Sunday, February 26, 2017

greg turnquist "learning spring boot"

on Safari Books online I have watched the entire course by Greg Turnquist, the material is really well done, hands on and practical.... Spring Boot is the best product I have seen since a long time, it has a learning curve but it allows you to write formidably compact applications.

Saturday, February 25, 2017

Lambda basics Java 8 tutorial by Koushik

I love the hands-on, fresh and immediate way by which Koushik explains these concepts... I wish I had half of his talents...

Saturday, February 18, 2017

Chrome NET::ERR_CERT_REVOKED for a revoked certificate

connecting Chrome to a local development WebLogic that was using a WebServer certificate that was revoked in the CRL list, I got this message:

Your connection is not private Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_REVOKED Automatically report details of possible security incidents to Google. Privacy policy ReloadHide advanced localhost normally uses encryption to protect your information. When Google Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged. You cannot visit localhost right now because this certificate has been revoked. Network errors and attacks are usually temporary, so this page will probably work later.

Once I started Chrome with "chrome.exe --ignore-certificate-errors" the connection is accepted, I just get a warning "you are using an unsupported command-line flag: --ignore-certificate-errors. Stability and security will suffer "

JDB is your friend

We had recently an issue with an XML parser failing to parse a temporary file that was immediately deleted after.
How to stop execution before the file gets deleted?
I am using jdb and I have created a simple test case

Start WebLogic with
set JAVA_OPTIONS=-agentlib:jdwp=transport=dt_shmem,address=jdbconn,server=y,suspend=n %JAVA_OPTIONS%

I deploy a small webapp with:

class com.pierre.MyCounter

package com.pierre;
public class MyCounter {
       static int count = 0;
       public static String getCountAsString() {
             return String.valueOf(count++);

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
<%@ page import="com.pierre.*"  %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here bla</title>
The count is:
I hope you are happy.


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="" xmlns:xsi="">

Then run from a command line :
jdb -attach jdbconn

run your case once to make sure the MyCounter class has already been loaded, then run


to check if the MyCounter is there, then run this to set a breakpoint:

stop at com.pierre.MyCounter:6

next time you run the jsp, the breakpoint is hit and execution stops

Sunday, February 12, 2017

Saturday, February 11, 2017

Great Spring basic introduction part 2

part 10

part 11

part 12

part 13

part 14

part 15

part 16

part 17

part 18

part 19

part 20

part 21

part 22

part 23

part 24

make logger.debug() obsolete

IMHO logging is the weakest point in application development, the Cinderella of IT.
Most people don't log enough information to enable effective troubleshooting, the context is lost, changing logging level in PROD is hell, if you enable debug level you end up being flooded with unwanted info, most of the time operators don't even have instructions on how to do it.
Besides one is interested in knowing what happened immediately before an error occurred, so one should always have like a Flight Recorder with some history preceding the error and ready to be dumped when this happens.
Also, frameworks like ByteBuddy or Btrace or AOP products allows you to dynamically define loggers... logging is a cross-cutting concern, it should not be interspersed in the business code cluttering it. Just define what to log in a separate module - configuration and convention over code.
Here at OverOps they seem to bring some value:

watch the short video:

Friday, February 10, 2017

Great Spring basic introduction (part 1)

part 1

part 2

part 3

part 4

code for part 4 is here
part 5

part 6

part 7

part 8
part 9

Saturday, February 4, 2017

Cool ReactJS introduction

The guy on the right is really good - however I was surprised, the need for separation between Model and View has been evident for half a century, it should not be matter of a dissertation.

Code is available here

Anyway, I keep thinking that coding large projects in JS is madness. Totally unrefactorable, very hard to debug.

Eclipse M2_REPO

In Eclipse, if you go to Window/Preferences , Java/Build Path/Classpath Variable , there you see M2_REPO as "not modifiable".
to change it, you should to to Window/Preferences/ Maven / User Settings and point to the location of your settings.xml where you have defined localRepository to the value D:\pierre\.m2\repository (for example).

MAVEN = Mad Aberrant Vituperative Endless Nonsense

See also:


Create a Dynamic Web project "SnoopServlet"

This is the web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="" xmlns="" xsi:schemaLocation="" id="WebApp_ID" version="3.1">

This is the weblogic.xml:

<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:wls="" xmlns:xsi="" xsi:schemaLocation="">

import java.util.Enumeration;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class MySnoopServlet extends HttpServlet
    public int mycount = 0;
    public MySnoopServlet()

    public void destroy()

    public void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException
        HttpSession session;
        PrintWriter out;
        session = request.getSession();
        out = response.getWriter();
        try {
         out.println("<body text='#ffffff' bgcolor='#666699' link='#ffffff' vlink='#ffffff' alink='#ffffff'>");
         out.println("<p>The servlet has received a GET. This is the reply.</p>");
         out.print("<br>Principal = " + request.getUserPrincipal());
         out.print("<br>URL = " + request.getRequestURL().toString());
         out.print("<br>AuthType = " + request.getAuthType());
         out.print("<br>RemoteUser = " + request.getRemoteUser());
         out.print("<br>ServerName = " + System.getProperty("weblogic.Name"));
         out.print("<br>SessionID = " + session.getId());
         out.println("<br><hr> <br>");
         Enumeration enum1 = request.getHeaderNames();
         String item;
         for(; enum1.hasMoreElements(); out.print("<br>" + item + "=" + request.getHeader(item)))
             item = (String)enum1.nextElement();
         out.println("<br><hr> <br>");
         for(enum1 = request.getAttributeNames(); enum1.hasMoreElements(); out.print("<br>" + item + "=" + request.getAttribute(item)))
             item = (String)enum1.nextElement();
         out.println("<br><hr> <br>");
         for(enum1 = request.getParameterNames(); enum1.hasMoreElements(); out.print("<br>" + item + "=" + request.getParameter(item)))
             item = (String)enum1.nextElement();
         out.println("<br><hr> <br>");
       catch (Throwable th) {
      finally {

    public void init()
        throws ServletException



The servlet has received a GET. This is the reply.

Principal = null
AuthType = null
RemoteUser = null
ServerName = AdminServer
SessionID = MHcJQYLAVotakdRTZ2rAwUj_sRjWlQ3Bui-_d50iyOJwAwNJW6B2!837838669!1486213972672

User-Agent=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept-Encoding=gzip, deflate



The JSP can be found in $WL_HOME/samples/server/examples/src/examples/security/sslclient/src/main/webapp/SnoopServlet.jsp

<!-- Copyright (c) 1999,2015, Oracle and/or its affiliates. All Rights Reserved.-->
<%@ page import="java.util.Enumeration,"%>

  * <p>This helper method can be used to help prevent Cross Site Scripting
  * vulnerabilities. Any Servlet or JSP which sends user input (eg.
  * query parameters in HTTP requests) to be rendered into a user's browser
  * needs to use this method to encode the user input.  This ensures that any
  * HTML in their input (either malicious or otherwise) is not executed by
  * the browser.  This is achieved by converting characters to their HTML
  * escaped form.  For example, '&' is converted to '&amp;amp;'.
  * <p>
  * A full description of Cross Site Scripting (XSS) vulnerabilities can
  * be found at
  * <a href="">
  * @param str
  public String encodeXSS(String str) {

 try {
    This servlet returns information about the HTTP request
    itself. You can modify this servlet to take this information
    and store it elsewhere for your HTTP server records. This
    servlet is also useful for debugging.
   Servlet Spec Version Implemented
   <%= getServletConfig().getServletContext().getMajorVersion() + "." + getServletConfig().getServletContext().getMinorVersion() %>
   Requested URL
   <%= request.getRequestURL().toString() %>
   Request parameters

   Enumeration enum_ = request.getParameterNames();
     String key = (String)enum_.nextElement();
     String[] paramValues = request.getParameterValues(key);
     for(int i=0;i < paramValues.length;i++){
         out.println(key + " : "  + encodeXSS(paramValues[i]));

   Request information
   Request Method: <%= request.getMethod() %>
   Request URI: <%= request.getRequestURI() %>
   Request Protocol: <%= request.getProtocol() %>
   Servlet Path: <%= request.getServletPath() %>
   Path Info: <%= request.getPathInfo() %>
   Path Translated: <%= request.getPathTranslated() %>
   Query String: <%= encodeXSS(request.getQueryString()) %>
   Content Length: <%= request.getContentLength() %>
   Content Type: <%= request.getContentType() %>
   Server Name: <%= request.getServerName() %>
   Server Port: <%= request.getServerPort() %>
   Remote User: <%= request.getRemoteUser() %>
   Remote Address: <%= request.getRemoteAddr() %>
   Remote Host: <%= request.getRemoteHost() %>
   Authorization Scheme: <%= request.getAuthType() %>
   <h3>Certificate Information</h3>
<% certs [];
   certs = ( [])
   if ((certs != null) && (certs.length > 0)) {
    Subject Name : <%= certs[0].getSubjectDN().getName() %> <br>
    Issuer Name :<%= certs[0].getIssuerDN().getName() %> <br>
    Certificate Chain Length : <%= certs.length %> <br>

      // List the Certificate chain
      for (int i=0; i<certs.length;i++) {
%>  Certificate[<%= i %>] : <%= certs[i].toString() %>

    } // end of for loop

   else // certs==null
    Not using SSL or client certificate not required.
    } // end of else
   Request headers
   enum_ = request.getHeaderNames();
   while (enum_.hasMoreElements()) {
    String name = (String)enum_.nextElement();
    out.println(name + ": " +encodeXSS(request.getHeader(name)));
 catch (Exception ex) {
  ex.printStackTrace(new PrintWriter(out));