Friday, June 5, 2009

How to setup Apache Ant for remote debugging

If you want to debug some java application which is run from Apache Ant script using java task you should add the following jvmarg:

<jvmarg value="-Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005" /
>

Ant script will look like this:

<java classname="test.Main">
<jvmarg value="-Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005" />
<classpath>
<pathelement location="dist/test.jar"/>
</classpath>
</java>

For more information on
JPDA options see: How to setup Apache Tomcat for remote debugging

Monday, May 25, 2009

How to translate online for free? Use free online translator | translator.vndv.com!

A new free online translation service based on Google AJAX Language API was launched. It supports all most popular languages: English, Arabic, Chinese, Dutch, French, German, Italian, Japanese, Russian, Spanish, Ukrainian etc.
The translator can automatically detect the source language of the text and translate it to the target language. The user interface of the service also support all Google Translate languages.
There is also virtual keyboard functionality.

Tuesday, May 12, 2009

How to fix Basic Authentication issue on WebLogic 9.2/10.0/10.3 when using Acegi/Spring Security

HTTP Basic Authentication on WebLogic starting from version 9.2 (previous versions were not tested) works not correctly. The problem is that if there is some request to your application with "Authorization" header the request will be intercepted by WebLogic itself and will not be passed to your application. WebLogic will try to make authentication itself.

Such problem can occur in your application if you are using HTTP Basic Authentication with Acegi/Spring Security.

The only solution I have found to resolve the issue is to add

<enforce-valid-basic-auth-credentials>false
</enforce-valid-basic-auth-credentials>

into the config.xml file (before closing tag
</security-configuration>):

<security-configuration>

...
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
</security-configuration>

This configuration will resolve the issue.

Friday, December 19, 2008

How to filter network traffic by MAC address using ipfw

Using ipfw you can filter network traffic by MAC address. For example if you want to block traffic from/to some MAC address you can use the following commands:

ipfw add deny ip from any to any MAC 00:07:E9:AD:E8:26 any
ipfw add deny ip from any to any MAC any 00:07:E9:AD:E8:26

Using these commands we block all traffic for the computer with MAC address 00:07:E9:AD:E8:26.

But this blocking will not work if net.link.ether.ipfw variable is set to 0. So you should also do the following command:

sysctl net.link.ether.ipfw=1

Sunday, October 26, 2008

Using of FOR loop in JavaScript

Some time ago I was developing JavaScript functionality for Web application. But some strange behavior was detected when I was testing it. After debugging I have detected that my counter variable was changed in some very strange way.
Actually the problem was in counter variable declaration. Here is an example of problematic code:

for
(i=0; i<n; i++) {
// invocation of some other functions
}

But the correct way to use FOR loop should be like in the following example:

for
(var i=0; i<n; i++) {
// invocation of some other functions
}


In the first example of FOR loop we work with "i" variable of global scope. And that is the problem. Because inside the loop there can be some functions that also works with "i" variable of global scope. And in this case "i" variable will be changed in strange way.

In the second example you see the correct way of using of counter variable. In this case we work with local varible and it should be changed as we expect.

Tuesday, October 14, 2008

How to secure email using S/MIME standard

S/MIME
S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME.

Java Libraries
There are several Java libraries for S/MIME encryption: ISNetworks S/MIME (link did not work last time I was trying to locate it), CMS-S/MIME, JSMIME, JavaMail-Crypto etc. But JavaMail-Crypto library is the easiest in use with Java Mail. It uses Bouncy Castle libraries (the bcprov-jdk14-139.jar (BouncyCastle JCE provider) and the bcmail-jdk14-139.jar (BouncyCastle S/MIME implementation) files).

Code Examples for Encryption and Signing
How to encrypt email message using JavaMail-Crypto example:
public MimeMessage encrypt(Session session, MimeMessage mimeMessage) throws Exception {
// Getting of the S/MIME EncryptionUtilities.
EncryptionUtils encUtils = EncryptionManager.getEncryptionUtils(EncryptionManager.SMIME);

// Loading of the S/MIME keystore from the file (stored as resource).
char[] keystorePass = "keystore pass".toCharArray();
EncryptionKeyManager encKeyManager = encUtils.createKeyManager();
encKeyManager.loadPublicKeystore(
getClass().getResourceAsStream("/keystore.p12"),
keystorePass);

// Getting of the S/MIME public key for encryption.
Key publicKey = encKeyManager.getPublicKey("Key Alias");

// Encrypting the message.
return encUtils.encryptMessage(session, mimeMessage, publicKey);
}

How to sign email message using JavaMail-Crypto example:
public MimeMessage sign(Session session, MimeMessage mimeMessage) throws Exception {
// Getting of the S/MIME EncryptionUtilities.
EncryptionUtils encUtils = EncryptionManager.getEncryptionUtils(EncryptionManager.SMIME);

// Loading of the S/MIME keystore from the file (stored as resource).
char[] keystorePass = "keystore pass".toCharArray();
EncryptionKeyManager encKeyManager = encUtils.createKeyManager();
encKeyManager.loadPrivateKeystore(
getClass().getResourceAsStream("/keystore.p12"), keystorePass);

// Getting of the S/MIME private key for signing.
Key privateKey = encKeyManager.getPrivateKey("Key Alias", keystorePass);

// Signing the message.
return encUtils.signMessage(session, mimeMessage, privateKey);
}

Source Code
You can download source code from here.

Troubleshooting
To run this code you will need to install Unlimited Strength Jurisdiction Policy Files for your JDK: http://java.sun.com/j2se/1.4.2/download.html. If it is not installed you will have one of the following exceptions:
"java.lang.SecurityException: Unsupported keysize or algorithm parameters"
or
"java.security.InvalidKeyException: Illegal key size"


Email Client Setup
To read email messages encrypted with S/MIME encryption standard you will need to import your PKCS12 certificate into the email client you use. If you use Mozilla Thunderbird email client you should do following:
Tools -> Options -> Advanced -> Certificates -> View Certificates -> Your Certificates -> Import
and select your keystore.p12 PKCS12 certificate file. Use your keystore password to import PKCS12 certificate.
After performing this steps you will be able to read messages encrypted by your certificate.

Certificate Generation
PKCS12, Personal Information Exchange Syntax Standard, certificates can be used for things such as email signing and file signing. They are different from other certificates in that rather than being only the public or private certificate, they are a combination of both plus the root certificate. This means the person they are made for only has to worry with one file.

Certificate generation using OpenSSL
To generate PKCS12 certificate using OpenSSL follow the steps from the "Creating PKCS12 Certificates" article.

Certificate generation using Thawte
There is ability to generate certificate using Thawte service:
https://www.thawte.com/secure-email/personal-email-certificates/index.html?click=main-nav-products-email

Sunday, October 5, 2008

How to setup Apache Tomcat for remote debugging

If you want to debug your application deployed to Apache Tomcat you have to:
Setting up Apache Tomcat
Your IDE can connect to Apache Tomcat remotely using JPDA. To enable it you have to set JPDA environment variable before starting of Apache Tomcat and then start it.

For Unix use following commands:
export JPDA_ADDRESS=5005
export JPDA_TRANSPORT=dt_socket
catalina.sh jpda start

For Windows use:
set JPDA_ADDRESS=5005
set JPDA_TRANSPORT=dt_socket
catalina.bat jpda start

If you need suspend execution immediately after startup you should set JPDA_SUSPEND=y option:

For Unix use following commands:
export JPDA_SUSPEND=y

For Windows use:
set JPDA_SUSPEND=y

In this case after startup JVM will wait while you will connect to it remotely through debugger.

Setting up IDE
Setting of IDE to debug your application deployed to Apache Tomcat dependents on the concrete IDE you use. But in all cases you have to set host (host of the computer where tomcat is started) and JPDA port (port number that was specified in JPDA_ADDRESS environment variable).