Exclude external JavaScript libraries from beeing validated in Eclipse 4

Due to an Eclipse Bug, JavaScript errors of external JavaScript libraries are marked as erroronous showing the red failure marker even if JavaScript errors are excluded from the contents Markers view, see https://bugs.eclipse.org/bugs/show_bug.cgi?id=349020

Workaround as spooted in the Eclipse bug history:

I have found that I can leave the JavaScript Validator enable and ignore 

specific files by adding a suitable exclusion pattern e.g. **/jquery*.js to 

the JavaScript/Include Path/Source/Excluded group 

(Project->Properties->JavaScript->Include Path->Source).

Importing SSL Certificates to a Keystore with Java Keytool

Java Keytool is a key and certificate tool for managing cryptographic keys, X.509 certificate chains, and trusted certificates.

Keytool Functions

• Administration of public/private key pairs and associated certificates.
• Administration of secret keys used in symmetric encryption/decryption (e.g. DES)
• Storing keys and certificates in a keystore

In this blog I focus on the last aspect.

SSL Basics

 

File types

We distinguish between certificates and keystores:

• Certificate: A digitally signed statement from one entity (person, company, etc.), saying that the public key (and some other information) of some other entity has a particular value. When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified or tampered with, and authenticity means the data indeed comes from whoever claims to have created and signed it.
• Keystore: Archive file (database) for storing many cryptography objects such as certificates as a single file.

Certificate encodings and extensions

• .DER: Binary DER encoded certificates. Not routinely used by anything in common usage.
• .PEM: ASCII (Base64) encoded DER certificates used for different types of X.509v3 files which contain data surrounded with -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. PEM stands for Privacy-enhanced Electronic Mail.
• .CRT: Used for certificates in DER or PEM format. Most common in *nix systems.
• .CER: Alternate extension of .CRT. Microsoft convention.

Keystore formats and extensions

• .JKS: Keystore in Java format, e.g. $JAVA_HOME/jre/lib/security/cacerts
• .P12, .PKCS12, .PFX: PKCS12 certificate keystore file format. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.

Keytool Commands for Storing Keys and Certificates in a Keystore

Listing all imported certificates

keytool -list -keystore keystore.jks -storepass ***

Importing a single certificate to a keystore

keytool -importcert \
    -file mycert.pem \
    -destkeystore keystore.jks \
    -deststoretype jks \
    -deststorepass ***
    -alias myalias

Importing a PKCS12 keystore to a JKS keystore

This time we import not only a simple certificate but a whole keystore:

keytool -importkeystore \
    -srckeystore cert-and-key.p12 \
    -srcstoretype pkcs12 \
    -srcstorepass *** \
    -destkeystore keystore.jks \
    -deststoretype jks \
    -deststorepass *** \

If the destination keystore does not already exists it will be built. So the importing process becomes a format change process. If you do not enter the source or destination store passwords, you will be prompted for it. You may skip the type information if you are lazy and trust the keytool that it will recognize the correct type for you.

Importing a JKS keystore to a PKCS12 keystore

The same command as above but vice versa:

keytool -importkeystore \
    -srckeystore keystore.jks \
    -srcstoretype jks \
    -srcstorepass *** \
    -destkeystore cert-and-key.p12 \
    -deststoretype pkcs12 \
    -deststorepass *** \

Further Sources

• http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html
• https://support.ssl.com/index.php?/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them 

How to check if your iPhone is unlocked or not?

1. Find the IMEI (International Mobile Equipment Identiy) number of your iPhone (Settings -> General -> Info section)
2. Visit http://iphoneimei.info/ and enter your IMEI
3. See the result

 Helpful (and a little bit scary...)

FUSE ESB / Apache ServiceMix Basic Authentication

Find below a guide to setup up Basic Authentication for a Restful service running in a JBoss FUSE ESB 6.0 / Apache ServiceMix OSGI runtime. The service itself is not special. The notable configuration is found in blueprint.xml and in pom.xml.

Important note: this setup only works for JBoss FUSE ESB 6.0 or newer but not for FUSE ESB 7.1.0 or older!

The Restful service implementation CustomerService.java:

package ch.keller.servicemix.restws.server;

import java.util.Date;

import javax.annotation.Resource;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;

import org.apache.cxf.jaxrs.ext.MessageContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/customers")
public class CustomerService {
 
 private static final Logger LOG = LoggerFactory.getLogger(CustomerService.class);

 @Resource
 private MessageContext jaxrsContext;
 
 @GET
 @Path("/")
 public String listAll() {
  isUserInRole();
  return new Date()+": Yess!! "+jaxrsContext.getSecurityContext().getUserPrincipal();
 }

 private void isUserInRole() throws WebApplicationException {
  LOG.info("user = " + jaxrsContext.getSecurityContext().getUserPrincipal());
 }

}

The associated blueprint.xml configuration:

    
    <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>

    
        
            <ref component-id="customerSvc"/>
          
        
            <ref component-id="authenticationFilter"/>
        
    

    <bean id="customerSvc" class="ch.keller.servicemix.restws.server.CustomerService"/>
 
    
         <property name="contextName" value="karaf"/>
    
        
    
        
     users = $[karaf.base]/etc/users.properties
        
    
 
    
    
        <bean class="org.apache.karaf.jaas.modules.properties.PropertiesBackingEngineFactory" />
    

The format of the properties in users.properties is as follows, with each line defining a user, its password and associated roles:

user=password[,role][,role]...

And finally, the Maven pom.xml build script:

 4.0.0
 ch.keller.servicemix
 restws
 0.0.1-SNAPSHOT
 bundle

 
     2.6.8
     2.3.5
 

 
  
    org.apache.cxf
   cxf-bundle
   provided
   ${cxf-version}
  
 

 
  
   
    org.apache.felix
    maven-bundle-plugin
    true
    ${felix-version}
    
     
      ${project.artifactId}
      ${project.description}
      
       org.apache.karaf.jaas.config,  
       org.apache.karaf.jaas.boot.principal,
       org.eclipse.jetty.plus.jaas,
       org.apache.karaf.jaas.boot,
       *
       
      
        ch.keller.servicemix.restws.server
      
      
    
   
    
 

Especially important is the import-package section that guarantees that no java.lang.ClassNotFoundException is thrown during runtime:

    org.apache.karaf.jaas.config,  
    org.apache.karaf.jaas.boot.principal,
    org.eclipse.jetty.plus.jaas,
    org.apache.karaf.jaas.boot,
    *

Eclipse with Eclemma: java.lang.NoClassDefFoundError: oracle/security/pki/OracleWallet

Trying to determine the code coverage of my JUnit 4 tests with EclEmma an java.lang.NoClassDefFoundError was thrown. As we all love Java stack traces, here a short excerpt:

java.lang.NoClassDefFoundError: oracle/security/pki/OracleWallet
 at java.lang.Class.forName0(Native Method)
 at java.lang.Class.forName(Class.java:169)
 at org.hibernate.connection.DriverManagerConnectionProvider.configure(DriverManagerConnectionProvider.java:57)
 at org.hibernate.connection.ConnectionProviderFactory.newConnectionProvider(ConnectionProviderFactory.java:124)
 at
 ...

What does my JUnit Test wants from the OracleWallet? The application uses JDBC for the access of the Oracle DB, but OracleWallet is never directly used in my application. Without Eclemma the tests are running successfully. Not nice.

This seems to be a known problem which is fixed in EclEmma 2.1.3, see http://sourceforge.net/p/eclemma/bugs/108/. If you don't want (or are not allowed...) to update, then the workaround is to exclude oracle.* from the coverage agent in the Code Coverage preferences, see http://www.eclemma.org/userdoc/preferences.html.

Setup AppDynamics for FUSE ESB / Apache ServiceMix in 5 Minutes

AppDynamics  is a powerful tool for the analysis of distributed Java and .NET applications. As it has only low overhead costs (according to the vendor < 2%), it can also be used in production environments.

I use JBoss Fuse 6.0.0 on MacOS. But the setup is similar on other operation systems.
Follow theses steps:

1. Download AppDynamics Lite Java version from http://www.appdynamics.com/. Name and E-Mail address must be provided (and normally you will be contacted by the vendor...).
2. Unzip the downloaded ZIP file AppDynamicsLite.zip to your desired installation directory :

   unzip AppDynamicsLite.zip -d <APP_DYNAMICS_HOME>
   

3. Go to the installation directory:

       cd <APP_DYNAMICS_HOME>
   

4. Unzip the viewer package:

       unzip LiteViewer.zip
   

5. Enter the viewer directory:

       cd LiteViewer
   

6. Start the viewer:

       java -jar adlite-viewer.jar
   

7. Open URL http://localhost:8990/ with your browser. Default user is admin with password admin. You see an empty dashboard.
8. If you monitor an OSGI runtime with AppDynamics you have to extend the boot delegation parameter of FUSE ESB. SSee http://litedocs.appdynamics.com/display/ADLite/OSGi+Infrastructure for further explanations. As I use Felix, I have to add com.singularity.* to the org.osgi.framework.bootdelegation property. For easier upgrade of FUSE ESB, I do not edit /etc/config.properties but /etc/custom.properties. It is important that you don't forget to add all default values. And of course these values may change if you upgrade your FUSE ESB installation. Finally, I add following line to /etc/custom.properties:

       org.osgi.framework.bootdelegation=com.singularity.*,org.osgi.framework.bootdelegation=org.apache.karaf.jaas.boot,sun.*,com.sun.*,javax.transaction,javax.transaction.*,org.apache.xalan.processor,org.apache.xpath.jaxp,org.apache.xml.dtm.ref,org.apache.xerces.jaxp.datatype,org.apache.xerces.stax,org.apache.xerces.parsers,org.apache.xerces.jaxp,org.apache.xerces.jaxp.validation,org.apache.xerces.dom
   

   If your are not sure which OSGI framework you use, you can query your configuration in your Karaf console with

       shell:info
   

9. Configure AppDynamics agent for FUSE ESB. E.g., set $KARAF_OPTION in your shell:

       export KARAF_OPTS="$KARAF_OPTS -javaagent:<APP_DYNAMICS_HOME>/javaagent.jar"
   

   Or alternatively, add following statement to your start script /bin/karaf:

       KARAF_OPTS="$KARAF_OPTS -javaagent:<APP_DYNAMICS_HOME>/javaagent.jar"
   

10. Start your FUSE ESB (in the same shell where you set $KARAF_OPTIONS):

        cd <FUSE_ESB_HOME>/bin/fuse
    

11. Create some traffic on your FUSE ESB, e.g. invoke a web service etc.
12. Go back to your AppDynamics viewer browser window at http://localhost:8990/ and you should see some business transactions.
    
    
13. Finito.

FUSE ESB / Apache ServiceMix Worries...

Starting JBOSS FUSE ESB and received a million error messages in the log (short extract):

[510]% ./fuse
Please wait while JBoss Fuse is loading...
 29% [====================>                                                   ]ERROR: Bundle org.ops4j.pax.web.pax-web-spi [97] Error starting mvn:org.ops4j.pax.web/pax-web-spi/1.1.11 (org.osgi.framework.BundleException: Uses constraint violation. Unable to resolve bundle revision org.ops4j.pax.web.pax-web-spi [97.0] because it is exposed to package 'javax.servlet' from bundle revisions org.apache.geronimo.specs.geronimo-servlet_3.0_spec [269.0] and org.mortbay.jetty.servlet-api [263.0] via two dependency chains.

Chain 1:
  org.ops4j.pax.web.pax-web-spi [97.0]
    import: (&(osgi.wiring.package=javax.servlet)(version>=2.3.0)(!(version>=3.0.0)))
     |
    export: osgi.wiring.package=javax.servlet
  org.apache.geronimo.specs.geronimo-servlet_3.0_spec [269.0]

Chain 2:
  org.ops4j.pax.web.pax-web-spi [97.0]
    import: (&(osgi.wiring.package=org.ops4j.pax.web.service)(version>=1.1.11))
     |
    export: osgi.wiring.package=org.ops4j.pax.web.service; uses:=org.osgi.service.http
  org.ops4j.pax.web.pax-web-api [99.0]
    import: (&(osgi.wiring.package=org.osgi.service.http)(version>=1.0.0)(!(version>=2.0.0)))
     |
    export: osgi.wiring.package=org.osgi.service.http; uses:=javax.servlet.http
  osgi.cmpn [273.0]
    import: (osgi.wiring.package=javax.servlet.http)
     |
    export: osgi.wiring.package=javax.servlet.http; uses:=javax.servlet
    export: osgi.wiring.package=javax.servlet
  org.mortbay.jetty.servlet-api [263.0])
  ...

WTF? Deleted $FUSE_HOME/data directory, started FUSE again, and the errors are gone. It's a pain.