Welcome to my website. I am always posting links to photo albums, art, technology and other creations. Everything that you will see on my numerous personal sites is powered by the formVistaTM Website Management Engine.

icon.linkedin.jpgicon.twitter.jpg

  • Adding MultipartConfig Configuration to web.xml in JBoss 6.x for a Servlet 3.0 File Upload Servlet
    01/12/2012 11:45AM

    If you do not want to hard-code your file upload servlet with the @MultipartConfig annotation but would rather add it to your <servlet> configuration element in web.xml, following is the syntax (add this as a child element of <servlet>):

    <multipart-config>
          <location>/tmp</location>
          <max-file-size>20848820</max-file-size>
          <max-request-size>418018841</max-request-size>
          <file-size-threshold>1048576</file-size-threshold>
    </multipart-config>

  • Invocation of request.getParts() in a Servlet 3.0 doPost Method Will Not Throw IllegalStateException
    01/12/2012 11:34AM

    This one requires a bit of explaination.

    When writing a Servlet that will enable users to upload files from a form you need to be able to limit both the size of the file(s) and the entire multipart/form-data request.  The Servlet 3.0 spec now includes a @MultipartConfig annotation (which can also be specified in web.xml, see other post in this blog).

    Based on the Servlet 3.0 spec here is what is supposed to happen.

    1. The user submits a multi-part form that exceeds any of upload limitation parameters in the @MultipartConfig annotation.
    2. An attempt in the doPost method of the Servlet to invoke a  Collection<Part> parts = request.getParts(); should throw an IllegalStateException enabling the Servlet to respond to the client and somehow communicate that the multi-part message was too large.

    However, if within the doPost method a request.getParameter([param_name]) is invoked on the request object BEFORE attempting to invoke request.getParts(), the Servlet will not throw an IllegalStateException if any of the parameters in the MultipartConfig have been exceeded.  Instead, .getParts() returns a Collection of 0 parts, and without the Exception you have no idea why the multipart POST failed.

     If request.getParameter([param_name]) is invoked on the request object AFTER the first attempt to invoke request.getParts(), .getParts() will throw an IllegalStateException with the details about why the POST failed if any any of the parameters in the MultipartConfig have been exceeded.

    This took me quite a while to track down.

    The long and the short of it is that if you want to be able to check to make sure that any of the @MultipartConfig limitations are exceeded on the server-side (which you should) you MUST invoke request.getParts()before attempting to read any query string values.

    Certainly, there will be those that will say 'why not just check all of this on the client-side in JavaScript?'.  To which I would say, that is absolutely what you should do.  However, you should always double-check on the server-side to prevent someone who has managed to circumvent your client-side form validation.  Furthermore, there are a number of very slick and easy JavaScript implementations to do this that do not work in various versions of IE.

    Attachment: multipartconfig_bug_1.zip 1389 bytes
  • Configuring JBoss 6.x for HTTPS with a Self-Signed Cert
    01/03/2012 11:57AM

    This tutorial makes the following assumptions:

    • That you are running JBoss under a 'jboss' user whose home directory is /home/jboss/

    For the following examples the string "<server-name/ip>" should be replaced with the domain name, or ip address from which the site will be accessed via https.  Also the path to your installed JDK is likely different.

    • Create a new keystore using the jdk provided binary:
    # /usr/lib/jvm/java-1.6.0-openjdk/bin/keytool -genkey -alias your_alias -keyalg RSA -keystore keystore.jks

    Enter keystore password:
    Re-enter new password:
    What is your first and last name?
      [Unknown]: <server-name/ip>
    What is the name of your organizational unit?
      [Unknown]:  Your Unit
    What is the name of your organization?
      [Unknown]:  Your Organization
    What is the name of your City or Locality?
      [Unknown]:  Your City
    What is the name of your State or Province?
      [Unknown]:  MD
    What is the two-letter country code for this unit?
      [Unknown]:  US
    Is CN=<server-name/ip>, OU=Your Unit, O=Your Organization, L=Your City,
    ST=MD, C=US correct?
      [no]:  yes

    Enter key password for <your_alias>
            (RETURN if same as keystore password):
    Re-enter new password:

                    . When propmted for the key password, you must enter the same password as you first entered, when going through the keystore prompts.
                    . Put the keystore file in the /home/jboss directory

    • Export the generated server certificate in .keystore to server.cer
    # /usr/lib/jvm/java-1.6.0-openjdk/bin/keytool -export -alias your_alias -storepass password -file server.cer -keystore keystore.jks
    • Create a trust-store file and add the server cert to it
    # /usr/lib/jvm/java-1.6.0-openjdk/bin/keytool -import -v -trustcacerts -alias your_alias -file server.cer -keystore cacerts.jks -keypass password -storepass password

    It will display the following:

    Owner: CN=<server-name/ip>, OU=Your Unit, O=Your Organization,
    L=Your City, ST=MD, C=US
    Issuer: CN=<server-name/ip>, OU=Your Unit, O=Your Organization,
    L=Your City, ST=MD, C=US
    Serial number: 4e20527c
    Valid from: Fri Jul 15 10:45:16 EDT 2011 until: Thu Oct 13 10:45:16 EDT 2011
    Certificate fingerprints:
             MD5:  B9:25:A0:89:B9:A3:62:44:38:DD:B7:13:2C:05:C5:8C
             SHA1: 3C:F9:54:2D:96:0C:D7:F9:C5:DA:24:54:A3:29:41:98:5E:01:2C:97
             Signature algorithm name: SHA1withRSA
             Version: 3

    . Enter 'yes'
    Trust this certificate? [no]:  yes
    Certificate was added to keystore
    • Edit the JBOSS config file $JBOSS_HOME/server/server_profile/deploy/jbossweb.sar/server.xml
                    . Make a copy of the following block of XML

          <!-- SSL/TLS Connector configuration using the admin devl guide keystore
          <Connector protocol="HTTP/1.1" SSLEnabled="true"
               port="${jboss.web.https.port}" address="${jboss.bind.address}"
               scheme="https" secure="true" clientAuth="false"
               keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
               keystorePass="rmi+ssl" sslProtocol = "TLS" />
          -->

                    . Make the following changes:

            <Connector protocol="HTTP/1.1" SSLEnabled="true"
                    port="${jboss.web.https.port}" address="${jboss.bind.address}"
                    scheme="https" secure="true" clientAuth="false"
                    keystoreFile="${user.home}/jboss_as_keys/keystore.jks"
                    keystorePass="password"
                    truststoreFile="${user.home}/jboss_as_keys/cacerts.jks"
                    truststorePass="password"
                    sslProtocol = "TLS" />

                    . Disable unencrypted http/8080 access to the server by commenting out the following:

    <!--
          <Connector protocol="HTTP/1.1" port="${jboss.web.http.port}"
    address="${jboss.bind.address}"
             redirectPort="${jboss.web.https.port}" />
    -->
    • Set up port forwarding for port 443 to 8443 via iptables  Use the following iptables commands, replacing $IPADDR with the IP of your web server

      # iptables -t nat -A OUTPUT --destination localhost -p tcp --dport 443 -j REDIRECT --to-ports 8443
      # iptables -t nat -A OUTPUT --destination $IPADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443
      # iptables -t nat -A PREROUTING --destination $IPADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443

      # /etc/init.d/iptables save
      # /etc/init.d/iptables restart

  • Fixing JBoss Error installing to Start: name=IIOPInvoker state=Create: java.net.UnknownHostException:
    01/03/2012 11:22AM

    If you ever see the following when attempting to start up an instance of JBoss 6.x:

    15:41:15,740 ERROR [AbstractKernelController] Error installing to Start: name=IIOPInvoker state=Create: java.net.UnknownHostException: some_host_name: some_host_name
            at java.net.InetAddress.getLocalHost(InetAddress.java:1426)
            [:1.6.0_17] at org.jboss.invocation.iiop.IIOPInvoker.start(IIOPInvoker.java:233) [:6.0.0.Final]

    It is because JBoss cannot resolve the host name of the machine on which it is running.  To fix:

     

    • Edit /etc/hosts and add the name of the box pointing to an ip address.
    • Set up a proper DNS entry for the host name of the machine.
  • Installing Jboss 6.1.0-Final under RHEL or CentOS
    12/22/2011 12:19PM

    The following is a howto for installing Jboss under Red Hat Enterprise Linux or CentOS.  The steps are most likely the same under any other Linux distro.

    • Unpack your jboss.zip (or .tar)
    • Jboss requires a 'place' to store data as it runs.  Out of the box it uses org.jboss.jdbc.HypersonicDatabase which is horribly inefficient and should never be used in a production system.  So we'll set up MySQL such that jboss can write to it (installing and configuring MySQL is an excersize for the reader) and create a DataStore instance in jboss that points to the MySQL server:
    Add a jboss user to MySQL (This is with a 5.x version of MySQL)

    INSERT INTO `user` VALUES ('localhost', 'jboss', '5d2e19393cc5ef67', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', '', '', '', '', 0, 0, 0, 0)

    Create a table for jboss
    • Create a DataSource definition:
    Copy mysql-ds.xml from $JBOSS_HOME/docs/examples/jcs/mysql-ds.xml to $JBOSS_HOME/server_profile/deploy

    Edit the mysql-ds.xml:

    Change JNDI name to: DefaultDS

    Update the URL to point to the MySQL server and jboss database.

    Remove the 'zeroDateTimeBehavior=convertToNull' connection argument

    # mv deploy/hsqldb-ds.xml deploy/hsqldb-ds.xml.removed.   This will disable the default HyperSonic db DataStore.
    • Unistall the services that you do not need.  This will greatly depend on what it is that you are trying to do with this application server instance.  Following are some examples of services that are removed and how to do it.  Each one is a bit different.
    javamail:
    In deployers/jsr77-deployers-jboss-beans.xml: Comment out the following: <property name="mailService">jboss:service=Mail</property>

    # mv deploy/mail-service.xml deploy/mail-service.xml.removed

    hornetq:
    # rm -rf deploy/jms-ra.rar/
    # rm -rf deploy/hornetq/
    # mv deployers/hornetq-deployers-jboss-beans.xml deployers/hornetq-deployers-jboss-beans.xml.removed

    clustering:

    # mv ./deployers/clustering-deployer-jboss-beans.xml ./deployers/clustering-deployer-jboss-beans.xml.removed
    # rm -rf ./deploy/mod_cluster.sar/
    • Update the admin console password:
    Edit: $JBOSS_HOME/server_profile/conf/props/jmx-console-users.properties

    Add a uid/password combination in the following format: uid=password
    • Secure the jmx-console:
    Copy the jmx-console.war from the common directory into the server_profile server dir.
    # cp -Rpf ./common/deploy/jmx-console.war/ server/amap/deploy

    Edit: ./deploy/jmx-console.war/WEB-INF/jboss-web.xml

    Uncomment the <security-domain> node

    Edit: ./deploy/jmx-console.war/WEB-INF/web.xml

    Uncomment the <security-constraint> node

    Edit: ./deploy/jmx-jboss-beans.xml

    Uncomment the line: <property name="securityDomain">jmx-console</property>

    Edit: conf/props/jmx-console-users.properties

    Change the password

    With that, you should have an instance of JBoss up and running and ready for you to develop your applications.

  • 1 2 3 >>
Advanced Search

Categories

Archives