Saturday, December 16, 2017

quick nfs mount on CentOS

#find your ip
ifconfig
#create folder to share
sudo mkdir -p /drbd/main/shared
#who cares about security
sudo chmod -R 777 /drbd/
#create folder where local files should appear
mkdir -p /home/centos/ocpnfs
sudo vi /etc/exports
#enter this in /etc/exports
/drbd/main/shared/ 10.0.2.15(rw)
#end of /etc/exports
sudo systemctl restart nfs
sudo exportfs -v
sudo mount -t nfs 10.0.2.15:/drbd/main/shared/ /home/centos/ocpnfs
touch /home/centos/ocpnfs/pippo.txt



oc cluster up : how to enable admin privileges

Once you install OpenShift with "oc cluster up", you are confronted with a frustrating situation: you are told to login as

oc login -u system -p admin

to be a cluster administrator, but in reality you are just a regular user.

If you try to do

oc adm policy add-cluster-role-to-user cluster-admin system

you get a

Error from server (Forbidden): User "system" cannot list clusterrolebindings.authorization.openshift.io at the cluster scope: User "system" cannot list all clusterrolebindings.authorization.openshift.io in the cluster (get clusterrolebindings.authorization.openshift.io)


After zillion of desperate attempts (including reinstalling everything a few times) I have found a way:

#become root
sudo su -
#login as admin, not as system
oc login -u admin -p admin
#grant yourself superhuman rights
oc adm policy add-cluster-role-to-user cluster-admin admin --config=/var/lib/origin/openshift.local.config/master/admin.kubeconfig
cluster role "cluster-admin" added: "admin"
#login again
oc login -u admin -p admin
Login successful.

You have access to the following projects and can switch between them with 'oc project ':

* default
kube-public
kube-system
myproject
openshift
openshift-infra
openshift-node

Using project "default".




and when I log into https://127.0.0.1:8443/console/ as admin/admin I can see all the Openshift internal projects.




Thursday, December 14, 2017

Openshift REST Client API written in Java

https://github.com/openshift/openshift-restclient-java/

immensely more usable than the CLI...

I ask myself who wants to learn by heart the hyper-complicated Openshift command line interface, when you can easily wrap all that crap in a nice fluent Java API....

Life is short, I am too busy, no time to learn all the freaking CLIs of the planet... please give me simple and powerful programming tools... I don't want to type any commands...

Wednesday, December 13, 2017

Excellent Docker presentation by Preethi Kasireddy

https://medium.freecodecamp.org/a-beginner-friendly-introduction-to-containers-vms-and-docker-79a9e3e119b

Where you learn:

- difference between a Container and a VM

- what is an Hypervisor (hosted or bare-metal)

- Docker Engine
- Docker client
- Docker daemon
- Dockerfile
- Docker image
- Union File Systems
- Volumes
- Containers

- Namespaces (NET, PID, MNT, UTS, IPC, USER)
- Cgroups (Control groups)
- Isolated union file systems



Great OpenShift presentation : OpenShift 3 Walkthrough




Here the code https://github.com/gshipley/openshift3mlbparks


In case you want to take the DO280 certification.... https://www.redhat.com/en/services/training/do280-red-hat-openshift-administration-i

I was able to deploy the project on Openshift Online and run it.... impressive, but the configuration effort is really huge, when compared to docker-compose....


this is older video repeating more or less same concepts




and the famous "instant gratification with Openshift"



Grant Shipley is a great guy. Here another great talk by him - more philosophical than technical





Tuesday, December 12, 2017

keycloak wikipedia

As usual, the fascist side of Wikipedia attracts swarms of wikilosers, in search of a victim to club down to death.

My article on Keycloak has been marked for deletion, so I am saving it here for the benefit of future generations (I know, there is no future, but let's pretend there is)

Keycloak Developer(s) JBoss, a division of Red Hat
Stable release
3.3.0 / October 26, 2017
Written in Java
Type Single sign-on system
License LGPL
Website keycloak.org


Keycloak is a software product from JBoss to allow single sign-on and Identity Management.

Contents

1 Features
2 Components
3 See also
4 References

Features

Among the many features of Keycloak include :

User Registration
Social login
Single Sign-On/Sign-Off across all applications belonging to the same Realm
2-factor authentication
LDAP integration
Kerberos broker
multitenancy with per-realm customizeable skin


Components

There are 2 main components of Keycloak:

Keycloak server
Keycloak application adapter

See also

Single sign-on
OpenSSO
Kerberos (protocol)
Identity management
List of single sign-on implementations

References
Official web site http://www.keycloak.org/
S├ębastien Blanc (June 16, 2017). "Easily Secure Your Spring Boot Applications With Keycloak". dzone.com. https://dzone.com/articles/easily-secure-your-spring-boot-applications-with-k



I swear I will never touch Wikipedia again.








Monday, December 11, 2017

Adam Bien memorable quote about maintainability

https://youtu.be/O1VTx0psUgo?t=569

For me how I see the JAX-RS movement is the following

no one cares of my clients about JAX-RS Rest or whatever.

What we would to have is to build the application quickly and maintainable

So when is the application maintainable?

In my eyes it’s maintainable in this case if you understand the domain concepts

and you forget the app for 2 years

and after 2 years you return to the project

and you still remember the concepts

you should quickly be able to understand the app, introduce new features, and fix bugs.

When is it possible?

This is only possible in case the domain concepts and the business logic immediately becomes visible to you.

The more it’s obfuscated with strange patterns, the less maintainable your application becomes.


So regardless whether you use Spring Boot, Java EE or whatever, what you should get at the end of the day,

If you know the domain concepts and you look at the URIs, you should be immediately identify what is going on there.

So this is the only quality for which I am interested in implementing JAX RS or Business Services.



WebSockets and JSONDecoder in Wildfly 11


import java.io.Serializable;
import java.net.URI;

import javax.enterprise.event.Event;
import javax.inject.Inject;
import javax.websocket.ClientEndpoint;
import javax.websocket.CloseReason;
import javax.websocket.ContainerProvider;
import javax.websocket.OnClose;
import javax.websocket.OnMessage;
import javax.websocket.OnOpen;
import javax.websocket.Session;
import javax.websocket.WebSocketContainer;

import com.pierre.inst.model.Member;

@ClientEndpoint(decoders={JSONDecoder.class})
public class MemberClientEndpoint implements Serializable{

    @Inject
    private Event<Member> memberEvent;

    @OnMessage
    public void onMessage(Member member) {
        memberEvent.fire(member);
    }
}




java.lang.RuntimeException: javax.websocket.DeploymentException: UT003029: Could not find message parameter on method public void com.pierre.inst.websockets.MemberClientEndpoint.onMessage(com.pierre.inst.model.Member)

where JSONDecoder is

import javax.websocket.DecodeException;
import javax.websocket.Decoder;
import javax.websocket.EndpointConfig;

import com.google.gson.Gson;
import com.pierre.inst.model.Member;

public class JSONDecoder implements Decoder.Text<Object> {

 private Gson gson;

 @Override
 public void init(EndpointConfig config) {
  gson = new Gson();
 }

 @Override
 public void destroy() {
  // do nothing
 }

 @Override
 public Object decode(String s) throws DecodeException {
  return gson.fromJson(s, Member.class);
 }

 @Override
 public boolean willDecode(String s) {
  return true;
 }

}


see also
https://docs.oracle.com/javaee/7/tutorial/websocket007.htm
and
https://issues.jboss.org/browse/UNDERTOW-287

The issue is that JSONDecoder is too generic, parameter class is Object, it should be Member:


import javax.websocket.DecodeException;
import javax.websocket.Decoder;
import javax.websocket.EndpointConfig;

import com.google.gson.Gson;
import com.pierre.inst.model.Member;

public class JSONDecoder implements Decoder.Text<Member> {

 private Gson gson;

 @Override
 public void init(EndpointConfig config) {
  gson = new Gson();
 }

 @Override
 public void destroy() {
  // do nothing
 }

 @Override
 public Member decode(String s) throws DecodeException {
  return gson.fromJson(s, Member.class);
 }

 @Override
 public boolean willDecode(String s) {
  return true;
 }

}







Saturday, December 9, 2017

docker-compose

Install docker-compose on CentOS. Digital Ocean tutorials are very good:

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-centos-7


sudo yum install epel-release
sudo yum install -y python-pip


if you get

"Another app is currently holding the yum lock; waiting for it to exit...
The other application is: PackageKit
"

just do "ps -ef | grep PackageKit", find the PID and do "sudo kill -9 PID"


sudo pip install --upgrade pip

sudo pip install docker-compose
sudo yum upgrade python*


docker-compose



Awesome quick hands-on php tutorial on docker-compose



first do:
sudo pip3.6 install flask
sudo pip3.6 install flask_restful


cd
mkdir jakewright; cd jakewright
mkdir product; cd product

you should have this tree:
~
~/jakewright
~/jakewright/product

make sure you are in ~/jakewright/product :

cat api.py
from flask import Flask
from flask_restful import Resource, Api

app = Flask(__name__)
api = Api(app)

class Product(Resource):
    def get(self):
        return {
            'products' : ['Ice Cream', 'Chocolate', 'Fruit']
        }

api.add_resource(Product, '/')

if __name__ == '__main__':
    app.run(host='0.0.0.0',port=9080, debug=True)

python3.6 api.py

http://localhost:9080/


cat Dockerfile
FROM python:3-onbuild
COPY . /usr/src/app
CMD ["python", "api.py"]



cat requirements.txt
flask
flask_restful


docker build . -t jakewright
-> Successfully tagged jakewright:latest
docker images
docker run -p 9080:9080 jakewright


now in ~/jakewright folder:
cat docker-compose.yml

version: '3'

services:
product-service:
build: ./product
volumes:
- ./product:/usr/src/app
ports:
- 9080:9080


(leaving the second part for now....)

docker-compose up -d
docker-compose stop

your service should now be equally available, in an image called jakewright_product-service


User Manual for Dockerfile https://docs.docker.com/engine/reference/builder/#usage



PS another GREAT video by Jake Wright is Learning CSS https://www.youtube.com/watch?v=0afZj1G0BIE , and don't forget Learning Docker https://www.youtube.com/watch?v=YFl2mCHdv24





Wednesday, December 6, 2017

WebSockets client-server example

Server-side:

annotate a POJO with javax.websocket.server.ServerEndpoint

A method annotated with javax.websocket.OnOpen will handle the creation of a javax.websocket.Session

Another method handles the reception of a message, it's annotated with javax.websocket.OnMessage


Client-side:

You have to extend javax.websocket.Endpoint
and override the method onOpen(Session session, EndpointConfig config), where you add to the Session a MessageHandler.Whole to implement a onMessage() . This Endpoint just handles the Message but not the session.

To create a session, connect to the Server: ContainerProvider.getWebSocketContainer().connectToServer(this.endpoint, new URI("ws://server:port/contextroot/serviceuri"))


Client and server are here

https://github.com/vernetto/JavaMonAmour/tree/master/pvabwebsocketsserver

https://github.com/vernetto/JavaMonAmour/tree/master/pvabwebsocketsclient


Here the explanation by the Great Adam Bien





Sunday, December 3, 2017

Mojarra 2.2.13.SP4 in Wildfly 11 debugging

I get a message "The form component needs to have a UIForm in its ancestry. Suggestion: enclose the necessary components within <h:form> ". After some mucking (basically, exclude stuff and see if it still breaks) I discovered the fix: enclose a p:menubar in a h:form <h:form><p:menubar>

A few things leave me really disappointed: this warning should be issued by Eclipse editor, not runtime... and the warning message should be accompanied by the exact location and identity of the offending element.

And in Mojarra 2.2.13.SP4 (Wildfly 11) there doesn't seem to be any debugging flag to get more information.

RANT ON once more, ui development has made huge steps BACKWARDS in the last 20 years RANT OFF Using Delphi in 1995 I was able to put together a very decent and complex UI in MINUTES - with JSF/HTML/Mojarra/CSS/Bootstrap it takes MONTHS and it's no fun. That's why whenever I have to do a UI I keep it MINIMALISTIC, I hate wasting my time in such poorly engineered products.





Saturday, December 2, 2017

JSF facelets, composition, layouts, templates

https://docs.oracle.com/javaee/7/javaserver-faces-2-2/vdldocs-facelets/toc.htm this is the Facelets documentation

and this https://docs.oracle.com/javaee/7/javaserver-faces-2-2/vdldocs-facelets/ui/composition.html is the ui:composition documentation



RANT ON

Let's admit it, HTML UI development is sheer mess.
In OOP you learn about nice encapsulation, separation of concerns, tidy APIs, design-time validation, convention over configuration... in HTML it's exactly the other way round, everything mixed up and it's just a verbose visually incomprehensible jungle, tons of implicit stuff has to be explicitly stated over and over, tons of useless boilerplate fluff make the code unreadable. It makes me really sick. With some better designed standard, the size of this crap could be reduced by a factor of 10 without any loss, actually gaining a lot in readability and maintainability. It's so evident.


RANT OFF

Here a decent tutorial (a bit too complicated) on templates:



code is here:

https://github.com/discospiff/JavaFullStackEnterpriseWeb


in a JSF application you use a template, in which you insert contents defined in pages.

In a template, to insert the content, you use div+insert (=insertContent) ,

In a page, to use a template, you use composition (=useTemplate)

In a page, to define the content, you use define (=defineContent).

Again: a template inserts stuff; a page defines stuff and uses a template to arrange it on a layout.


for a page, look here https://github.com/discospiff/JavaFullStackEnterpriseWeb/blob/master/PlantPlaces/WebContent/index.xhtml

and the corresponding template is https://github.com/discospiff/JavaFullStackEnterpriseWeb/blob/master/PlantPlaces/WebContent/template.xhtml





Netbeans rocks, Eclipse sucks

With Eclipse, setting up a simple Web Application with JSF and deploying it to Wildfly is a long, frustrating struggle.

With Netbeans, it takes 10 seconds.

File / New Project, Java Web / Web Application, project name "WebApplication1", server : select Wildfly server, Java EE Version: Java EE 7 Web, context path: /WebApplication1, Frameworks: select JavaServer Faces, in the components tab select Primefaces (the first time iyou haveto wait 10 seconds while it fetches the dependencies "JSF library Primefaces not setup correctly..." )

Right click on the Project, Run... it will open http://localhost:8080/WebApplication1/ and you are ready to go.


What Netbeans generates is:







BEWARE: to run on Wildfly 11, you should change the version of primefaces in pom.xml from 5.0 to 6.0, otherwise you get an error "wildfly This page calls for XML namespace http://primefaces.org/ui declared with prefix p but no taglibrary exists for that namespace"

The only issue I had with Netbeans 8.2 is that it's not compatible with Java 9, I had to edit netbeans.conf and change netbeans_jdkhome to point to JDK 8.

Incidentally, check out this AWESOME video on how to generate a Primefaces crud application from Entities with Netbeans

https://netbeans.org/kb/docs/javaee/maven-primefaces-screencast.html

You can simply forget that with Eclipse. A Total Eclipse of the Heart



"every now and then I fall apart
I don't know what to do and I am always in the dark
There is nothing I can do, a total Eclipse of the heart
Once upon a time there was light in my life"

hahaha




Thursday, November 30, 2017

Another poorly implemented feature of Eclipse: repository search

Eclipse is a champion at implementing in an extremely unappealing and inefficient way even the simplest feature.


Window/Show view/ Maven Repository, right click on central , "Full Index Enabled". Then "Rebuild Index" (this especially useful if you get an error about the index having to be rebuilt for Lucene 6)

Then open the POM.XML, click on the Dependencies tab, add, and where it says "enter groupId, artifactId..." type *junit*

On the status bar on the bottom right you will see "repository search" and an animated icon...

It's AMAZING how slow it is....

much faster to google for "maven junit" and you get immediately the GAV

Eclipse: Erroneous Clumsy Ludicrous Inefficient Pathetic Shitty Elephant


See http://www.vogella.com/tutorials/EclipseMaven/article.html

Wednesday, November 29, 2017

Adam Bien on Lambda and Runnable


Java 8 Basics: Method References from AdamBien on Vimeo.



This is my code:




public class TestRun {
 public static void main(String[] args) {
  TestRun testRun = new TestRun();
  testRun.method1();
  testRun.method2();
  testRun.method3();
  testRun.method4();
 }

 
 /**
  * Old Java school
  */
 public void method1() {
  Runnable runnable = new Runnable() {
   @Override
   public void run() {
    System.out.println("ciao1");

   }
  };
  new Thread(runnable).start();
 }

 /**
  * Runnable's only method has no input parameters and only 1 method, 
  * it's a Functional Interface https://docs.oracle.com/javase/8/docs/api/java/lang/Runnable.html 
  * so we provide method implementation inline (lambda)
  */
 public void method2() {
  Runnable runnable = () -> {
   System.out.println("ciao2");
  };
  new Thread(runnable).start();
 }
 
 /**
  * Syntactic sugar, since there is no parameter we omit the () notation altogether
  */
 public void method3() {
  Runnable runnable = () -> System.out.println("ciao3");
  new Thread(runnable).start();
 }
 
 /**
  * We provide the method (lambda) as a reference
  */
 
 public void method4() {
  Runnable runnable = this::display;
  new Thread(runnable).start();
 }
 
 
 public void display() {
  System.out.println("ciao4");
 }
}



Tuesday, November 28, 2017

WebSockets on WildFly and Eclipse

I have followed this (messy) tutorial, and eventually I have made it work on Wildfly - after a long struggle

http://www.oracle.com/webfolder/technetwork/tutorials/obe/java/HomeWebsocket/WebsocketHome.html#overview


Here is the github repository https://github.com/vernetto/websocket


Just enter in 2 different browser this URL http://localhost:8080/WebsocketHome/


You need these classes

https://docs.oracle.com/javaee/7/api/javax/websocket/ClientEndpoint.html "POJO is a web socket client" and has a method annotated with @Message https://docs.oracle.com/javaee/7/api/javax/websocket/OnMessage.html





Saturday, November 25, 2017

Primefaces gmap

<h:head>
<script src="http://maps.google.com/maps/api/js?sensor=false" type="text/javascript"></script>


<p:gmap center="41.381542, 2.122893" zoom="15" type="HYBRID" style="width:100%;height:400px" />


https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/Debugging_JavaScript enable browser console:
about:config
devtools.chrome.enabled set it to true

then Ctrl-Shift-J (in firefox)


"Google Maps API error: MissingKeyMapError https://developers.google.com/maps/documentation/javascript/error-messages#missing-key-map-error" js:38
"Google Maps API warning: NoApiKeys https://developers.google.com/maps/documentation/javascript/error-messages#no-api-keys" util.js:246
"Google Maps API warning: SensorNotRequired https://developers.google.com/maps/documentation/javascript/error-messages#sensor-not-required"


in reality one should provide a key

<script src="http://maps.google.com/maps/api/js?key=MY_API_KEY" type="text/javascript"></script>

https://developers.google.com/maps/documentation/javascript/get-api-key?utm_source=geoblog&utm_medium=social&utm_campaign=2016-geo-na-website-gmedia-blogs-us-blogPost&utm_content=TBC



What is new in Java 9

You will be able to impress women at parties with the knowledge you gain in this EXCELLENT presentation by Simon Ritter





Java9 documentation here https://docs.oracle.com/javase/9/

Java 9 modules unveiled

Presentation by Mark Reinhold - author of most documentation in openJDK http://openjdk.java.net/projects/jigsaw/





On CentOS 7, to install Java 9:


wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/9.0.1+11/jdk-9.0.1_linux-x64_bin.rpm"

sudo yum install jdk-9.0.1_linux-x64_bin.rpm

rm jdk-9.0.1_linux-x64_bin.rpm

at this point, java9 is installed in /usr/java/jdk-9.0.1/bin/java






./jshell
3 + 4
String x = "foo"
x.substring(1,3)
x.getClass()
x.getClass().getModule()
x.getClass().getModule().getClass()
import java.sql.*;
Timestamp t = new Timestamp(0)
t.getClass()
t.getClass().getModule()
CTRL-D to exit


if you type
./java -help

you get some new options related to modules:



java [options] -m [/] [args...]
java [options] --module [/] [args...]
(to execute the main class in a module)

Arguments following the main class, -jar , -m or --module
/ are passed as the arguments to main class.

-p
--module-path ...
A : separated list of directories, each directory
is a directory of modules.
--upgrade-module-path ...
A : separated list of directories, each directory
is a directory of modules that replace upgradeable
modules in the runtime image
--add-modules [,...]
root modules to resolve in addition to the initial module.
can also be ALL-DEFAULT, ALL-SYSTEM,
ALL-MODULE-PATH.
--list-modules
list observable modules and exit
-d
--describe-module
describe a module and exit
--dry-run create VM and load main class but do not execute main method.
The --dry-run option may be useful for validating the
command-line options such as the module system configuration.
--validate-modules
validate all modules and exit
The --validate-modules option may be useful for finding
conflicts and other errors with modules on the module path.







mkdir -p src/org/openjdk/hello
vi org/openjdk/hello/Main.java


package org.openjdk.hello;
public class Main {
public static void main(String[] args) {
System.out.println("ciao");
}
}



export PATH=/usr/java/jdk-9.0.1/bin/:$PATH
javac -d classes src/org/openjdk/hello/Main.java
java -cp classes/ org.openjdk.hello.Main
mkdir lib
jar --create --file lib/hello.jar -C classes .
ls lib
java -cp lib/hello.jar org.openjdk.hello.Main

vi src/module-info.java

module org.openjdk.hello {
}


javac -d classes src/org/openjdk/hello/Main.java src/module-info.java
ls classes
jar --create --file lib/hello.jar -C classes .
jar tf lib/hello.jar

javap classes/module-info.class

Compiled from "module-info.java"
module org.openjdk.hello {
requires java.base;
}


java --module-path lib -m org.openjdk.hello/org.openjdk.hello.Main

java --module-path lib --describe-module org.openjdk.hello

org.openjdk.hello file:///home/centos/java9code/lib/hello.jar
requires java.base mandated
contains org.openjdk.hello


jar --create --file lib/hello.jar --main-class org.openjdk.hello.Main -C classes .
java --module-path lib -m org.openjdk.hello

rm -rf classes/
mv src org.openjdk.hello
mkdir src
mv org.openjdk.hello src/

I AM GIVING UP HERE!

java --list-modules



Here the specifications http://openjdk.java.net/projects/jigsaw/spec/sotms/

Interesting reading about module vs jar : https://softwareengineering.stackexchange.com/a/313545 by Neil Bartlett

https://stackoverflow.com/a/46514067/651288 also interesting


https://en.wikipedia.org/wiki/Java_Platform_Module_System







Friday, November 24, 2017

Primefaces Showcase

no better way to learn Primefaces as to use their showcase


https://github.com/primefaces/showcase

git clone https://github.com/primefaces/showcase.git
cd showcase
git checkout tags/6_1
mvn clean package
mvn jetty:run

http://localhost:8080/showcase/

However, the official showcase is here https://www.primefaces.org/showcase/index.xhtml but the published code can be incomplete, so better get it from github.


The examination of all these components can be really educational... nothing better to learn something than seeing it in action.

Thursday, November 23, 2017

Jira on Docker, and integration with BitBucket/Github

https://hub.docker.com/r/cptactionhank/atlassian-jira/


sudo docker run --detach --publish 8080:8080 cptactionhank/atlassian-jira:latest

http://localhost:8080

https://www.atlassian.com/blog/jira-software/connecting-jira-6-2-github but I can't find the DVCS Connector...

https://marketplace.atlassian.com/plugins/com.osowskit.jira.github.app/cloud/overview


and you can also find one here http://localhost:8080/plugins/servlet/upm/marketplace/search?q=github "git integration for Jira" by BigBrassBand

interesting also the Jigit project, by Dmitri Apanasevich

It seems that integration with Stash is more supported.... how to run Stash locally... https://hub.docker.com/r/atlassian/bitbucket-server/

sudo docker volume create --name bitbucketVolume
sudo docker run -v bitbucketVolume:/var/atlassian/application-data/bitbucket --name="bitbucket" -d -p 7990:7990 -p 7999:7999 atlassian/bitbucket-server

sudo docker exec -ti bitbucket /bin/bash


http://localhost:7990/


To integrate Bitbucket with Jira, in Bitbucket there is a link "Administration/Application Integration".... it pays to use same username/pw for administrator role on both products.



Wednesday, November 22, 2017

Bottle getting started

Looking for an alternative to Django...


Apparently webpy is basically dead. Bottle seems to be alive, and ported to Python 3

http://bottlepy.org/docs/dev/index.html

sudo pip3.6 install bottle

python

paste this code:

from bottle import route, run, template

@route('/hello/')
def index(name):
    return template('Hello {{name}}!', name=name)

run(host='localhost', port=8080)


Enter in the browser:

http://127.0.0.1:8080/hello/world


It can't be simpler! Compare it to the same code in Java...



Django getting started



sudo pip3.6 install Django==1.11.7


follow the instructions https://docs.djangoproject.com/en/1.11/intro/tutorial01/

cd ~
vi .bash_profile
insert this line:
alias python=python3.6
source .bash_profile

django-admin startproject mysite
cd mysite/
python manage.py runserver


Performing system checks...

System check identified no issues (0 silenced).

You have 13 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): admin, auth, contenttypes, sessions.
Run 'python manage.py migrate' to apply them.

November 22, 2017 - 19:02:58
Django version 1.11.7, using settings 'mysite.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.




in your browser enter http://127.0.0.1:8000/






CentOS 7 install Python 3

CentOS 7 comes with some old version of Python 2 - which is going EOL in a couple of years.

Also, Django recommends Python 3 https://www.djangoproject.com/download/

#this will probably install a new version of docker, and you will likely lose all your containers !!!
sudo yum -y update
#better to reboot now

sudo yum -y install https://centos7.iuscommunity.org/ius-release.rpm

sudo yum -y install python36u

#check if installed
python3.6 -V

#beware! old python is still installed, if you run "python" you get the 2 version

https://www.digitalocean.com/community/tutorials/how-to-install-python-3-and-set-up-a-local-programming-environment-on-centos-7


https://www.djangoproject.com/download/

sudo yum -y install python36u-pip





StackOverlords of the world, Unite!



As already noticed for Wikipedia http://www.javamonamour.org/2013/07/wikilosers-get-life.html it seems to me that also StackOverflow attracts fascist administrators, who blindly close questions of remarkable importance totaling zillion of views... like this one https://stackoverflow.com/questions/713847/recommendations-of-python-rest-web-services-framework

Sad, really. I used to hold SO as an example of a vibrant, open, democratic community but no, they have as well priests, zealots, generals and dictators.


Read also this http://timschreiber.com/2013/10/30/beware-the-stackoverlords/

Sunday, November 19, 2017

Quantum Security in KPN (AllDay DevOps 2017, Jaya Baloo)



jump to minute 11.50 where Jaya starts speaking.

You don't have to understand everything, but it's good to have a glimpse of the future

https://www.nature.com/news/quantum-spookiness-passes-toughest-test-yet-1.18255 here is the 2015 article about the Entanglement mentioned at 24:39

Here an explanation of the Quantum Entanglement https://en.wikipedia.org/wiki/Quantum_entanglement and Einstein's position. I think that saying that Einstein "HATED" the Q.E. is a bit excessive, he simply believed it was not possible and qualified as "spukhafte Fernwirkung" . I get allergic whenever someone tries to ridicule Einstein.

Here more about Einstein "spooky" story https://en.wikipedia.org/wiki/Bohr%E2%80%93Einstein_debates and here https://en.wikipedia.org/wiki/Qubit something more about the Qubit

Maybe you want to try some of IDQuantique products already https://www.idquantique.com/

This is also a good presentation of the brilliant Jaya, given to a totally passive and indifferent audience ("we don't really care if the NSA spies on us, all we care is make good money and have fun on the weekend")





Saturday, November 18, 2017

Injecting Logger

According to https://docs.jboss.org/weld/reference/2.4.0.CR1/en-US/html/injection.html :

import org.slf4j.Logger;

@Named
@SessionScoped
public class CaloriesController implements Serializable  {
 @Inject
 private Logger logger;
    public void insertUser() {
     logger.debug("insertUser");
    }
}


but this is not enough... you will get a "WELD-001408 Unsatisfied dependencies for type Logger with qualifiers @Default at injection point " ...

You have to prepare also a PRODUCER:

package org.pierre.calories.common;

import javax.enterprise.inject.Produces;
import javax.enterprise.inject.spi.InjectionPoint;
import javax.faces.bean.ManagedBean;
import javax.inject.Named;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
@ManagedBean
public class LoggingProducer {
 
 @Produces
 public Logger getLogger(final InjectionPoint ip) {
  return LoggerFactory.getLogger(ip.getMember().getDeclaringClass());
 }

}



See also https://stackoverflow.com/questions/19768405/weld-001408-unsatisfied-dependencies-for-type-logger-with-qualifiers-default


Again, one would hope that in 2017 these things were a bit better engineered and transparent.... but this is the world of IT, a huge morassic mess.... La Brea Tar Pits:



eclipse Deploy projects as compressed archives

After the N-th time I got the error

Error renaming BLA
This may be caused by your server's temporary deploy directory being on a different filesystem than the final destination

see this SO post https://stackoverflow.com/questions/26487574/jboss-tools-deploy-error-this-may-be-caused-by-your-servers-temporary-deploy-d

while deploying from Eclipse to a Wildfly 11, I have searched everywhere and the only option that seems to work is to "Deploy projects as compressed archives"

Double click on the server (in the Servers tab)




at this point, the deployment is just a .war, the exploded directory format is not enabled.


All this is simply pathetic.... Eclipse is a huge failure... it should simply be rewritten from scratch.


PS someone says that deleting the workspace's .metadata folder can fix it... I haven't tried it yet.

Incidentally, deploying as compressed WAR seems to break Keycloak integration... maybe just an impression... Keycloak seems to break silently sometimes...




JPA, Hibernate, Dali and the Metamodel

When building Query criterias, you want to avoid using the String "email" to identify an Entity field... the day you change the field "email" into "mailaddress", your code still compiles but breaks in PROD... ugly... unless you wrote tests... but I prefer when it breaks during compile!

So you must use https://docs.jboss.org/hibernate/entitymanager/3.5/reference/en/html/querycriteria.html "the static form of metamodel reference", that is using an automatically generated class

https://stackoverflow.com/questions/3037593/how-to-generate-jpa-2-0-metamodel

Example:

package org.pierre.calories.entities;

import java.io.Serializable;
import javax.persistence.*;
import java.math.BigDecimal;


/**
 * The persistent class for the USERS database table.
 * 
 */
@Entity
@Table(name="USERS")
@NamedQuery(name="User.findAll", query="SELECT u FROM User u")
public class User implements Serializable {
 private static final long serialVersionUID = 1L;

 @Id
 @GeneratedValue
 private String userid;

 private BigDecimal expectedcalperday;
 
 private String email;

 public String getEmail() {
  return email;
 }

 public void setEmail(String email) {
  this.email = email;
 }

 public User() {
 }

 public User(String userid, BigDecimal expectedcalperday) {
  super();
  this.userid = userid;
  this.expectedcalperday = expectedcalperday;
 }

 public String getUserid() {
  return this.userid;
 }

 public void setUserid(String userid) {
  this.userid = userid;
 }

 public BigDecimal getExpectedcalperday() {
  return this.expectedcalperday;
 }

 public void setExpectedcalperday(BigDecimal expectedcalperday) {
  this.expectedcalperday = expectedcalperday;
 }

}



and its metamodel

package org.pierre.calories.entities;

import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.persistence.metamodel.SingularAttribute;
import javax.persistence.metamodel.StaticMetamodel;

@Generated(value="Dali", date="2017-11-18T11:02:45.198+0100")
@StaticMetamodel(User.class)
public class User_ {
 public static volatile SingularAttribute<User, String> userid;
 public static volatile SingularAttribute<User, BigDecimal> expectedcalperday;
 public static volatile SingularAttribute<User, String> email;
}


To achieve this in Eclipse: Project/Properties and then:





The multitude of very complicated options (in Maven for instance) to achieve the same EASY result is just one more evidence of the very pathetic state of IT in 2017.... a huge spread of technologies and product to achieve really basic results.... the notion of metadata associated to persistence was around already 25 years ago, it's sad to see that we still don't have proper engineering and consolidated practice.

At this point I can write my logic like this:

package org.pierre.calories.database;

import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.persistence.EntityManager;

import org.pierre.calories.entities.Meal;
import org.pierre.calories.entities.User;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Root;


@ApplicationScoped
public class CaloriesRepository {

    @Inject
    private EntityManager em;
    
    public Meal findMealById(Long id) {
        return em.find(Meal.class, id);
    }
    
    public User findUserById(Long id) {
        return em.find(User.class, id);
    }
        
    public User findUserByEmail(String email) {
        CriteriaBuilder cb = em.getCriteriaBuilder();
        CriteriaQuery<User> criteria = cb.createQuery(User.class);
        Root<User> rootUser = criteria.from(User.class);
        CriteriaQuery<User> select = criteria.select(rootUser);
//OLD SCHOOL  CriteriaQuery<User> emailresult = select.where(cb.equal(rootUser.get("email"), email));
        CriteriaQuery<User> emailresult = select.where(cb.equal(rootUser.get(User_.email), email));
        return em.createQuery(emailresult).getSingleResult();
    }  
    
}


Of course there are much easier ways to achieve the same result, like JPQL https://en.wikipedia.org/wiki/Java_Persistence_Query_Language




Firefox 57 and Tree Style Tabs BROKEN

It's amazing how much damage the new version of Firefox is inflicting to the user community.

If you are a Tree Style Tab user and HATE seeing the tabs being displayed on top and left at same time:

https://www.reddit.com/r/firefox/comments/736cji/how_to_hide_native_tabs_in_firefox_57_tree_style/

In a nutshell (on Windows)

open a cmd prompt
cd %APPDATA%
cd Mozilla/Firefox/Profiles/
cd *** (whatever is named your profile.... no clue why they could not choose a fixed name...)
mkdir chrome

in this chrome folder, create a userChrome.css file with this content:

@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");

/* to hide the native tabs */
#TabsToolbar {
    visibility: collapse;
}

/* to hide the sidebar header */
#sidebar-header {
    visibility: collapse;
}



and restart Firefox.... and pray that with next release they will not break everything again.

For the time being I have disabled the automatic update of Firefox...






Friday, November 17, 2017

JSF crash course

Home page http://www.oracle.com/technetwork/java/javaee/javaserverfaces-139869.html , particularly this introduction https://docs.oracle.com/javaee/5/tutorial/doc/bnaph.html

Decent introduction https://www.youtube.com/watch?v=KwUAA4L_9AA&list=PLEAQNNR8IlB4S8nNUlS0ArfgU1nXlhdRu&index=1 (a bit too verbose, skip the central videos on how to install sw).

The helloworld code is here https://github.com/vernetto/JavaMonAmour/tree/master/pvjsfhello


Primefaces https://www.primefaces.org/

Richfaces http://richfaces.jboss.org/


Great collection of books on JSF http://www.javatechblog.com/java/best-books-to-learn-jsf-for-java-developers/ (mostly very ancient)


An excellent book is Core JavaServer Faces http://corejsf.com/ by David Geary and Cay Horstmann, 3rd edition



Remote debug Wildfly with Eclipse, KeycloakPrincipal

./standalone.bat --debug

This generates


JAVA_OPTS: "-Dprogram.name=standalone.bat -Xms64M -Xmx512M -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"

===============================================================================

Listening for transport dt_socket at address: 8787



In fact, in standalone.bat you find this code:

rem Set debug settings if not already set
if "%DEBUG_MODE%" == "true" (
   echo "%JAVA_OPTS%" | findstr /I "\-agentlib:jdwp" > nul
  if errorlevel == 1 (
     set "JAVA_OPTS=%JAVA_OPTS% -agentlib:jdwp=transport=dt_socket,address=%DEBUG_PORT_VAR%,server=y,suspend=n"
  ) else (
     echo Debug already enabled in JAVA_OPTS, ignoring --debug argument
  )
)


You can now follow these instructions https://www.eclipse.org/jetty/documentation/9.4.x/debugging-with-eclipse.html to configure Eclipse,
or simply

right-click on project in eclipse, Debug as, Remote Java Application, then you get this dialog


so I can trace this code:



public String getPrincipalName(HttpServletRequest request) {
KeycloakPrincipal keycloakPrincipal = (KeycloakPrincipal)request.getUserPrincipal();
return keycloakPrincipal != null ? keycloakPrincipal.getKeycloakSecurityContext().toString() : "unauthenticated" ;
}


and discover this:



In a ManagedBean you can inject a Principal, and Wildfly will take care of it transparently:

@Named
@RequestScoped
public class EventViewBean {
@Inject Principal principal;

public void getPrincipal() {
System.out.println("principal class name is " + principal.getClass().gtName());
}
}


This will print a:

org.jboss.weld.security.Principal$$Proxy$_$$_Weld$Proxy$


and not - as expected - a http://www.keycloak.org/docs-api/3.2/javadocs/org/keycloak/KeycloakPrincipal.html who however also implements the https://docs.oracle.com/javase/7/docs/api/java/security/Principal.html interface




Thursday, November 16, 2017

set -euf -o pipefail

https://sipb.mit.edu/doc/safe-shell/

nice to read about shell scripting. DON'T USE SHELL, USE PYTHON INSTEAD.

As mentioned in the article, you can use https://docs.python.org/2/library/subprocess.html or also PLUMBUM "Never write shell scripts again"

https://google.github.io/styleguide/shell.xml "Shell should only be used for small utilities or simple wrapper scripts. "



PGP verification of Maven artifacts

I run the following commands:

git clone https://github.com/gabrielf/maven-samples
cd maven-samples
mvn com.github.s4u.plugins:pgpverify-maven-plugin:check

and I get this interesting results:


Downloading: https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.jar.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.jar.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.jar.asc
Downloaded: https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.jar.asc (535 B at 3.2 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.jar.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.jar.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.jar.asc
Downloaded: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.jar.asc (832 B at 5.7 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.jar.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.jar.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.jar.asc
Downloaded: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.jar.asc (832 B at 4.5 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/mockito/mockito-core/1.8.5/mockito-core-1.8.5.jar.asc
[WARNING] No signature for org.mockito:mockito-core:jar:1.8.5
Downloading: https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.jar.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.jar.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.jar.asc
Downloaded: https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.jar.asc (189 B at 1.4 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.pom.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.pom.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.pom.asc
Downloaded: https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.pom.asc (189 B at 1.3 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.pom.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.pom.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.pom.asc
Downloaded: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.pom.asc (832 B at 5.1 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/mockito/mockito-core/1.8.5/mockito-core-1.8.5.pom.asc
[WARNING] No signature for org.mockito:mockito-core:pom:1.8.5
Downloading: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.pom.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.pom.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.pom.asc
Downloaded: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.pom.asc (832 B at 4.6 kB/s)
Downloading: https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.pom.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.pom.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.pom.asc
Downloaded: https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.pom.asc (535 B at 3.0 kB/s)
[INFO] Receive key: 5A01BE76E757922C to d:\pierre\.m2\repository\pgpkeys-cache\5A\01\5A01BE76E757922C.asc
[INFO] org.hamcrest:hamcrest-core:jar:1.2.1 PGP Signature OK
KeyId: 0x5A01BE76E757922C UserIds: [Marc von Renteln ]
[INFO] Receive key: 7C7D8456294423BA to d:\pierre\.m2\repository\pgpkeys-cache\7C\7D\7C7D8456294423BA.asc
[INFO] org.objenesis:objenesis:pom:1.0 PGP Signature OK
KeyId: 0x7C7D8456294423BA UserIds: [Henri Tremblay ]
[INFO] org.hamcrest:hamcrest-library:jar:1.2.1 PGP Signature OK
KeyId: 0x5A01BE76E757922C UserIds: [Marc von Renteln ]
[INFO] org.objenesis:objenesis:jar:1.0 PGP Signature OK
KeyId: 0x7C7D8456294423BA UserIds: [Henri Tremblay ]
[INFO] org.hamcrest:hamcrest-library:pom:1.2.1 PGP Signature OK
KeyId: 0x5A01BE76E757922C UserIds: [Marc von Renteln ]
[INFO] org.hamcrest:hamcrest-core:pom:1.2.1 PGP Signature OK
KeyId: 0x5A01BE76E757922C UserIds: [Marc von Renteln ]
[INFO] Receive key: 88AA1FEE831A7E89 to d:\pierre\.m2\repository\pgpkeys-cache\88\AA\88AA1FEE831A7E89.asc
[INFO] junit:junit-dep:jar:4.10 PGP Signature OK
KeyId: 0x88AA1FEE831A7E89 UserIds: [David Saff ]
[INFO] junit:junit-dep:pom:4.10 PGP Signature OK
KeyId: 0x88AA1FEE831A7E89 UserIds: [David Saff ]




In fact, as reported by http://branchandbound.net/blog/security/2012/08/verify-dependencies-using-pgp/ , only 2 percent of companies verify PGP signature, and a signature is mandatory in Maven Central only for last 3 years, so old components most of the time have NO SIGNATURE!





Wednesday, November 15, 2017

Not using SSL to connect to Maven? dilettante (=amateur) !

https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/

If you want to play a trick on your friends, you can use Dilettante to man-in-the-middle a Maven Repository request and inject some bad behaviour, the source code is here https://github.com/mveytsman/dilettante but don't do in your company, you might not win friends.

Very interesting reading https://stackoverflow.com/a/24987915/651288

You can upgrade your URL to HTTPS at no cost (it used to be a paying service) https://support.sonatype.com/hc/en-us/articles/213465458

Use this https://repo1.maven.org/maven2/ , not http://repo1.maven.org/maven2/

To run a verification of your build dependent artifacts:

mvn com.github.s4u.plugins:pgpverify-maven-plugin:check

you can create locally a gpg key:

gpg
gpg --gen-key
gpg --list-keys
gpg --list-secret-keys

to verify a component:
gpg --verify plexus-cipher-1.7.jar.asc plexus-chipher-1.7.jar


Very good article on XBI (cross build injection) http://branchandbound.net/blog/security/2012/03/crossbuild-injection-how-safe-is-your-build/

and about verifying components using MIT key repo : http://branchandbound.net/blog/security/2012/08/verify-dependencies-using-pgp/


Interesting Maven plugin to whitelist components in a build http://gary-rowe.com/agilestack/2013/07/03/preventing-dependency-chain-attacks-in-maven/

and here another similar Maven plugin to check PGP signature https://www.simplify4u.org/pgpverify-maven-plugin/index.html




Decrypting HTTPS traffic with Fiddler

A great feature provided by Fiddler (running only on Windows, though), and not available in Wireshark OOTB,
is the ability to capture and DECRYPT HTTPS traffic:

http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/DecryptHTTPS

however, this will create a new Root CA and add it to your trusted CA store.... before you do this in your company, you might have a word with the Security folks, before you find Ulysses and all the other greek warriors looting your city of Troy...




Tuesday, November 14, 2017

MariaDB on CentOS 7

With Docker

https://hub.docker.com/_/mariadb/

docker pull mariadb
docker run --name some-mariadb -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mariadb:tag

port is 3306

container linking : docker run --name some-app --link some-mariadb:mysql -d application-that-uses-mysql



Without docker:

https://www.tecmint.com/install-mariadb-in-centos-7/



Useful introduction for digitalocean https://www.digitalocean.com/community/tutorials/how-to-create-and-manage-databases-in-mysql-and-mariadb-on-a-cloud-server


sudo systemctl start mariadb
sudo systemctl daemon-reload
sudo systemctl start mariadb
sudo mysql_secure_installation


Here https://www.heidisql.com/download.php?download=portable a MariaDB UI



Adam Bien The Great airhacks links

Listening to Adam Bien SEMINAL videos, I will write down some links:


http://www.adam-bien.com/roller/abien/entry/the_4th_airhacks_io_question


http://openjpa.apache.org/jest-usage.html maps JPA to REST calls

https://wiki.eclipse.org/EclipseLink/Examples/JPARS/Simple JPA RS from EclipseLink, same as JEST


https://github.com/p6spy/p6spy database interceptors


Ping https://github.com/AdamBien/ping

Floyd https://github.com/AdamBien/floyd

Watchdock https://github.com/AdamBien/watchdock/ and http://www.adam-bien.com/roller/abien/entry/watchdock_er_v0_0_1

I try to do so :


sudo systemctl start dockerd -H tcp://0.0.0.0:5555 -api-enable-cors
ssh: Could not resolve hostname tcp://0.0.0.0:5555: Name or service not known
Could not watch jobs: Connection reset by peer


Mystery!




Public fields in CDI

in CDI one can't have a PUBLIC attribute in a RequestScoped variable:

@Named
@RequestScoped
public class EventViewBean implements Serializable {

    @Produces
    public List<Meal> meals;

    public void setMeals(List<Meal> meals) {
 this.meals = meals;
    }

    public List<Meal> getMeals() {
  return meals;
    }

}

otherwise you get this error:

WELD-000075 Normal scoped managed bean implementation class has a public field

To fix the issue, just remove the "public" in "public List<Meal> meals;" and don't ask questions... it's all too sad... just smile and say yes.

Magic: convert CentOS 7 to Oracle Linux

I found this post https://www.digitalocean.com/community/questions/how-can-i-install-oracle-11g


curl -O https://linux.oracle.com/switch/centos2ol.sh
chmod 777 centos2ol.sh
sudo sh -c ./centos2ol.sh

sudo yum distro-sync

I get this:


Transaction check error:
file /usr/lib64/gnome-documents/girepository-1.0/Gd-1.0.typelib from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/lib64/gnome-documents/girepository-1.0/GdPrivate-1.0.typelib from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/lib64/gnome-documents/libgd.so from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/lib64/gnome-documents/libgdprivate-1.0.so from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/share/glib-2.0/schemas/org.gnome.Documents.enums.xml from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/share/gnome-documents/getting-started/C/gnome-documents-getting-started.pdf from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/share/gnome-documents/gir-1.0/Gd-1.0.gir from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/share/gnome-documents/gir-1.0/GdPrivate-1.0.gir from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64


sudo yum install oracle-rdbms-server-11gR2-preinstall

sudo reboot now

At this point, you can try to install Oracle DB http://www.oracle.com/technetwork/articles/servers-storage-admin/ginnydbinstallonlinux-488779.html

Wildfly 11 final: add-user miserably fails when run in git bash (and maybe cygwin)

$ ./add-user.sh
Exception in thread "main" java.lang.IllegalStateException: WFLYDM0021: No java.io.Console available to interact with user.
at org.jboss.as.domain.management.security.adduser.AddUser.(AddUser.java:78)
at org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:240)
at org.jboss.modules.Module.run(Module.java:344)
at org.jboss.modules.Main.main(Main.java:525)


Simply pathetic. Just forget to run it from git bash, and execute the command from a regular powershell or cmd shell.

It's my fault, I should not try to deploy anything on Windows, apart VirtualBox to be able to run CentOS...

Sunday, November 12, 2017

ConEmu, better than Console2

If you are completely disgusted with Windows terminal (cmd, powershell, gitbash, far) consoles each running in a different window - and wasting hours having to identify the one you need - then you definitely want to try ConEmu portable https://www.fosshub.com/ConEmu.html

It contains all the possible options you might dream of.

Anyway, Microsoft sucks, only a company completely disregarding developers need can come up with such pathetic tools like Windows Explorer, cmd and the such. The only reason I still use Windows at home is that my company uses it as a Desktop OS.

Saturday, November 11, 2017

Keycloak, cookies and principal

When you access a secured webapp, the first cookie to be created is a JSESSIONID


/pvkeycloakdemo is my webapp root context

When you access a protected resource, you get redirected to keycloak authentication server, and another 2 cookies appear: a OAuth_Token_Request_State (Path=/pvkeycloakdemo) and a AUTH_SESSION_ID (Path=/auth/realms/demo)

After authenticating in Keycloak, I get a KC_RESTART, a KEYCLOAK_IDENTITY and a KEYCLOAK_SESSION (Path=/auth/realms/demo)

KEYCLOAK_SESSION is a special one: it's the only one with a 12 hour expiration time (all others expire at end of session) and the value specifies the realm name : demo/34f600e7-bfd6-475c-9596-72491b9455fa/fa9c5c6b-5e70-43ce-aeb8-34b2188e3c7f (demo in this case)

If you choose the option "remember me", you get also a cookie KEYCLOAK_REMEMBER_ME



When you do a request.getPrincipal(), the java.security.Principal is a org.keycloak.KeycloakPrincipal, and the principal Name is the ID that you see in the Keycloak console, not the Name:






Sunday, November 5, 2017

Apache Commons ContextedException

https://commons.apache.org/proper/commons-lang/apidocs/org/apache/commons/lang3/exception/ContextedException.html

Developers often forget to attach context information to their exceptions. So one gets messages like "Unable to connect to server" and we don't know to which server and port the connection was attempted.

Add this to your pom.xml

<dependencies>
  <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
  <dependency>
   <groupId>org.apache.commons</groupId>
   <artifactId>commons-lang3</artifactId>
   <version>3.6</version>
  </dependency>
 </dependencies>

and this is the test code

package pvexceptions;

import org.apache.commons.lang3.exception.ContextedException;;

public class PVExceptionGenerator {
 public static void main(String[] args) {
  try {
   try {
    int a = 1 / 0;
   } catch (Throwable a) {
    throw new ContextedException("something went wrong in division", a).addContextValue("customer", "Mario").addContextValue("custno", 1234);
   }

  } catch (Throwable t) {
   t.printStackTrace();
  }
 }

}



The output is:

org.apache.commons.lang3.exception.ContextedException: something went wrong in division
Exception Context:
[1:customer=Mario]
[2:custno=1234]
---------------------------------
at pvexceptions.PVExceptionGenerator.main(PVExceptionGenerator.java:11)
Caused by: java.lang.ArithmeticException: / by zero
at pvexceptions.PVExceptionGenerator.main(PVExceptionGenerator.java:9)





H2 Database Tutorial

presentation here (English is iffy but content is good until half way, the rest forget it)




Download it from here http://www.h2database.com/html/download.html

go to d:\apps\H2\bin and run h2.bat

this will open the browser at http://192.168.56.1:8082/login.jsp?jsessionid=884e38fb4c3da545d97e2fc9be776bd8


the JAR is D:\apps\H2\bin\h2-1.4.196.jar


How to use H2 as embedded DB




Interesting project demonstrating embedded H2 DB https://www.mkyong.com/spring/spring-embedded-database-examples/

but also this one https://github.com/Pscheidl/cdi-events-playground demonstrating CDI, JSF and H2

CDI in Java SE 8

In Eclipse (pueah, I know, IntelliJ is much better) create a simple Java project, give it the Maven feature, and create this structure:


Add this dependency:

<dependency>
<groupId>org.jboss.weld.se</groupId>
<artifactId>weld-se-shaded</artifactId>
<version>3.0.0.Final</version>
</dependency>


and the code to bootstrap the WELD engine is:

import javax.enterprise.inject.se.SeContainer;
import javax.enterprise.inject.se.SeContainerInitializer;

public class MyMain {
 public static void main(String[] args) {
  SeContainer container = SeContainerInitializer.newInstance().initialize();
  CDITester cdiTester = container.select(CDITester.class).get();
  cdiTester.greet();
 }
}



or also (thanks gist-it)



The beans.xml file is empty and required, without it you would get this error:


Exception in thread "main" java.lang.IllegalStateException: WELD-ENV-000016: Missing beans.xml file in META-INF
at org.jboss.weld.environment.se.Weld.initialize(Weld.java:742)
at org.jboss.weld.environment.se.Weld.initialize(Weld.java:174)
at org.pierre.cditests.MyMain.main(MyMain.java:8)




The whole solution is here https://github.com/vernetto/JavaMonAmour/tree/master/pvcdi.
When you start the MyMain inside Eclipse (no need to deploy it Wildfly!!!) you should see:


Nov 05, 2017 5:13:17 PM org.jboss.weld.bootstrap.WeldStartup
INFO: WELD-000900: 3.0.0 (Final)
Nov 05, 2017 5:13:17 PM org.jboss.weld.bootstrap.WeldStartup startContainer
INFO: WELD-000101: Transactional services not available. Injection of @Inject UserTransaction not available. Transactional observers will be invoked synchronously.
Nov 05, 2017 5:13:17 PM org.jboss.weld.environment.se.WeldContainer fireContainerInitializedEvent
INFO: WELD-ENV-002003: Weld SE container aabfa8d7-3cf1-44da-8b63-173e651f18a8 initialized
Hello, pierre.
Weld SE container aabfa8d7-3cf1-44da-8b63-173e651f18a8 shut down by shutdown hook


I really wonder why Java still in 2017 doesn't offer you an ready-made CDI engine in SE.... in fact, I wonder why we still have this separation between SE and EE.... nonsense.... it will go away, like all the nonsense...


Incidentally , https://dzone.com/articles/how-to-inject-property-file-properties-with-cdi really simple way to inject property values with annotations (Spring has a similar concept




Tuesday, October 31, 2017

Maven to Repository protocol

I have used this minimalistic proxy service:

http://www.jcgonzalez.com/java-simple-proxy-socket-server-examples#1

and just added a "System.out.println("read: " + new String(request));" after the "outToServer.flush();"

then in my settings.xml I point the mirror to localhost instead of the real Nexus Repository service, and I start my proxy pointing to Nexus and listening on port 80. This way, I can intercept all http request issued by Maven.


The result is quite simple:


Starting proxy for nexus-java:80 on port 80
read: GET /content/repositories/approved-from-central/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom HTTP/1.1
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
User-Agent: Apache-Maven/3.3.9 (Java 1.8.0_102; Windows 7 6.1)
Host: localhost
Connection: Keep-Alive



read: GET /content/repositories/approved-from-central/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom.sha1 HTTP/1.1
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
User-Agent: Apache-Maven/3.3.9 (Java 1.8.0_102; Windows 7 6.1)
Host: localhost
Connection: Keep-Alive


read: GET /content/repositories/approved-from-central/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar HTTP/1.1
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
User-Agent: Apache-Maven/3.3.9 (Java 1.8.0_102; Windows 7 6.1)
Host: localhost
Connection: Keep-Alive


read: GET /content/repositories/approved-from-central/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar.sha1 HTTP/1.1
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
User-Agent: Apache-Maven/3.3.9 (Java 1.8.0_102; Windows 7 6.1)
Host: localhost
Connection: Keep-Alive


read: GET /content/repositories/approved-from-central/commons-lang/commons-lang/2.1/commons-lang-2.1.pom HTTP/1.1
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
User-Agent: Apache-Maven/3.3.9 (Java 1.8.0_102; Windows 7 6.1)
Host: localhost
Connection: Keep-Alive


read: GET /content/repositories/approved-from-central/commons-lang/commons-lang/2.1/commons-lang-2.1.pom.sha1 HTTP/1.1
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
User-Agent: Apache-Maven/3.3.9 (Java 1.8.0_102; Windows 7 6.1)
Host: localhost
Connection: Keep-Alive


read: GET /content/repositories/approved-from-central/commons-lang/commons-lang/2.1/commons-lang-2.1.jar HTTP/1.1
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
User-Agent: Apache-Maven/3.3.9 (Java 1.8.0_102; Windows 7 6.1)
Host: localhost
Connection: Keep-Alive


read: GET /content/repositories/approved-from-central/commons-lang/commons-lang/2.1/commons-lang-2.1.jar.sha1 HTTP/1.1
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
User-Agent: Apache-Maven/3.3.9 (Java 1.8.0_102; Windows 7 6.1)
Host: localhost
Connection: Keep-Alive




so it's extremely easy to parse the GET command and implement a firewall/filter to block components that you know are harmful.







Monday, October 30, 2017

OracleXETNSListener runs on port 8080

If you run locally a Oracle XE instance, you are bound to have it occupy port 8080 (with catastrophic consequences for all other application using this popular port)

Run tcpview to make sure that the process tnslsnr.exe is using the port 8080

You can then open Sqldeveloper, login as SYS, and run this:

begin
dbms_xdb.sethttpport('9090');
end;

then restart the oracle listener (maybe first shut it down, they start your other application using port 8080, then start the oracle listener)

it's a sad world. Why is everyone using 8080, there are so many integer numbers...


Saturday, October 28, 2017

Setting up Maven to retrieve ojdbc8.jar

googling around in StackOverflow there is a huge variety of approaches to this very common problem: you must add the artifact to your build, but it's not available in Maven Central.... what to do?

Some resort to downloading it manually and deploying it to the local Maven repo. Some even include the file in their WEB-INF/lib folder in their SCM project. Some use some third party public repositories (like Atlassian, code.lds.org, ... ) who graciously host these artifacts.... all fine when you play on your PC, but in a serious company with strict security control all this would not be allowed. Some folks simply cowboy-style put it somewhere in their HD and add the external JAR to Eclipse.... what happens next, they don't really care, as long as it works on their machine.

Oracle hosts these artifacts in their Public Oracle Maven repository, but you need to authenticate yourself (for which reason, it's totally obscure to me!)

https://docs.oracle.com/middleware/1213/core/MAVEN/config_maven_repo.htm#MAVEN9016 here how to setup maven to connect to the Oracle repo (basically: in settings.xml you have to declare the server maven.oracle.com authenticating with your user, the in your pom.xml you must declare a rerpository with id matching this maven.oracle.com server, then a pluginRepository with id again maven.oracle.com. At this point you can declare the dependency

<dependency>
   <groupId>com.oracle.jdbc</groupId>
   <artifactId>ojdbc8</artifactId>
   <version>12.2.0.1</version>
  </dependency>

This post explains it in a lot of detail https://blogs.oracle.com/dev2dev/get-oracle-jdbc-drivers-and-ucp-from-oracle-maven-repository-without-ides

To make things much more complicated, the repository is not browsable https://maven.oracle.com/com/oracle/ojdbc8/ ... how to determine it content, no clue!


See also https://stackoverflow.com/questions/9898499/oracle-jdbc-ojdbc6-jar-as-a-maven-dependency] and https://stackoverflow.com/questions/1074869/find-oracle-jdbc-driver-in-maven-repository

https://mvnrepository.com/artifact/com.oracle/ojdbc6/12.1.0.1-atlassian-hosted to get ojdbc6.jar from maven (atlassian hosted!)

https://developer.atlassian.com/docs/advanced-topics/working-with-maven/atlassian-maven-repositories to configure atlassian repo in pom.xml



IMPORTANT: when running in Eclipse, make sure you are NOT using the Embedded installation of Maven while you are configuring an EXTERNAL Maven configuration.... this multiplicity of installations and configurations only makes the developer's life more miserable.... IMHO it's better to have an independent, external, universal installation rather than an embedded one.... again another major fuck-up in Eclipse design. Forget Eclipse, use Netbeans and Intellij.


CODE: a working pom.xml is available here https://github.com/vernetto/JavaMonAmour/tree/master/oracletest



Adam Bien: real world Java EE 6 Patterns 2012 edition

here a general presentation http://download.java.net/general/podcasts/real_world_java_ee_patterns.pdf

here the book (11 USD in Kindle) https://www.amazon.com/Real-World-Java-Patterns-Rethinking-Practices/dp/1300149310/ref=sr_1_1?s=books&ie=UTF8&qid=1508683416&sr=1-1




Examples from the books here https://github.com/dlee0113/java_ee_patterns_and_best_practices

I love the dry, concise, down-to-earth approach of Adam, however a little more sense of humor would not hurt... but I prefer a concise book than a book who tries to be smart and eventually only wastes your time in endless blablabla

Saturday, October 21, 2017

Keycloak

Sadly there is not even a wikipedia entry, apart this short section https://en.wikipedia.org/wiki/List_of_single_sign-on_implementations "Federated SSO (LDAP and Active Directory), standard protocols (OpenID Connect, OAuth 2.0 and SAML 2.0) for Web, clustering and single sign on"

How to setup a Keycloak server:
http://blog.keycloak.org/2015/10/getting-started-with-keycloak.html

I have done the "Standalone installation" on Windows and it works without a glitch.
The official documentation is here http://www.keycloak.org/docs/latest/getting_started/index.html - tidy and condensed.

How to secure a REST application with the previously setup Keycloak server
http://blog.keycloak.org/2015/10/getting-started-with-keycloak-securing.html

except that the link is broken and I got the repo from "git clone https://github.com/redhat-developer/redhat-sso-quickstarts.git" and cd redhat-sso-quickstarts and cd service-jee-jaxrs. Running mvn package now fails because of the missing keycloak.json file in the config folder.

I follow the instructions here https://github.com/redhat-developer/redhat-sso-quickstarts/tree/7.0.x/service-jee-jaxrs to create a config\keycloak.json file . Only after creating this file you can run mvn package and build the service.war.

I start a standalone wildfly at 8080, do mvn install wildfly:deploy and I get Unknown authentication mechanism KEYCLOAK

This because in my app the web.xml contains <login-config><auth-method>KEYCLOAK</auth-method></login-config>
If I change it to BASIC and redeploy, then hit http://localhost:8080/service/public , it all works. But I need KEYCLOAK!




Here https://stackoverflow.com/questions/27253559/keycloak-unknown-authentication-mechanism they explain how to configure Wildfly for KEYCLOAK.

I download the client adapter for Wildfly http://www.keycloak.org/downloads.html, the file is keycloak-wildfly-adapter-dist-3.3.0.CR2.zip and I unzip it in the WLIDFLY_HOME folder, so as to merge it to the existing bin and modules folders. Then I run:

jboss-cli.bat -c --file=adapter-install.cli


This adds

<security-domain name="keycloak">
 <authentication>
  <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
 </authentication>
</security-domain>



but it still doesn't work, same error "Unknown authentication mechanism KEYCLOAK"...

strange, in Wildfly console I can see Configuration: Subsystems Subsystem: Security Security Domain: keycloak

However, I see the message "Extension module org.keycloak.keycloak-adapter-subsystem not found"... so I run also this

jboss-cli.bat -c --file=adapter-install.cli

and restart everything and it works!

Some valuable KEYCLOAK tutorials:

this one with some quick demo on how to secure webapps, nodejs etc applications:




this one is quite professional on the overall features:





Detailed configuration instructions here http://www.keycloak.org/docs/latest/getting_started/topics/secure-jboss-app/download-quickstarts.html

Quickstarts available here https://github.com/keycloak/keycloak-quickstarts