oracle web services management
  4. Metro
No surprises about IBM, Datapower is a damned good appliance. IBM liked it so much they bought the company. Big surprise to see Sun in there twice (#2 and #4). Though metro is actually quite good.

Best SOA platform
  1. IBM Websphere
  2. Fiorano SOA
  3. Sun Java CAPS
IBM, IBM, IBM, IBM. Sigh, this report is so biased it's getting tedious.

Best SOA Testing tool
  1. Rational Tester for SOA
  2. SoapUI
Ditto. Though rational is pretty good, SoapUI is a hell of a lot more lightweight, yet pays it's way (the community edition is free :-). Could do with more test management though.

Best SOA Tool
  1. Fiorano ESB
  2. Sun Java CAPS
  3. Rational Software Architect
  4. Rational Team concert
What, IBM *NOT* at the top? Someone at IBM messed up (and probably got forced to move to Bangaldore as punishment).
It's a bit weird to mix development tools (#3 RSA & #4 Rational Team) with servers (#1, #2). Maybe that's why IBM got pushed down, staff got confused..

Best SOA training site
  1. IBM SOA Sandbox
  2. SOA Training Curriculum (MomentumSI)
IBM SOA Sandbox is great, so this choice actually makes sense.

Best SOA Book
  1. IBM"The New Language of Business: SOA & Web 2.0"
  2. Amberpoint et al An Implementorメs Guide to SOA ヨ Getting it Right
  3. IONA Understanding SOA with Web Services
All vendor "books". Basically a "white" paper advertorial disguised as a book.

Best SOA or XML Site:
  1. IBM's SOA Microsite
  2. www.fiorano.com
Yeah they are ok. What about non-vendor stuff.

Con-clusion:

sys-con SOAWorld magazine tries to be a vendor neutral but they need some mechanism to do a real unbiased report. Maybe if Gartner or any of the reputable firms would run the survey I would be less skeptical.