Security is an important topic in Information Technology. When writing code related to security, you should be conscious and fully understand what are you doing. This topic is not a topic which you can code without knowing exactly what you do. You should be careful and not just blindly copy paste code you don’t understand. The system is relying to your code, to feel safe and secure :)

This article does not teach you to understand Java security. This is just a pointer to kickstart your research. I have some reference to good articles from Oracle which will help you to start figuring out.

  1. Certificates and Certificate Revocation Lists
  2. Java Cryptography Architecture
  3. Java PKI Programmer’s Guide

You can start your research to follow those links above according to its order. Happy learning!

First, we install the mysql connector jar using this command:

osgi:install -s wrap:mvn:mysql/mysql-connector-java/5.1.18
Bundle ID: 384

You can declare dataSource bean in your blueprint / spring configuration like this:

<bean id="dataSource" class="com.mysql.jdbc.jdbc2.optional.MysqlDataSource" >
    <property name="serverName" value="localhost" />
    <property name="databaseName" value="db_name" />
    <property name="port" value="3306" />
    <property name="user" value="username" />
    <property name="password" value="password" />

This article will show openssl parameters to generate CA certificate keypairs.
This command will generate private certificate “ca.key” under private folder, and public certificate “ca.crt” under certs folder.
In RedHat CentOS server, you can execute below command under /etc/pki/CA folder. [CA]# openssl req -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
Generating a 2048 bit RSA private key
writing new private key to 'private/ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:SG
State or Province Name (full name) []:Singapore
Locality Name (eg, city) [Default City]:Singapore
Organization Name (eg, company) [Default Company Ltd]:Example Ltd
Organizational Unit Name (eg, section) []:Certificate Authority
Common Name (eg, your name or your server's hostname) []
Email Address []

This is command to show remote branches:

$ git remote

$ git remote show origin's password:
* remote origin
  Fetch URL:
  Push  URL: user@example:/home/user/git/project.git
  HEAD branch: master
  Remote branches:
    develop                tracked
    feature/feature1       tracked
    master                 tracked
    release                tracked
  Local branches configured for 'git pull':
    develop                merges with remote develop
    feature/feature1       merges with remote feature/feature1
    master                 rebases onto remote master
    release                merges with remote release
  Local refs configured for 'git push':
    develop                pushes to develop                (up to date)
    feature/feature1       pushes to feature/feature1       (up to date)
    master                 pushes to master                 (up to date)
    release                pushes to release                (up to date)

This is command to checkout remote branch to local, and set the local branch to track remote branch:
git checkout --track origin/branchname

When default configuration does not exists (logback.groovy, logback-test.xml, logback.xml), LogBack will read system property to get the configuration file location:

java -Dlogback.configurationFile=/path/to/config.xml com.stefanauwyang.ApplicationClass


LogBack can be configured to automatically detect the change in configuration file:

<configuration scan="true" scanPeriod="30 seconds" >

Without the scanPeriod attribute, default period 60 seconds will be set automatically.

LogBack provides a servlet to check the LogBack logging status:


We can also print LogBack status to console by configuring this listener through Java code.

LoggerContext lc = (LoggerContext) LoggerFactory.getILoggerFactory(); 
StatusManager statusManager = lc.getStatusManager();
OnConsoleStatusListener onConsoleListener = new OnConsoleStatusListener();

… or from config file …

  <statusListener class="ch.qos.logback.core.status.OnConsoleStatusListener" />

It is often that we started a project in our local laptop, and we want this project secured in our server. I know, it may not possible to execute git clone command from server to clone the project from your local computer due to firewall or at that moment your laptop does not have public IP like your server does.

Before pushing the project to server, I assumed that we have created git repository in the server:

$ mkdir projectname.git
$ cd projectname.git
$ git init --bare

Or just:

$ git init --bare projectname.git

From our local, execute these command to push the git local repository to the server:

$ git remote add origin ssh://
$ git push origin master

Now we have our project safe in the server. We can safely continue our work in local laptop, we can clone to other laptop if required, and push the changes to server anytime we want.

When deploying our application in IBM WebSphere application server, sometimes there are some libraries which we are using in our application, get conflicted with the one being used by WebSphere.

Follow this instruction to configure WebSphere to load our application libraries first before it loads the WebSphere libraries.

1. Install the application in WebSphere

2. Once the application installed, go to this path:

Enterprise Applications > [ear application name] > Manage Modules > [war application name]

3. Set Class loader order to Classes loaded with parent class loader first

4. Start the application.

Our application will be started by loading application libraries first, before then it loads WebSphere libraries.

Most of the time, we don’t want to allow direct access to the port from outside our server.
We can configure this through iptables command.

In this example we want to configure port 8080 to be accessible from localhost only. These are the steps:
1. Execute this command to accept connection from localhost.

iptables -A INPUT -p tcp -s localhost --dport 8080 -j ACCEPT

2. Execute this command to drop any connection from other hosts.

iptables -A INPUT -p tcp --dport 8080 -j DROP

If we want to undo this changes, we can execute the same command by replacing -A with -D. From here we may reverse proxy our 8080 port using our apache http server.