Add these entries to the OpenJPA configuration:
<entry key=”openjpa.Log” value=”SQL=TRACE” />
<entry key=”openjpa.ConnectionFactoryProperties” value=”PrintParameters=true, PrettyPrint=true, PrettyPrintLineLength=80″ />
Category Archives: Technology
How to Learn Java Security
Security is an important topic in Information Technology. When writing code related to security, you should be conscious and fully understand what are you doing. This topic is not a topic which you can code without knowing exactly what you do. You should be careful and not just blindly copy paste code you don’t understand. The system is relying to your code, to feel safe and secure :)
This article does not teach you to understand Java security. This is just a pointer to kickstart your research. I have some reference to good articles from Oracle which will help you to start figuring out.
- Certificates and Certificate Revocation Lists
- Java Cryptography Architecture
- Java PKI Programmer’s Guide
You can start your research to follow those links above according to its order. Happy learning!
Install and use jar file in OSGI bundle (MySQL connector as example)
First, we install the mysql connector jar using this command:
osgi:install -s wrap:mvn:mysql/mysql-connector-java/5.1.18
Bundle ID: 384You can declare dataSource bean in your blueprint / spring configuration like this:
<bean id="dataSource" class="com.mysql.jdbc.jdbc2.optional.MysqlDataSource" > <property name="serverName" value="localhost" /> <property name="databaseName" value="db_name" /> <property name="port" value="3306" /> <property name="user" value="username" /> <property name="password" value="password" /> </bean>
Create your own CA certificate
This article will show openssl parameters to generate CA certificate keypairs.
This command will generate private certificate “ca.key” under private folder, and public certificate “ca.crt” under certs folder.
In RedHat CentOS server, you can execute below command under /etc/pki/CA folder.
root@server.example.com [CA]# openssl req -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650 Generating a 2048 bit RSA private key ..........................+++ ......................................................................................................................................................+++ writing new private key to 'private/ca.key' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:SG State or Province Name (full name) []:Singapore Locality Name (eg, city) [Default City]:Singapore Organization Name (eg, company) [Default Company Ltd]:Example Ltd Organizational Unit Name (eg, section) []:Certificate Authority Common Name (eg, your name or your server's hostname) []:example.com Email Address []:webmaster@example.com
Checkout branch from git server to local
This is command to show remote branches:
$ git remote
origin
$ git remote show origin
user@example.com's password:
* remote origin
Fetch URL: user@example.com:/home/user/git/project.git
Push URL: user@example:/home/user/git/project.git
HEAD branch: master
Remote branches:
develop tracked
feature/feature1 tracked
master tracked
release tracked
Local branches configured for 'git pull':
develop merges with remote develop
feature/feature1 merges with remote feature/feature1
master rebases onto remote master
release merges with remote release
Local refs configured for 'git push':
develop pushes to develop (up to date)
feature/feature1 pushes to feature/feature1 (up to date)
master pushes to master (up to date)
release pushes to release (up to date)
This is command to checkout remote branch to local, and set the local branch to track remote branch:
git checkout --track origin/branchname
MySQL Data Source configuration in WebSphere
These are the steps to configure MySQL Data Source in IBM WebSphere:
1. Create JAAS (J2C authentication data) Credential
2. Create MySQL JDBC Provider
3. Create MySQL Data Source
Configuring LogBack
When default configuration does not exists (logback.groovy, logback-test.xml, logback.xml), LogBack will read system property to get the configuration file location:
java -Dlogback.configurationFile=/path/to/config.xml com.stefanauwyang.ApplicationClass
LogBack can be configured to automatically detect the change in configuration file:
<configuration scan="true" scanPeriod="30 seconds" >
...
</configuration>Without the scanPeriod attribute, default period 60 seconds will be set automatically.
LogBack provides a servlet to check the LogBack logging status:
<servlet>
<servlet-name>ViewStatusMessages</servlet-name>
<servlet-class>ch.qos.logback.classic.ViewStatusMessagesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ViewStatusMessages</servlet-name>
<url-pattern>/lbClassicStatus</url-pattern>
</servlet-mapping>We can also print LogBack status to console by configuring this listener through Java code.
LoggerContext lc = (LoggerContext) LoggerFactory.getILoggerFactory();
StatusManager statusManager = lc.getStatusManager();
OnConsoleStatusListener onConsoleListener = new OnConsoleStatusListener();
statusManager.add(onConsoleListener);… or from config file …
<configuration>
<statusListener class="ch.qos.logback.core.status.OnConsoleStatusListener" />
...
</configuration>Pushing git project to server
It is often that we started a project in our local laptop, and we want this project secured in our server. I know, it may not possible to execute git clone command from server to clone the project from your local computer due to firewall or at that moment your laptop does not have public IP like your server does.
Before pushing the project to server, I assumed that we have created git repository in the server:
$ mkdir projectname.git$ cd projectname.git$ git init --bare
Or just:
$ git init --bare projectname.git
From our local, execute these command to push the git local repository to the server:
$ git remote add origin ssh://user@server.com:port/path/to/projectname.git$ git push origin master
Now we have our project safe in the server. We can safely continue our work in local laptop, we can clone to other laptop if required, and push the changes to server anytime we want.
Configure application to load its libraries first before websphere libraries
When deploying our application in IBM WebSphere application server, sometimes there are some libraries which we are using in our application, get conflicted with the one being used by WebSphere.
Follow this instruction to configure WebSphere to load our application libraries first before it loads the WebSphere libraries.
1. Install the application in WebSphere
2. Once the application installed, go to this path:
Enterprise Applications > [ear application name] > Manage Modules > [war application name]3. Set Class loader order to Classes loaded with parent class loader first
4. Start the application.
Our application will be started by loading application libraries first, before then it loads WebSphere libraries.
Setting iptables to allow port connection from localhost only
Most of the time, we don’t want to allow direct access to the port from outside our server.
We can configure this through iptables command.
In this example we want to configure port 8080 to be accessible from localhost only. These are the steps:
1. Execute this command to accept connection from localhost.
iptables -A INPUT -p tcp -s localhost --dport 8080 -j ACCEPT2. Execute this command to drop any connection from other hosts.
iptables -A INPUT -p tcp --dport 8080 -j DROPIf we want to undo this changes, we can execute the same command by replacing -A with -D. From here we may reverse proxy our 8080 port using our apache http server.