Best Practices for Speeding Up Web Sites

Steve Souders of Yahoo Performance Group has an excellent write up on improving the performance of web sites.

You can get it here:
Exceptional Performance : Best Practices for Speeding Up Your Web Site

Disable rtvscan.exe on Windows?

If you have symantec anti-virus installed on your windows box, invariably the "rtvscan.exe" process will be running all the time. You may see that your applications run slower and this rtvscan process is hogging a lot of the memory.

I want to disable rtvscan.exe, how do I do it?
Unfortunately, the answer lies in uninstalling Symantec and (maybe) get another anti-virus software. But do not despair. You can disable it temporarily and repeat the process often.

To disable this service, do this disable rtvscan.exe. This will allow you to perform your normal operations on your windows box, when resources become difficult.

Now that you have learnt to disable the process that takes a lot of resources on your windows laptop, I do suggest reading Top ten security menaces of 2008.

If you have wmplayer.exe in your task manager, then do check this.

Picture of JBoss Architecture

This is a high level arch diagram.

JBoss Product and Support

Link to when a particular version of JBoss is EOL.

JBoss Product Update and Support Policy

SVN undo a change

Assume that revision 92 contains the changes we are undoing.

In order to undo a commit that has been made to the repository we just tell SVN to apply the reverse of the changeset to our working copy in the current directory.

svn merge --revision 92:91 .

The output will show files being updated or deleted, we can now check those changes.

svn diff

And if all looks good we can commit our repaired files.

svn commit -m "removing changes from revision 92"

Good to go!

References:
http://seamlesstrust.org/trustwiki/index.php/SVN_Undo_Operation
http://www.jamescooke.info/blog_archive/how-to-undo-a-subversion-commit/

Java Class Loaders

Be sure to check out this decent article on JCL on the commons-logging page:
JCL Information

Another article on Classloaders is on Java World: Find a way out of the ClassLoader maze

* JNDI uses context classloaders
* Class.getResource() and Class.forName() use the current classloader
* JAXP uses context classloaders (as of J2SE 1.4)
* java.util.ResourceBundle uses the caller's current classloader
* URL protocol handlers specified via java.protocol.handler.pkgs system property are looked up in the bootstrap and system classloaders only
* Java Serialization API uses the caller's current classloader by default

The JNDI Tutorial talks about Classloaders.

CheatSheet

Ignore the following as it is just a personal notepad:

Copy to tomcat lib:
f-tomcat.jar
openws-1.0-alpha1.jar
opensaml2-2.0-alpha1.jar
xmltooling-1.0-alpha1.jar
log4j.jar
joda
xmlsec
commons-logging
velocity-dep
javolution


endorse tomcat. (copy endorsed directory under tomcat dir)

Should I do JAXRPC or JAXWS?

You may be plagued by this question often when you are starting to evaluate web service technologies in the Java EE space.

A good article that has take a decent stab at addressing this issue is:
http://www.ibm.com/developerworks/webservices/library/ws-tip-jaxwsrpc.html

In my honest opinion, you should choose JAX-WS because it brings you simplicity. EJB3 with JSR-181 type web services is the ultimate choice.

Local DNS Modifications on Windows

Original Location: http://blog.kowalczyk.info/kb/local-dns-modifications-on-windows---etc-hosts-equivalent-.html

On Unix, /etc/hosts file contains mappings between an IP address and a name of the host. It overrides mappings from DNS. Windows has an equivalent of this file: c:\WINDOWS\system32\drivers\etc\hosts (at least that's the name on Windows XP).

Here's the simplest mapping from 127.0.0.1 to localhost and a.test.cc names:

127.0.0.1 localhost a.test.cc

Dump:GSSAPI with kerberos/spnego

1. Look in the HttpServletRequest for an "Authorization: Negotiate (lots of Base64)" header.
2. If there isn't one, send an HTTP 401 response with a "WWW-Authenticate: Negotiate" challenge, and return.
3. Create a GSSAPI acceptor context for SPNEGO/GSSAPI/Kerberos, Base64 decode the token, and pass it to GSSContext.acceptSecContext().
4. If GSSContext.acceptSecContext() returns an output token (for mutual authentication), Base64 encode it, generate a "WWW-Authenticate: Negotiate (a little Base64)" HTTP header, and add it to the HTTP 200 response.
5. If GSSContext.isEstablished() isn't true, complain bitterly and abort.
6. Otherwise, use GSSContext.getPeerName() to discover who the (now authenticated) client is, use that information to populate the Subject, throw away the GSSContext, and declare victory for validateRequest()

Programmatic Web Login in JBoss

Sometime ago there was a question on whether there was support for Programmatic Web Login in JBoss. We did not have it.

Security Forum Question

Starting JBoss 4.2.0.GA, this feature is available:
http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication

Java PKI Management Tools

The command line tool "keytool" as part of the JDK is not the best tool from an usability perspective. There is the issue of various signature algorithms (DSA,RSA etc), various keystore types(JKS,pkcs12 etc), generation of CSRs etc.

I did play around with the "keyman" tool available from IBM for free. Quite decent.

I came across the following OSS tool "CSRTool". I have not yet played around with it.
CSRTool

Fine Tune JBoss

Ever wondered how you can fine the JBoss Application Server?

Then just look at the following wiki page on JBoss Wiki:
Fine Tuning JBoss

Using HttpClient to make a FORM based conversation

I found this blog that had some code for doing FORM based authentication conversation.
http://cocoalocker.blogspot.com/2007/01/java-ruby-http-clients.html

===========

So the Java code to access the servlet using form based authentication looks like this:

public static void formAuthDemo()
throws IOException, HttpException {
HttpClient client = new HttpClient();

// make the initial get to get the JSESSION cookie
GetMethod get = new GetMethod(
"http://localhost:8080/MyWebApp/myservlet");
client.executeMethod(get);
get.releaseConnection();

// authorize
PostMethod post = new PostMethod(
"http://localhost:8080/MyWebApp/j_security_check");
NameValuePair[] data = {
new NameValuePair("j_username", "tomcat"),
new NameValuePair("j_password", "tomcat")
};
post.setRequestBody(data);
client.executeMethod(post);
post.releaseConnection();

//resubmit the original request
client.executeMethod(get);
String response = get.getResponseBodyAsString();
get.releaseConnection();
System.out.println(response);
}
==================

Firefox Tips

Use SHIFT-DELETE (or just DEL) on mistyped auto-completion suggestions.

Sun's Open Source OpenSSO Project

I am going to take a look at Sun's OSS project OpenSSO.

Some references:

Orhan Alkan's Weblog

Orhan's Installation Guide

Nightly Builds of OpenSSO

Final Conclusion:
A big project to look at in short time. They make use of JWSDP (Jaxrpc) and JAXB impl which may not work for me.

ApacheCon Europe 2007

I will be presenting a session on "Apache Tomcat Security" on May 4, 2007 at ApacheCon 2007 at Amsterdam. If you are going to be present at the conference, do attend this one-hour presentation.

ApacheCon 2007

Related stories:
Apache Tomcat v6.0 is stable and is released. Apache News.

Additional details on the new IO mechanism in v6 using APR/NIO.
Tomcat AIO
Greg Wilkin's blog entry on Async Servlets

As usual, the Apache Tomcat web page is: Apache Tomcat

SSL Cheatsheet

Make OpenSSL as a CA

* I am using openssl that is part of cygwin.

cd openssl
mkdir demoCA/private

Step 1: Generate a key for the CA certificate - this should have a larger keysize as it secures all other certificates

openssl genrsa -des3 -out ./demoCA/private/cakey.pem 2048

----------------------------
Generating RSA private key, 2048 bit long modulus
..+++
................+++
e is 65537 (0x10001)
Enter pass phrase for ./demoCA/private/cakey.pem:
2968:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:849:You must
type in 4 to 1023 characters
Enter pass phrase for ./demoCA/private/cakey.pem:
Verifying - Enter pass phrase for ./demoCA/private/cakey.pem:
-------------------------------

My pass phrase is "changeme". You can choose anything.

Wishing Marc Fluery All The Very Best

I would like to wish marcf all the very best in all his future endeavors. At a time when there were no good low-cost Application Servers available to try out J2EE, marcf and others created JBoss, a true open source JavaEE Application Server that was easy to download and use.