Tuesday, November 6, 2012

Solved - Windows cannot access samba shares after linux upgrade

I encounter this issue after apt-get upgrade / dist-upgrade in Debian. It is solved now.
The cause was a change in samba between versions 3.3.2 and 3.4.0.

Monday, June 25, 2012

SQL Import problems with Sample Data Package for Magento 1.6.1.0

If you download the Sample Data Package for Magento 1.6.1.0 and use a MySQL server is less than 5.1, it can be when importing the SQL script come to the following SQL error:

niskia:/xxx1# mysql -u magento1 -pXXXXX --database=magento1 < magento_sample_data_for_1.6.1.0.sql
ERROR 1064 (42000) at line 8354: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USING BTREE, KEY `FK_TAG_FIRST_CUSTOMER_ID_CUSTOMER_ENTITY_ENTITY_ID` (`first_' at line 7


To go beyond this, you have 2 options - to manually fix the error in SQL file, OR to download patched file.

Thursday, June 21, 2012

Error "failed to get a socket for (null)" after upgrading apache httpd

The symptom: After an regular Debian update, when I tried to start apache, it show me this error:

(22)Invalid argument: alloc_listener: failed to get a socket for (null)
...
Syntax error on line xx of /etc/apache2/ports.conf:

The line was
Listen 80

Wednesday, June 20, 2012

Status on verification of signed file


Digital Signature Status Values
StatusDescription
ValidThe signed data and the attached signature data have not been changed since the data was signed. The signature verification operation was successful.
InvalidThe signed data or the attached signature data has been tampered with.
ErrorThe data contained in the Signature element or the signature template itself is malformed, or some other error occurred during verification. In other words, the signature is cryptographically valid, but either it does not conform to the XML Signature standard, or it contains data in a format that InfoPath does not support.
RevokedThe digital certificate used to sign the data has been revoked.
Not TrustedThe digital certificate used to sign the data is not trusted, because no chain of trust can be identified.
ExpiredThe digital certificate used to sign the data is expired.



Counter-signatures and signing a file with multiple certificates

Counter-signing is the action of signing data that includes another signature. Counter-signing requires that signatures have a precise sequence in which they can be deletedwithout invalidating the other signatures. Adding the first signature to a set of data signs the data itself. Adding a second signature does not sign the data in the form, but instead signs the first signature. Each additional counter-signature signs the previous signature. If the signed data itself is tampered with, only the first signature in the list becomes invalid; the status of the rest of the counter-signatures remains unchanged. If the data stored with a particular signature (in the Signature element) is tampered with, such as the comments or nonrepudiation information for that signature, then that signature and the following signature become invalid. For a specific set of signable data, only the last signature in the list can be deleted without affecting any of the others. For a set of signable data configured for counter-signatures, no other signatures can be added after a signature with the status other thanValid. That signature must be deleted before additional counter-signatures can be added.

When you enable digital signatures for an entire form, the form users must enter all the data they require before they sign the form. After the first signature is added, all controls in the form and the form's XML Document Object Model (DOM) become read-only, and the text [Signed] appears in the title bar. Other users who open the form cannot enter data; they can only add, remove, or verify counter-signatures.

Tuesday, June 19, 2012

Searching in default maven repository

http://repo1.maven.org/maven2/ is the default repository for Maven 2 & 3, but many times it is hard to find the project artifactId, groupId and version in it.
In this case I recommend to manually search for it in http://search.maven.org/

Monday, June 11, 2012

log4j in maven project

Adding support for log4j is realized via maven dependency. You have to edit pom.xml file, and add these lines:

Thursday, May 3, 2012

Catching database resources leaks with Tomcat - howto

This it a solution of "Cannot get a connection, pool error Timeout waiting for idle object" error message. It guides how to find your resource leak.

1. Add the red properties to your context.xml in this way:
  <Resource name="jdbc/MyAppDS" auth="Container" type="javax.sql.DataSource"
            maxActive="10" maxIdle="10" maxWait="10000" defaultAutoCommit="false"
            username="user_dev" password="passssss" driverClassName="com.mysql.jdbc.Driver"
            removeAbandoned="true" removeAbandonedTimeout="25" logAbandoned="true"
            url="jdbc:mysql://my-mysqlserver.com:3306/databasename_dev?autoReconnect=true&amp;characterEncoding=UTF-8"/>

2. Reproduce your problem to full the active connection. In the above configuration, I have limited them to 10, to reproduce the problem sooner.

3. Watch the stdout output for log of the abandoned connection. It is something like this:
org.apache.tomcat.dbcp.dbcp.AbandonedTrace$AbandonedObjectException: DBCP object created 2012-05-03 15:51:35 by the following code was never closed:
    at org.apache.tomcat.dbcp.dbcp.AbandonedTrace.setStackTrace(AbandonedTrace.java:139)
    at org.apache.tomcat.dbcp.dbcp.AbandonedObjectPool.borrowObject(AbandonedObjectPool.java:81)
    at org.apache.tomcat.dbcp.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:106)
    at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044)
    at com.yourcompany.getDataSource(XXX.java:55)
...
Caused by: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object
        at org.apache.tomcat.dbcp.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:104)
        at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880)           

        ... 19 more
Caused by: java.util.NoSuchElementException: Timeout waiting for idle object
        at org.apache.tomcat.dbcp.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:825)
        at org.apache.tomcat.dbcp.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:96)
        ... 23 more

3.1 If you do not have stdout.log file in Windows, check the link.
4. Correct the XXX.java file as you close the resource after its usage. It could not be easier!

Get console output in Tomcat

You need stdout.log & stderr.log in Tomcat in Windows? Here is a guide how to get it.

1. If you use Apache as Windows service, the default behavior is the files to be created and filled. It it is not so, rightclick on taskbar service icon -> Configure -> Logging tab and check the values of 2 redirect dropdowns. They must be set to auto. The files are placed in %CATALINA_HOME%/logs folder.

2. If you use Tomcat not as windows service. I could not find the way of doing this. I redirected the output of the calling java in catalina.bat file but with no success. If you find a way of doing this, please post a comment below.

Sunday, April 1, 2012

MS Dr Watson and disk usage

I have file drwtsn32.log with size 6GB, located in directory:C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson
It is save to delete this file.

Here is little trick for avoid such long file. Select Start, All Programs, Accessories, System Tools, System
Information, Tools, Dr Watson and verify that the box before "Append to
existing log" is NOT checked. This means the next time the log is
written it will overwrite rather than add to the existing file.

Wednesday, March 28, 2012

Client authentication with SSL certificates in Jetty in maven

Here is an example pom.xml fragment:

  <build>
    <plugins>
        <plugin>
            <groupId>org.mortbay.jetty</groupId>
            <artifactId>maven-jetty-plugin</artifactId>
            <configuration>
                <contextPath>/mycontext</contextPath>
                <scanIntervalSeconds>5</scanIntervalSeconds>
                <connectors>
                    <!--connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
                        <port>8080</port>
                        <maxIdleTime>60000</maxIdleTime>
                    </connector-->
                    <connector implementation="org.mortbay.jetty.security.SslSocketConnector">
                        <port>8443</port>
                        <maxIdleTime>60000</maxIdleTime>
                        <keystore>${project.basedir}/src/main/certificates/server1.jks</keystore>
                        <password>pass</password>
                        <keyPassword>pass</keyPassword>
                        <wantClientAuth>true</wantClientAuth><!-- deprecated! -->
                        <needClientAuth>false</needClientAuth><!-- deprecated! -->
                        <!-- http://stackoverflow.com/questions/8816874/avoid-use-of-deprecated-methods-in-org-eclipse-jetty-server-ssl-sslsocketconnect -->
                    </connector>
                </connectors>
            </configuration>
        </plugin>
    </plugins>
  </build>

Client authentication with SSL certificates in Tomcat

Place something like this in server.xml file:

      <Connector port="8443" 

           protocol="HTTP/1.1" 
           SSLEnabled="true"
           maxThreads="150" 

           scheme="https" 
           secure="true"
           sslProtocol="TLS"
           keystorePass="pass"
           keystoreFile="/data/miteff/someserver/server1.jks"
           truststoreFile="/data/miteff/eshop/MiteffRootCa.jks"
           truststorePass="pass"
           keyAlias="www.miteff.com"
           clientAuth="want"
           SSLVerifyClient="optional"
           SSLCACertificateFile="/data/miteff/someserver/MiteffRootCA.pem"
       />


Attention: clientAuth parameter, in Tomcat 6.0 can get value "want", so it accepts connections with and wothout certificates. The application could decide what to do with the two types of clients internally. Take attention Tomcat 6.0 COULD NOT understand option clientAuth="optional". I suppose it was valid sometime, but now it is not.

Tuesday, March 27, 2012

Checking certificate validity via CRL with openssl


openssl verify -crl_check -CAfile miteff-root-ca-c.crt -untrusted signer-ca-c3-chain.crt https-miteff.com.chain.crt

Thursday, March 22, 2012

maven webapp archetype


mvn archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-webapp -DarchetypeArtifactId=maven-archetype-webapp

Wednesday, March 21, 2012

Test your bugfix skills

Here is a bug. Find it:

        BufferedReader reader = request.getReader();
        StringBuilder requestSB = new StringBuilder();
        String requestStr;
        String line;
       
        while ((line = reader.readLine()) != null) {
          requestSB.append( line );
          requestSB.append( '\n' );
        }
        requestStr = requestSB.toString();


In which situations this bug appears?

Getting HTTPS SSL certificates from HttpRequest in Java

Such an easy solution:

java.security.cert.X509Certificate cert[] =
(java.security.cert.X509Certificate[]) httpServletRequest.getAttribute
("javax.servlet.request.X509Certificate");


The result is the whole certificate chain.

The client could or could not send its certificate. A client certificate can be send in SSL version 3 and in TLS. You have to set an option to the web application server to want ant to accept client certificates. In jetty, the option is named wantClientAuth. Later I will extend the article with the name for Tomcat.

Monday, March 19, 2012

Adding external jar libraries to maven project

You have to add something like this in your pom.xml:
    <dependency>
        <groupId>com.xxx.yyy.messages</groupId>
        <artifactId>xxxyyyMessages2</artifactId>
        <version>2.0-SNAPSHOT</version>
        <scope>system</scope>
        <systemPath>${project.basedir}/../xxxyyyMessages2/target/xxxyyyMessages2-2.0-SNAPSHOT.jar</systemPath>
    </dependency>

Tuesday, March 13, 2012

Starting a java application with debug logs for SUN packages

First check which is the define for enabling debug for package you want to get logs from. This is an example for java.security (and some related packages to it):

java -Djava.security.debug=certpath ApplicationFromMiteffDotCom

Monday, March 12, 2012

Making jar with dependency jars incorporated with maven

I want to start my program from the clear console. Here is the code, which has to be placed in pom.xml:

Redirecting output in MS DOS

I need to redirect the error output to file also. This can be done with

command > certpath.txt 2>&1


For example:

java -Djava.security.debug=certpath -jar target\xxx-2.0-SNAPSHOT-jar-with-dependencies.jar > certpath.txt 2>&1

Friday, March 9, 2012

Checking certificate validity via OCSP with OpenSSL

The certificate have to had a OCSP definition.


openssl
OpenSSL>
OpenSSL> ocsp -issuer G:\temp\1\XXXRootCA.pem -cert G:\temp\1\XXXRootCA.pem -CAfile G:\temp\1\XXXRootCA.pem -url http://ocsp.myserver.com:80 -text


Note: add full path to the files

Debugging classes without sources

I have to debug some classes, which are not provided with source code in NetBeans.

I have to choose from these options:
1. Switch to Eclipse and use JD-Eclipse. Many people indicates that they use it without problems.
2. Decompile the sources and add them to IDE. In this case we have to an another problem - line numbers. From Java bytecode, IDE knows the lines, where the operations are placed in source code. If lines mismatch, the debugger jumps to wrong numbers - fail.

Sunday, March 4, 2012

Multiple vhosts with apache httpd

There are two major questions about that:
1. May an apache site has multiple https virtual hosts?
2. May an apache site has different certificates for different virtual hosts.

Answers:

Monday, February 27, 2012

Working with resources (.properties files)

An example:

import java.util.ResourceBundle;

public class Properties {
private static ResourceBundle properties = ResourceBundle.getBundle("SMSComServer");
public static ResourceBundle getPropertyFileRef(){ return properties;}

public final static int WEB_SERVER_PORT = Integer.parseInt(properties.getString("server.web.port"));
}


Attention: Statically loading resources is not the best practice, because for reloading resources the whole application has to be restarted.

Tuesday, January 31, 2012

java.lang.OutOfMemoryError: PermGen space - Cause and Solution

The error was (in maven):
java.lang.OutOfMemoryError: PermGen space

Solution:
If you build with maven:
MAVEN_OPTS="-Xms512m -Xmx768m -XX:PermSize=256m -XX:MaxPermSize=512m"
AND
JAVA_OPTS="-Xms512m -Xmx768m"

If you use other tools, check their OPTS configuration - may be there is analogue.

searching in linux command history

This is a great trick for everyone who uses linux console a lot.

1. Ctrl+R in console
2. Enter search string
3. OS suggests you a line from command history
4. If you want an older command with same search string, just hit Ctrl+R.
5. that's all folks

Monday, January 23, 2012

EJBCA with jboss

EJBCA 4.07 supports jBoss version 5.1 but not jboss 6.0 or jboss 7.0. I checked with jboss web profile and with full version too.

The error message is in ant command

ant bootstrap

The error was:

"package javax.ejb does not exist"


So how i resolved it? I returned to jboss 5.1. :(

Thursday, January 5, 2012

Optimizing queries with EXPLAIN

The explain command gives information about indexes which are used for the query, so you could check, whether it is optimized as you expected.

SQL trees filtration

This article solves remove-matching-children problem and avoid recursion.

Tuesday, January 3, 2012

Problem with WebDAV folders in debian linux

Here is my problem:

When I try to copy some files / folders to webdav folder, I get an error in Windows XP and this log in my Linux box:

[Tue Jan 03 13:49:35 2012] [error] [client 123.123.123.123] File does not exist: /the/webdav/folder/some-file.JPG
[Tue Jan 03 13:49:35 2012] [error] [client 123.123.123.123] The locks could not be queried for verification against a possible "If:" header. [500, #0]
[Tue Jan 03 13:49:35 2012] [error] [client 123.123.123.123] Could not open the lock database. [500, #400]
[Tue Jan 03 13:49:35 2012] [error] [client 123.123.123.123] (2)No such file or directory: Could not open property database. [500, #1]