Quantcast
Channel: Java mon amour
Viewing all 1124 articles
Browse latest View live

WebLogic 12 shared libraries

December 19, 2016, 3:14 am
Search

Awesome 100 minutes presentation on What is new in WebLogic 12.1.3

December 21, 2016, 1:43 am

Lebara: true story

December 22, 2016, 8:35 am
$
0
0
I used to have a Lebara CH mobile phone, with a hefty balance of more than 100 CHF (they used to give a huge discount when you top-up 100 CHF at a time). Their service works, but they didn't offer a flat monthly rate for unlimited internet, so I got a Yallo number.
For 6 months I haven't made any call with Lebara, and Lebara, without any warning, have deactivated my SIM and took all my money.
They could have sent me an email, since I am registered on their account. They chose not to give me a warning. I actually wonder if all this is LEGAL in a country like Switzerland.
I have sent them an inquiry about my balance, all they say is: 

Thanks for getting in contact with us.
Because of un using the SIM Card for longer than six month the SIM Card is deactivated and cannot be use anymore. We can not see also how much money was on it.
If you have further question please do not hesitate to call or write us.
Kind regards,


I am sure you can take your own decisions - without me trying to influence you - about the quality of Lebara service.

For instance, Skype send me regularly (every 6 month) a reminder saying "your account will be suspended if you don't make a call".... but a) they warn me b) even when suspended, the balance is still available and you can recover it. Lebara no, they just don't care to tell you and there is no way to revert their action. And I have also lost all SMS messages that meanwhile might have been sent to my number.



WebLogic "The managed server could not update the configuration files"

December 29, 2016, 7:59 am
$
0
0
getting this error today, with Admin server up and running, and starting a Managed server member of a cluster.... the .bindings file is part of the MQ Foreign JMS server configuration: 



<Dec 29, 2016 4:07:04 PM CET> <Error> <Management> <BEA-141196> <The managed server could not update the configuration files during the registration with the deployment service. The update failed due to an exception:
weblogic.management.DeploymentException: Exception occured while copying files
 at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.doUpdate(DataUpdate.java:307)
 at weblogic.deploy.internal.targetserver.datamanagement.ConfigDataUpdate.doUpdate(ConfigDataUpdate.java:102)
 at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.update(DataUpdate.java:72)
 at weblogic.deploy.internal.targetserver.datamanagement.Data.commitDataUpdate(Data.java:118)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.updateFiles(RuntimeAccessDeploymentReceiverService.java:880)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.handleRegistrationResponse(RuntimeAccessDeploymentReceiverService.java:728)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.registerHandler(RuntimeAccessDeploymentReceiverService.java:699)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.start(RuntimeAccessDeploymentReceiverService.java:169)
 at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:462)
 at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:167)
 at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:881)
 at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:568)
 at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:469)
 at weblogic.Server.main(Server.java:71)
Caused By: java.io.FileNotFoundException: /path/to/mydomain/config/jms/.bindings (Permission denied)
 at java.io.FileOutputStream.open(Native Method)
 at java.io.FileOutputStream.<init>(FileOutputStream.java:194)
 at java.io.FileOutputStream.<init>(FileOutputStream.java:145)
 at weblogic.utils.FileUtils.writeToFile(FileUtils.java:115)
 at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.copy(DataUpdate.java:265)
 at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.copyOrExtractTo(DataUpdate.java:202)
 at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.updateLocalData(DataUpdate.java:168)
 at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.doUpdate(DataUpdate.java:299)
 at weblogic.deploy.internal.targetserver.datamanagement.ConfigDataUpdate.doUpdate(ConfigDataUpdate.java:102)
 at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.update(DataUpdate.java:72)
 at weblogic.deploy.internal.targetserver.datamanagement.Data.commitDataUpdate(Data.java:118)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.updateFiles(RuntimeAccessDeploymentReceiverService.java:880)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.handleRegistrationResponse(RuntimeAccessDeploymentReceiverService.java:728)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.registerHandler(RuntimeAccessDeploymentReceiverService.java:699)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.start(RuntimeAccessDeploymentReceiverService.java:169)
 at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:462)
 at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:167)
 at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:881)
 at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:568)
 at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:469)
 at weblogic.Server.main(Server.java:71)
>



The issue is that a MS tried to get the latest configuration files from the Admin at startup. See "Error Starting WebLogic Server: BEA-141196: The managed server could not update the configuration files during the registration with the deployment service (Doc ID 1461960.1)". in My Oracle Support.

You can either make that configuration file WRITEABLE, or shut down the Admin and make sure that the MS has already the latest configuration.

Huge surge of audience from Russia

December 29, 2016, 8:09 am
$
0
0
This week visits to this blog: 


United States 2089 
Russia 1880


1) either the Russians are investing into Java, 2) or we have a massive web crawling operation from Russia 3) or someone is massively spoofing Russian IPs, maybe to blame later Putin for something naughty about to happen.

I am more inclined to believe in number 3)

It's curious that the same happened with Ukraine 1-2 years ago, in the period when NATO staged the coup who later reduced Ukraine to utter misery, plundering of resources, killing of journalist and opponents and massive unemployment.

God only knows what's going on. God and CIA.

Poor man's version of FindClasses

December 30, 2016, 8:52 am
$
0
0
We already spoke here on how to find a class in an ocean of JAR files.

Here is a brutally simple utility to write all the JAR contents to a file: 



import java.io.BufferedWriter;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;

public class FindClasses {
 static boolean DEBUG = true;
 static String rootFolder = "C:\\Apps\\Pippo\\";
 static List<File> jarFiles = new ArrayList<File>();
 public static void main(String[] args) throws Throwable {
  Path outputFilePath = Paths.get("allfilesPippo.out");
  BufferedWriter writer = Files.newBufferedWriter(outputFilePath);
  File rootFolderDir = new File(rootFolder);
  scan(rootFolderDir);
  System.out.println("END SCAN");
  if (DEBUG) {
   for (File jar : jarFiles) {
    System.out.println(jar.getAbsolutePath());
   }
  }

  for (File jar : jarFiles) {
   writer.write("BEGIN JAR: " + jar.getAbsolutePath() + "\n");
   ZipFile zipFile = new ZipFile(jar);
   Enumeration<? extends ZipEntry> entries = zipFile.entries();
   while (entries.hasMoreElements()) {
    ZipEntry entry = entries.nextElement();
    writer.write(entry.getName() + "\n");
   }

   zipFile.close();
   writer.write("END JAR: " + jar.getAbsolutePath() + "\n\n");
  }
  writer.close();
 }
 private static void scan(File folderToScan) {
  if (DEBUG)
   System.out.println("scanning " + folderToScan.getAbsolutePath());
  for (File file : folderToScan.listFiles()) {
   if (file.isDirectory()) {
    scan(file);
   } else {
    if (file.getName().toLowerCase().endsWith(".jar")) {
     jarFiles.add(file);
    }
   }
  }
 }
}



Oracle Cloud

December 31, 2016, 2:57 am
$
0
0
Awesome presentation by Larry Ellison here:



WebLogic: all MS in a cluster hang while starting up.... weblogic.cluster.MemberManager.getJNDIStateDump issue

January 2, 2017, 7:10 am
$
0
0
in the thread dump of both MS I see several blocked threads:

weblogic.cluster.MemberManager.getRemoteMembers
weblogic.iiop.ClusterServices.getMembers
weblogic.cluster.ClusterRuntime.clusterMembersChanged
weblogic.cluster.MemberManager.findOrCreate
plus some 150 DynamicJSSEListenThread threads....
In particular all BLOCKED threads are waiting for lock 0x000000060276f168 who is held by this getJNDIStateDump: 


"[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'" daemon prio=10 tid=0x00007f6a800024c0 nid=0x74bd runnable [0x00007f6b1f7e6000]
   java.lang.Thread.State: RUNNABLE
               at java.net.SocketInputStream.socketRead0(Native Method)
               at java.net.SocketInputStream.read(SocketInputStream.java:152)
               at java.net.SocketInputStream.read(SocketInputStream.java:122)
               at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
               at sun.security.ssl.InputRecord.read(InputRecord.java:480)
               at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
               - locked <0x000000060bcf5160> (a java.lang.Object)
               at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:903)
               at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
               - locked <0x000000060bd2a9b0> (a sun.security.ssl.AppInputStream)
               at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
               at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
               at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
               - locked <0x000000060bd2a988> (a java.io.BufferedInputStream)
               at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:690)
               at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
               at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1325)
               - locked <0x000000060c29d3c8> (a sun.net.www.protocol.https.DelegateHttpsURLConnection)
               at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
               - locked <0x000000060c29d4a8> (a sun.net.www.protocol.https.HttpsURLConnectionImpl)
               at weblogic.cluster.MemberManager.getJNDIStateDump(MemberManager.java:244)
               at weblogic.cluster.MemberManager.waitForSync(MemberManager.java:222)
               at weblogic.cluster.MemberManager.waitToSyncWithCurrentMembers(MemberManager.java:182)
               - locked <0x000000060276f168> (a weblogic.cluster.MemberManager)
               at weblogic.cluster.InboundService.start(InboundService.java:52)
               at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:78)
               at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
               at java.lang.reflect.Method.invoke(Method.java:606)
               at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1017)
               at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:388)
               at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:430)
               at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
               at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
               at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
               at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
               at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
               - locked <0x000000060acd0028> (a java.lang.Object)
               at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
               at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1162)
               at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1147)
               at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:553)
               at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
               at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)




It turned out that the SAME domain was running before on a different set of servers, and while migrating them the operator forgot to shut down the previous instances. How this could interfere with the current domain, it's still a mystery

Search

Poor man's wget for Windows

January 10, 2017, 10:42 am
$
0
0
Windows not only is an awfully stinking mastodon, but it even lacks the most basic tools commonly available on Linux, such as telnet and wget.

I have found a bare bones wget implementation for Java and duly simplified (I love to strip away all useless exception handling) 


import java.io.InputStream;
import java.io.DataInputStream;
import java.io.BufferedInputStream;
import java.net.*;

public class JGet {
    public static void main(String[] args) throws Exception {
        if ((args.length != 1)) {
           System.err.println("\nUsage: java JGet [urlToGet]");
           System.exit(1);
        }
        String url = args[0];
        URL u;
        InputStream is = null;
        DataInputStream dis;
        String s;
        try {
           u = new URL(url);
           is = u.openStream();
           dis = new DataInputStream(new BufferedInputStream(is));
           while ((s = dis.readLine()) != null) {
               System.out.println(s);
           }
        } finally {
           is.close();
        }
    }
}


All the credits to Alexander.

javax.net.ssl.SSLHandshakeException: null cert chain

January 20, 2017, 11:20 am
$
0
0
Some HtTP 500 was being generated in a webapp.
by enabling these flags 

-Djavax.net.debug=ssl:handshake
-Dssl.debug=true
-Dweblogic.log.StdoutSeverity=Debug
-Dweblogic.StdoutDebugEnabled=true
-Dwls.debug.https=true


we discovered this error: 


weblogic.socket.Muxer']]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NEED_TASK
bytesConsumed = 12 bytesProduced = 0.> 
*** Certificate chain
***
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', SEND TLSv1 ALERT:  fatal, description = bad_certificate
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', WRITE: TLSv1 Alert, length = 2
ExecuteThread: '1' for queue: 'weblogic.socket.Muxer', fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain





<Jan 18, 2017 4:39:09 PM CET> <Debug> <SecuritySSL> <BEA-000000> <[Thread[ExecuteThread: '1' for queue: 'weblogic.socket.Muxer',5,Thread Group for Queue: 'weblogic.socket.Muxer']]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.wrap(ByteBuffer,ByteBuffer).
javax.net.ssl.SSLHandshakeException: null cert chain
               at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1227)
               at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:489)
               at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1165)
               at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1137)
               at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:450)
               at weblogic.security.SSL.jsseadapter.JaSSLEngine$1.run(JaSSLEngine.java:68)
               at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
               at weblogic.security.SSL.jsseadapter.JaSSLEngine.wrap(JaSSLEngine.java:66)
               at weblogic.socket.JSSEFilterImpl.wrapAndWrite(JSSEFilterImpl.java:625)
               at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:93)
               at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:66)
               at weblogic.socket.JSSEFilterImpl.isMessageComplete(JSSEFilterImpl.java:288)
               at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:955)
               at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:897)
               at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:130)
               at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
               at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
               at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
               at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
Caused By: javax.net.ssl.SSLHandshakeException: null cert chain
               at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:172)
               at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1599)
               at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:269)
               at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:257)
               at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1512)
               at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:212)
               at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:817)
               at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:757)
               at java.security.AccessController.doPrivileged(Native Method)
               at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1164)
               at weblogic.socket.JSSEFilterImpl.doTasks(JSSEFilterImpl.java:191)
               at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:97)
               at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:66)
               at weblogic.socket.JSSEFilterImpl.isMessageComplete(JSSEFilterImpl.java:288)
               at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:955)
               at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:897)
               at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:130)
               at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
               at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
               at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
               at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)



Examining WebLogic config.xml we notice that 

<ssl>
<client-certificate-enforced>false</client-certificate-enforced>
<listen-port>32008</listen-port>
<two-way-ssl-enabled>true</two-way-ssl-enabled>
</ssl>
and this also appears in the logs: 

<Jan 20, 2017 3:07:23 PM CET> <Debug> <SecuritySSL> <BEA-000000> <[Thread[DynamicJSSEListenThread[DefaultSecure],9,WebLogicServer]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setNeedClientAuth(boolean): value=true.>

Setting the client-certificate-enforced to true fixed the issue.

SnoopServlet

February 4, 2017, 5:18 am
$
0
0
Create a Dynamic Web project "SnoopServlet"

This is the web.xml: 



<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>SnoopServlet</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<description></description>
<display-name>MySnoopServlet</display-name>
<servlet-name>MySnoopServlet</servlet-name>
<servlet-class>MySnoopServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MySnoopServlet</servlet-name>
<url-pattern>/MySnoopServlet</url-pattern>
</servlet-mapping>
</web-app>


This is the weblogic.xml: 


<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.9/weblogic-web-app.xsd">
<wls:weblogic-version>12.2.1.2</wls:weblogic-version>
<wls:context-root>SnoopServlet</wls:context-root>
</wls:weblogic-web-app>




import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

@SuppressWarnings("serial")
public class MySnoopServlet extends HttpServlet
{
    public int mycount = 0;
    public MySnoopServlet()
    {
    }

    public void destroy()
    {
    }

    public void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException
    {
     mycount+=1;
        HttpSession session;
        PrintWriter out;
        response.setContentType("text/html");
        session = request.getSession();
        out = response.getWriter();
        try {
         out.println("<html>");
         out.println("<head><title>SnoopServlet</title></head>");
         out.println("<body text='#ffffff' bgcolor='#666699' link='#ffffff' vlink='#ffffff' alink='#ffffff'>");
         out.println("<p>The servlet has received a GET. This is the reply.</p>");
         out.flush();
         out.print("<p>Request");
         out.print("<br>Principal = " + request.getUserPrincipal());
         out.print("<br>URL = " + request.getRequestURL().toString());
         out.print("<br>AuthType = " + request.getAuthType());
         out.print("<br>RemoteUser = " + request.getRemoteUser());
         out.print("<br>ServerName = " + System.getProperty("weblogic.Name"));
         out.print("<br>SessionID = " + session.getId());
         out.println("<br><hr> <br>");
         Enumeration enum1 = request.getHeaderNames();
         out.print("<p>Header");
         String item;
         for(; enum1.hasMoreElements(); out.print("<br>" + item + "=" + request.getHeader(item)))
             item = (String)enum1.nextElement();

         out.flush();
         out.println("<br><hr> <br>");
         out.print("<p>Attributes");
         for(enum1 = request.getAttributeNames(); enum1.hasMoreElements(); out.print("<br>" + item + "=" + request.getAttribute(item)))
             item = (String)enum1.nextElement();

         out.flush();
         out.println("<br><hr> <br>");
         out.print("<p>Parameters");
         for(enum1 = request.getParameterNames(); enum1.hasMoreElements(); out.print("<br>" + item + "=" + request.getParameter(item)))
             item = (String)enum1.nextElement();

         out.println("<br><hr> <br>");
         out.flush();
       }
       catch (Throwable th) {
        out.print("<pre>");
        th.printStackTrace();
        th.printStackTrace(out);
        out.print("</pre>");
      }
      finally {
        out.println("</body></html>");
      }
        return;
    }

    public void init()
        throws ServletException
    {
    }


}




http://localhost:7001/SnoopServlet/MySnoopServlet?pippo=pluto 


The servlet has received a GET. This is the reply.

Request
Principal = null
URL = http://192.168.56.1:7001/SnoopServlet/MySnoopServlet
AuthType = null
RemoteUser = null
ServerName = AdminServer
SessionID = MHcJQYLAVotakdRTZ2rAwUj_sRjWlQ3Bui-_d50iyOJwAwNJW6B2!837838669!1486213972672

Header
Host=192.168.56.1:7001
User-Agent=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate
Cookie=JSESSIONID=MowJK_Z1Wj2l48jsHZqf21DItW3tklujnqPmzh6Uj9vnI9CEtDfX!-1767948456
Connection=keep-alive
Upgrade-Insecure-Requests=1

Attributes

Parameters
pippo=pluto

The JSP can be found in $WL_HOME/samples/server/examples/src/examples/security/sslclient/src/main/webapp/SnoopServlet.jsp 


<!-- Copyright (c) 1999,2015, Oracle and/or its affiliates. All Rights Reserved.-->
<%@ page import="java.util.Enumeration,
      java.io.PrintWriter"%>

<%!
   /**
  * <p>This helper method can be used to help prevent Cross Site Scripting
  * vulnerabilities. Any Servlet or JSP which sends user input (eg.
  * query parameters in HTTP requests) to be rendered into a user's browser
  * needs to use this method to encode the user input.  This ensures that any
  * HTML in their input (either malicious or otherwise) is not executed by
  * the browser.  This is achieved by converting characters to their HTML
  * escaped form.  For example, '&' is converted to '&amp;amp;'.
  * <p>
  * A full description of Cross Site Scripting (XSS) vulnerabilities can
  * be found at
  * <a href="http://www.cert.org/tech_tips/malicious_code_mitigation.html">
  * http://www.cert.org/tech_tips/malicious_code_mitigation.html</a>.
  *
  * @param str
  */
  public String encodeXSS(String str) {
   return weblogic.servlet.security.Utils.encodeXSS(str);
  }
%>

<%
 try {
%>
<p>
    This servlet returns information about the HTTP request
    itself. You can modify this servlet to take this information
    and store it elsewhere for your HTTP server records. This
    servlet is also useful for debugging.
</p>
<h3>
   Servlet Spec Version Implemented
</h3>
<pre>
<%= getServletConfig().getServletContext().getMajorVersion() + "." + getServletConfig().getServletContext().getMinorVersion() %>
</pre>
<h3>
   Requested URL
</h3>
<pre>
<%= request.getRequestURL().toString() %>
</pre>
<h3>
   Request parameters
</h3>
<pre>
<%

   Enumeration enum_ = request.getParameterNames();
   while(enum_.hasMoreElements()){
     String key = (String)enum_.nextElement();
     String[] paramValues = request.getParameterValues(key);
     for(int i=0;i < paramValues.length;i++){
         out.println(key + " : "  + encodeXSS(paramValues[i]));
     }
   }

%>
</pre>
<h3>
   Request information
</h3>
<pre>
   Request Method: <%= request.getMethod() %>
   Request URI: <%= request.getRequestURI() %>
   Request Protocol: <%= request.getProtocol() %>
   Servlet Path: <%= request.getServletPath() %>
   Path Info: <%= request.getPathInfo() %>
   Path Translated: <%= request.getPathTranslated() %>
   Query String: <%= encodeXSS(request.getQueryString()) %>
   Content Length: <%= request.getContentLength() %>
   Content Type: <%= request.getContentType() %>
   Server Name: <%= request.getServerName() %>
   Server Port: <%= request.getServerPort() %>
   Remote User: <%= request.getRemoteUser() %>
   Remote Address: <%= request.getRemoteAddr() %>
   Remote Host: <%= request.getRemoteHost() %>
   Authorization Scheme: <%= request.getAuthType() %>
</pre>
<h3>Certificate Information</h3>
<pre>
<%
   java.security.cert.X509Certificate certs [];
   certs = (java.security.cert.X509Certificate [])
   request.getAttribute("javax.servlet.request.X509Certificate");
   if ((certs != null) && (certs.length > 0)) {
%>
    Subject Name : <%= certs[0].getSubjectDN().getName() %> <br>
    Issuer Name :<%= certs[0].getIssuerDN().getName() %> <br>
    Certificate Chain Length : <%= certs.length %> <br>
<%

      // List the Certificate chain
      for (int i=0; i<certs.length;i++) {
%>  Certificate[<%= i %>] : <%= certs[i].toString() %>

<%
    } // end of for loop

   }
   else // certs==null
    {
%>
    Not using SSL or client certificate not required.
<%
    } // end of else
%>
</pre>
<h3>
   Request headers
</h3>
<pre>
<%
   enum_ = request.getHeaderNames();
   while (enum_.hasMoreElements()) {
    String name = (String)enum_.nextElement();
    out.println(name + ": " +encodeXSS(request.getHeader(name)));
   }
%>
</pre>
</td>
</tr>
<%
 }
 catch (Exception ex) {
  ex.printStackTrace(new PrintWriter(out));
 }
%>


http://localhost:7001/SnoopServlet/SnoopServlet.jsp

Eclipse M2_REPO

February 4, 2017, 11:49 am
$
0
0
In Eclipse, if you go to Window/Preferences , Java/Build Path/Classpath Variable , there you see M2_REPO as "not modifiable".
to change it, you should to to Window/Preferences/ Maven / User Settings and point to the location of your settings.xml where you have defined localRepository to the value D:\pierre\.m2\repository (for example).

MAVEN = Mad Aberrant Vituperative Endless Nonsense

See also:
https://www.mkyong.com/maven/how-to-configure-m2_repo-variable-in-eclipse-ide/
https://www.mkyong.com/maven/maven-m2_repo-is-non-modifiable/

Cool ReactJS introduction

February 4, 2017, 12:21 pm
$
0
0


The guy on the right is really good - however I was surprised, the need for separation between Model and View has been evident for half a century, it should not be matter of a dissertation.

Code is available here https://github.com/AlwaysBCoding/Episodes/tree/master/simplereact

Anyway, I keep thinking that coding large projects in JS is madness. Totally unrefactorable, very hard to debug.

Great Spring basic introduction (part 1)

February 10, 2017, 9:34 am

make logger.debug() obsolete

February 10, 2017, 4:06 pm
$
0
0
IMHO logging is the weakest point in application development, the Cinderella of IT.
Most people don't log enough information to enable effective troubleshooting, the context is lost, changing logging level in PROD is hell, if you enable debug level you end up being flooded with unwanted info, most of the time operators don't even have instructions on how to do it.
Besides one is interested in knowing what happened immediately before an error occurred, so one should always have like a Flight Recorder with some history preceding the error and ready to be dumped when this happens.
Also, frameworks like ByteBuddy or Btrace or AOP products allows you to dynamically define loggers... logging is a cross-cutting concern, it should not be interspersed in the business code cluttering it. Just define what to log in a separate module - configuration and convention over code.
Here at OverOps they seem to bring some value:

https://www.overops.com/java-monitoring

watch the short video:


Search

Great Spring basic introduction part 2

February 10, 2017, 11:43 pm
$
0
0
part 10

part 11


part 12

part 13

part 14

part 15

part 16

part 17

part 18

part 19

part 20

part 21

part 22

part 23

part 24

Spring AOP videos by JavaBrains

February 12, 2017, 9:08 am

Spring JDBC tutorial by JavaBrains

February 12, 2017, 12:44 pm

JDB is your friend

February 17, 2017, 6:49 pm
$
0
0
We had recently an issue with an XML parser failing to parse a temporary file that was immediately deleted after.
How to stop execution before the file gets deleted?
I am using jdb http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jdb.html and I have created a simple test case

Start WebLogic with 

set JAVA_OPTIONS=-agentlib:jdwp=transport=dt_shmem,address=jdbconn,server=y,suspend=n %JAVA_OPTIONS%

I deploy a small webapp with:

class com.pierre.MyCounter 


package com.pierre;
public class MyCounter {
       static int count = 0;
       public static String getCountAsString() {
             return String.valueOf(count++);
       }
}


<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<%@ page import="com.pierre.*"  %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here bla</title>
</head>
<body>
The count is:
<%
       out.write(MyCounter.getCountAsString());
%>

<br/>
I hope you are happy.

</body>
</html>



web.xml 


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<display-name>testjdb</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>


Then run from a command line : 
jdb -attach jdbconn


run your case once to make sure the MyCounter class has already been loaded, then run

classes

to check if the MyCounter is there, then run this to set a breakpoint:

stop at com.pierre.MyCounter:6

next time you run the jsp, the breakpoint is hit and execution stops

Chrome NET::ERR_CERT_REVOKED for a revoked certificate

February 17, 2017, 11:34 pm
$
0
0
connecting Chrome to a local development WebLogic that was using a WebServer certificate that was revoked in the CRL list, I got this message:

Your connection is not private Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_REVOKED Automatically report details of possible security incidents to Google. Privacy policy ReloadHide advanced localhost normally uses encryption to protect your information. When Google Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged. You cannot visit localhost right now because this certificate has been revoked. Network errors and attacks are usually temporary, so this page will probably work later.

Once I started Chrome with "chrome.exe --ignore-certificate-errors" the connection is accepted, I just get a warning "you are using an unsupported command-line flag: --ignore-certificate-errors. Stability and security will suffer "

Viewing all 1124 articles
Browse latest View live
Search