Sunday, November 19, 2017

Quantum Security in KPN (AllDay DevOps 2017, Jaya Baloo)



jump to minute 11.50 where Jaya starts speaking.

You don't have to understand everything, but it's good to have a glimpse of the future

https://www.nature.com/news/quantum-spookiness-passes-toughest-test-yet-1.18255 here is the 2015 article about the Entanglement mentioned at 24:39

Here an explanation of the Quantum Entanglement https://en.wikipedia.org/wiki/Quantum_entanglement and Einstein's position. I think that saying that Einstein "HATED" the Q.E. is a bit excessive, he simply believed it was not possible and qualified as "spukhafte Fernwirkung" . I get allergic whenever someone tries to ridicule Einstein.

Here more about Einstein "spooky" story https://en.wikipedia.org/wiki/Bohr%E2%80%93Einstein_debates and here https://en.wikipedia.org/wiki/Qubit something more about the Qubit

Maybe you want to try some of IDQuantique products already https://www.idquantique.com/

This is also a good presentation of the brilliant Jaya, given to a totally passive and indifferent audience ("we don't really care if the NSA spies on us, all we care is make good money and have fun on the weekend")





Saturday, November 18, 2017

Injecting Logger

According to https://docs.jboss.org/weld/reference/2.4.0.CR1/en-US/html/injection.html :

import org.slf4j.Logger;

@Named
@SessionScoped
public class CaloriesController implements Serializable  {
 @Inject
 private Logger logger;
    public void insertUser() {
     logger.debug("insertUser");
    }
}


but this is not enough... you will get a "WELD-001408 Unsatisfied dependencies for type Logger with qualifiers @Default at injection point " ...

You have to prepare also a PRODUCER:

package org.pierre.calories.common;

import javax.enterprise.inject.Produces;
import javax.enterprise.inject.spi.InjectionPoint;
import javax.faces.bean.ManagedBean;
import javax.inject.Named;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
@ManagedBean
public class LoggingProducer {
 
 @Produces
 public Logger getLogger(final InjectionPoint ip) {
  return LoggerFactory.getLogger(ip.getMember().getDeclaringClass());
 }

}



See also https://stackoverflow.com/questions/19768405/weld-001408-unsatisfied-dependencies-for-type-logger-with-qualifiers-default


Again, one would hope that in 2017 these things were a bit better engineered and transparent.... but this is the world of IT, a huge morassic mess.... La Brea Tar Pits:



eclipse Deploy projects as compressed archives

After the N-th time I got the error

Error renaming BLA
This may be caused by your server's temporary deploy directory being on a different filesystem than the final destination

see this SO post https://stackoverflow.com/questions/26487574/jboss-tools-deploy-error-this-may-be-caused-by-your-servers-temporary-deploy-d

while deploying from Eclipse to a Wildfly 11, I have searched everywhere and the only option that seems to work is to "Deploy projects as compressed archives"

Double click on the server (in the Servers tab)




at this point, the deployment is just a .war, the exploded directory format is not enabled.


All this is simply pathetic.... Eclipse is a huge failure... it should simply be rewritten from scratch.


PS someone says that deleting the workspace's .metadata folder can fix it... I haven't tried it yet.

Incidentally, deploying as compressed WAR seems to break Keycloak integration... maybe just an impression... Keycloak seems to break silently sometimes...




JPA, Hibernate, Dali and the Metamodel

When building Query criterias, you want to avoid using the String "email" to identify an Entity field... the day you change the field "email" into "mailaddress", your code still compiles but breaks in PROD... ugly... unless you wrote tests... but I prefer when it breaks during compile!

So you must use https://docs.jboss.org/hibernate/entitymanager/3.5/reference/en/html/querycriteria.html "the static form of metamodel reference", that is using an automatically generated class

https://stackoverflow.com/questions/3037593/how-to-generate-jpa-2-0-metamodel

Example:

package org.pierre.calories.entities;

import java.io.Serializable;
import javax.persistence.*;
import java.math.BigDecimal;


/**
 * The persistent class for the USERS database table.
 * 
 */
@Entity
@Table(name="USERS")
@NamedQuery(name="User.findAll", query="SELECT u FROM User u")
public class User implements Serializable {
 private static final long serialVersionUID = 1L;

 @Id
 @GeneratedValue
 private String userid;

 private BigDecimal expectedcalperday;
 
 private String email;

 public String getEmail() {
  return email;
 }

 public void setEmail(String email) {
  this.email = email;
 }

 public User() {
 }

 public User(String userid, BigDecimal expectedcalperday) {
  super();
  this.userid = userid;
  this.expectedcalperday = expectedcalperday;
 }

 public String getUserid() {
  return this.userid;
 }

 public void setUserid(String userid) {
  this.userid = userid;
 }

 public BigDecimal getExpectedcalperday() {
  return this.expectedcalperday;
 }

 public void setExpectedcalperday(BigDecimal expectedcalperday) {
  this.expectedcalperday = expectedcalperday;
 }

}



and its metamodel

package org.pierre.calories.entities;

import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.persistence.metamodel.SingularAttribute;
import javax.persistence.metamodel.StaticMetamodel;

@Generated(value="Dali", date="2017-11-18T11:02:45.198+0100")
@StaticMetamodel(User.class)
public class User_ {
 public static volatile SingularAttribute<User, String> userid;
 public static volatile SingularAttribute<User, BigDecimal> expectedcalperday;
 public static volatile SingularAttribute<User, String> email;
}


To achieve this in Eclipse: Project/Properties and then:





The multitude of very complicated options (in Maven for instance) to achieve the same EASY result is just one more evidence of the very pathetic state of IT in 2017.... a huge spread of technologies and product to achieve really basic results.... the notion of metadata associated to persistence was around already 25 years ago, it's sad to see that we still don't have proper engineering and consolidated practice.

At this point I can write my logic like this:

package org.pierre.calories.database;

import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.persistence.EntityManager;

import org.pierre.calories.entities.Meal;
import org.pierre.calories.entities.User;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Root;


@ApplicationScoped
public class CaloriesRepository {

    @Inject
    private EntityManager em;
    
    public Meal findMealById(Long id) {
        return em.find(Meal.class, id);
    }
    
    public User findUserById(Long id) {
        return em.find(User.class, id);
    }
        
    public User findUserByEmail(String email) {
        CriteriaBuilder cb = em.getCriteriaBuilder();
        CriteriaQuery<User> criteria = cb.createQuery(User.class);
        Root<User> rootUser = criteria.from(User.class);
        CriteriaQuery<User> select = criteria.select(rootUser);
//OLD SCHOOL  CriteriaQuery<User> emailresult = select.where(cb.equal(rootUser.get("email"), email));
        CriteriaQuery<User> emailresult = select.where(cb.equal(rootUser.get(User_.email), email));
        return em.createQuery(emailresult).getSingleResult();
    }  
    
}


Of course there are much easier ways to achieve the same result, like JPQL https://en.wikipedia.org/wiki/Java_Persistence_Query_Language




Firefox 57 and Tree Style Tabs BROKEN

It's amazing how much damage the new version of Firefox is inflicting to the user community.

If you are a Tree Style Tab user and HATE seeing the tabs being displayed on top and left at same time:

https://www.reddit.com/r/firefox/comments/736cji/how_to_hide_native_tabs_in_firefox_57_tree_style/

In a nutshell (on Windows)

open a cmd prompt
cd %APPDATA%
cd Mozilla/Firefox/Profiles/
cd *** (whatever is named your profile.... no clue why they could not choose a fixed name...)
mkdir chrome

in this chrome folder, create a userChrome.css file with this content:

@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");

/* to hide the native tabs */
#TabsToolbar {
    visibility: collapse;
}

/* to hide the sidebar header */
#sidebar-header {
    visibility: collapse;
}



and restart Firefox.... and pray that with next release they will not break everything again.

For the time being I have disabled the automatic update of Firefox...






Friday, November 17, 2017

JSF crash course

Home page http://www.oracle.com/technetwork/java/javaee/javaserverfaces-139869.html , particularly this introduction https://docs.oracle.com/javaee/5/tutorial/doc/bnaph.html

Decent introduction https://www.youtube.com/watch?v=KwUAA4L_9AA&list=PLEAQNNR8IlB4S8nNUlS0ArfgU1nXlhdRu&index=1 (a bit too verbose, skip the central videos on how to install sw).

The helloworld code is here https://github.com/vernetto/JavaMonAmour/tree/master/pvjsfhello


Primefaces https://www.primefaces.org/

Richfaces http://richfaces.jboss.org/


Great collection of books on JSF http://www.javatechblog.com/java/best-books-to-learn-jsf-for-java-developers/ (mostly very ancient)


An excellent book is Core JavaServer Faces http://corejsf.com/ by David Geary and Cay Horstmann, 3rd edition



Remote debug Wildfly with Eclipse, KeycloakPrincipal

./standalone.bat --debug

This generates


JAVA_OPTS: "-Dprogram.name=standalone.bat -Xms64M -Xmx512M -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"

===============================================================================

Listening for transport dt_socket at address: 8787



In fact, in standalone.bat you find this code:

rem Set debug settings if not already set
if "%DEBUG_MODE%" == "true" (
   echo "%JAVA_OPTS%" | findstr /I "\-agentlib:jdwp" > nul
  if errorlevel == 1 (
     set "JAVA_OPTS=%JAVA_OPTS% -agentlib:jdwp=transport=dt_socket,address=%DEBUG_PORT_VAR%,server=y,suspend=n"
  ) else (
     echo Debug already enabled in JAVA_OPTS, ignoring --debug argument
  )
)


You can now follow these instructions https://www.eclipse.org/jetty/documentation/9.4.x/debugging-with-eclipse.html to configure Eclipse,
or simply

right-click on project in eclipse, Debug as, Remote Java Application, then you get this dialog


so I can trace this code:



public String getPrincipalName(HttpServletRequest request) {
KeycloakPrincipal keycloakPrincipal = (KeycloakPrincipal)request.getUserPrincipal();
return keycloakPrincipal != null ? keycloakPrincipal.getKeycloakSecurityContext().toString() : "unauthenticated" ;
}


and discover this:



In a ManagedBean you can inject a Principal, and Wildfly will take care of it transparently:

@Named
@RequestScoped
public class EventViewBean {
@Inject Principal principal;

public void getPrincipal() {
System.out.println("principal class name is " + principal.getClass().gtName());
}
}


This will print a:

org.jboss.weld.security.Principal$$Proxy$_$$_Weld$Proxy$


and not - as expected - a http://www.keycloak.org/docs-api/3.2/javadocs/org/keycloak/KeycloakPrincipal.html who however also implements the https://docs.oracle.com/javase/7/docs/api/java/security/Principal.html interface




Thursday, November 16, 2017

set -euf -o pipefail

https://sipb.mit.edu/doc/safe-shell/

nice to read about shell scripting. DON'T USE SHELL, USE PYTHON INSTEAD.

As mentioned in the article, you can use https://docs.python.org/2/library/subprocess.html or also PLUMBUM "Never write shell scripts again"

https://google.github.io/styleguide/shell.xml "Shell should only be used for small utilities or simple wrapper scripts. "



PGP verification of Maven artifacts

I run the following commands:

git clone https://github.com/gabrielf/maven-samples
cd maven-samples
mvn com.github.s4u.plugins:pgpverify-maven-plugin:check

and I get this interesting results:


Downloading: https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.jar.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.jar.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.jar.asc
Downloaded: https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.jar.asc (535 B at 3.2 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.jar.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.jar.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.jar.asc
Downloaded: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.jar.asc (832 B at 5.7 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.jar.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.jar.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.jar.asc
Downloaded: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.jar.asc (832 B at 4.5 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/mockito/mockito-core/1.8.5/mockito-core-1.8.5.jar.asc
[WARNING] No signature for org.mockito:mockito-core:jar:1.8.5
Downloading: https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.jar.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.jar.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.jar.asc
Downloaded: https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.jar.asc (189 B at 1.4 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.pom.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.pom.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.pom.asc
Downloaded: https://repo.maven.apache.org/maven2/org/objenesis/objenesis/1.0/objenesis-1.0.pom.asc (189 B at 1.3 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.pom.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.pom.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.pom.asc
Downloaded: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-library/1.2.1/hamcrest-library-1.2.1.pom.asc (832 B at 5.1 kB/s)
Downloading: https://repo.maven.apache.org/maven2/org/mockito/mockito-core/1.8.5/mockito-core-1.8.5.pom.asc
[WARNING] No signature for org.mockito:mockito-core:pom:1.8.5
Downloading: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.pom.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.pom.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.pom.asc
Downloaded: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.2.1/hamcrest-core-1.2.1.pom.asc (832 B at 4.6 kB/s)
Downloading: https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.pom.asc
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.pom.asc: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available for https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.pom.asc
Downloaded: https://repo.maven.apache.org/maven2/junit/junit-dep/4.10/junit-dep-4.10.pom.asc (535 B at 3.0 kB/s)
[INFO] Receive key: 5A01BE76E757922C to d:\pierre\.m2\repository\pgpkeys-cache\5A\01\5A01BE76E757922C.asc
[INFO] org.hamcrest:hamcrest-core:jar:1.2.1 PGP Signature OK
KeyId: 0x5A01BE76E757922C UserIds: [Marc von Renteln ]
[INFO] Receive key: 7C7D8456294423BA to d:\pierre\.m2\repository\pgpkeys-cache\7C\7D\7C7D8456294423BA.asc
[INFO] org.objenesis:objenesis:pom:1.0 PGP Signature OK
KeyId: 0x7C7D8456294423BA UserIds: [Henri Tremblay ]
[INFO] org.hamcrest:hamcrest-library:jar:1.2.1 PGP Signature OK
KeyId: 0x5A01BE76E757922C UserIds: [Marc von Renteln ]
[INFO] org.objenesis:objenesis:jar:1.0 PGP Signature OK
KeyId: 0x7C7D8456294423BA UserIds: [Henri Tremblay ]
[INFO] org.hamcrest:hamcrest-library:pom:1.2.1 PGP Signature OK
KeyId: 0x5A01BE76E757922C UserIds: [Marc von Renteln ]
[INFO] org.hamcrest:hamcrest-core:pom:1.2.1 PGP Signature OK
KeyId: 0x5A01BE76E757922C UserIds: [Marc von Renteln ]
[INFO] Receive key: 88AA1FEE831A7E89 to d:\pierre\.m2\repository\pgpkeys-cache\88\AA\88AA1FEE831A7E89.asc
[INFO] junit:junit-dep:jar:4.10 PGP Signature OK
KeyId: 0x88AA1FEE831A7E89 UserIds: [David Saff ]
[INFO] junit:junit-dep:pom:4.10 PGP Signature OK
KeyId: 0x88AA1FEE831A7E89 UserIds: [David Saff ]




In fact, as reported by http://branchandbound.net/blog/security/2012/08/verify-dependencies-using-pgp/ , only 2 percent of companies verify PGP signature, and a signature is mandatory in Maven Central only for last 3 years, so old components most of the time have NO SIGNATURE!





Wednesday, November 15, 2017

Not using SSL to connect to Maven? dilettante (=amateur) !

https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/

If you want to play a trick on your friends, you can use Dilettante to man-in-the-middle a Maven Repository request and inject some bad behaviour, the source code is here https://github.com/mveytsman/dilettante but don't do in your company, you might not win friends.

Very interesting reading https://stackoverflow.com/a/24987915/651288

You can upgrade your URL to HTTPS at no cost (it used to be a paying service) https://support.sonatype.com/hc/en-us/articles/213465458

Use this https://repo1.maven.org/maven2/ , not http://repo1.maven.org/maven2/

To run a verification of your build dependent artifacts:

mvn com.github.s4u.plugins:pgpverify-maven-plugin:check

you can create locally a gpg key:

gpg
gpg --gen-key
gpg --list-keys
gpg --list-secret-keys

to verify a component:
gpg --verify plexus-cipher-1.7.jar.asc plexus-chipher-1.7.jar


Very good article on XBI (cross build injection) http://branchandbound.net/blog/security/2012/03/crossbuild-injection-how-safe-is-your-build/

and about verifying components using MIT key repo : http://branchandbound.net/blog/security/2012/08/verify-dependencies-using-pgp/


Interesting Maven plugin to whitelist components in a build http://gary-rowe.com/agilestack/2013/07/03/preventing-dependency-chain-attacks-in-maven/

and here another similar Maven plugin to check PGP signature https://www.simplify4u.org/pgpverify-maven-plugin/index.html




Decrypting HTTPS traffic with Fiddler

A great feature provided by Fiddler (running only on Windows, though), and not available in Wireshark OOTB,
is the ability to capture and DECRYPT HTTPS traffic:

http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/DecryptHTTPS

however, this will create a new Root CA and add it to your trusted CA store.... before you do this in your company, you might have a word with the Security folks, before you find Ulysses and all the other greek warriors looting your city of Troy...




Tuesday, November 14, 2017

MariaDB on CentOS 7

With Docker

https://hub.docker.com/_/mariadb/

docker pull mariadb
docker run --name some-mariadb -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mariadb:tag

port is 3306

container linking : docker run --name some-app --link some-mariadb:mysql -d application-that-uses-mysql



Without docker:

https://www.tecmint.com/install-mariadb-in-centos-7/



Useful introduction for digitalocean https://www.digitalocean.com/community/tutorials/how-to-create-and-manage-databases-in-mysql-and-mariadb-on-a-cloud-server


sudo systemctl start mariadb
sudo systemctl daemon-reload
sudo systemctl start mariadb
sudo mysql_secure_installation


Here https://www.heidisql.com/download.php?download=portable a MariaDB UI



Adam Bien The Great airhacks links

Listening to Adam Bien SEMINAL videos, I will write down some links:


http://www.adam-bien.com/roller/abien/entry/the_4th_airhacks_io_question


http://openjpa.apache.org/jest-usage.html maps JPA to REST calls

https://wiki.eclipse.org/EclipseLink/Examples/JPARS/Simple JPA RS from EclipseLink, same as JEST


https://github.com/p6spy/p6spy database interceptors


Ping https://github.com/AdamBien/ping

Floyd https://github.com/AdamBien/floyd

Watchdock https://github.com/AdamBien/watchdock/ and http://www.adam-bien.com/roller/abien/entry/watchdock_er_v0_0_1

I try to do so :


sudo systemctl start dockerd -H tcp://0.0.0.0:5555 -api-enable-cors
ssh: Could not resolve hostname tcp://0.0.0.0:5555: Name or service not known
Could not watch jobs: Connection reset by peer


Mystery!




Public fields in CDI

in CDI one can't have a PUBLIC attribute in a RequestScoped variable:

@Named
@RequestScoped
public class EventViewBean implements Serializable {

    @Produces
    public List<Meal> meals;

    public void setMeals(List<Meal> meals) {
 this.meals = meals;
    }

    public List<Meal> getMeals() {
  return meals;
    }

}

otherwise you get this error:

WELD-000075 Normal scoped managed bean implementation class has a public field

To fix the issue, just remove the "public" in "public List<Meal> meals;" and don't ask questions... it's all too sad... just smile and say yes.

Magic: convert CentOS 7 to Oracle Linux

I found this post https://www.digitalocean.com/community/questions/how-can-i-install-oracle-11g


curl -O https://linux.oracle.com/switch/centos2ol.sh
chmod 777 centos2ol.sh
sudo sh -c ./centos2ol.sh

sudo yum distro-sync

I get this:


Transaction check error:
file /usr/lib64/gnome-documents/girepository-1.0/Gd-1.0.typelib from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/lib64/gnome-documents/girepository-1.0/GdPrivate-1.0.typelib from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/lib64/gnome-documents/libgd.so from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/lib64/gnome-documents/libgdprivate-1.0.so from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/share/glib-2.0/schemas/org.gnome.Documents.enums.xml from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/share/gnome-documents/getting-started/C/gnome-documents-getting-started.pdf from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/share/gnome-documents/gir-1.0/Gd-1.0.gir from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64
file /usr/share/gnome-documents/gir-1.0/GdPrivate-1.0.gir from install of gnome-documents-3.14.3-3.el7.x86_64 conflicts with file from package gnome-documents-libs-3.22.2-5.el7.x86_64


sudo yum install oracle-rdbms-server-11gR2-preinstall

sudo reboot now

At this point, you can try to install Oracle DB http://www.oracle.com/technetwork/articles/servers-storage-admin/ginnydbinstallonlinux-488779.html

Wildfly 11 final: add-user miserably fails when run in git bash (and maybe cygwin)

$ ./add-user.sh
Exception in thread "main" java.lang.IllegalStateException: WFLYDM0021: No java.io.Console available to interact with user.
at org.jboss.as.domain.management.security.adduser.AddUser.(AddUser.java:78)
at org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:240)
at org.jboss.modules.Module.run(Module.java:344)
at org.jboss.modules.Main.main(Main.java:525)


Simply pathetic. Just forget to run it from git bash, and execute the command from a regular powershell or cmd shell.

It's my fault, I should not try to deploy anything on Windows, apart VirtualBox to be able to run CentOS...

Sunday, November 12, 2017

ConEmu, better than Console2

If you are completely disgusted with Windows terminal (cmd, powershell, gitbash, far) consoles each running in a different window - and wasting hours having to identify the one you need - then you definitely want to try ConEmu portable https://www.fosshub.com/ConEmu.html

It contains all the possible options you might dream of.

Anyway, Microsoft sucks, only a company completely disregarding developers need can come up with such pathetic tools like Windows Explorer, cmd and the such. The only reason I still use Windows at home is that my company uses it as a Desktop OS.

Saturday, November 11, 2017

Keycloak, cookies and principal

When you access a secured webapp, the first cookie to be created is a JSESSIONID


/pvkeycloakdemo is my webapp root context

When you access a protected resource, you get redirected to keycloak authentication server, and another 2 cookies appear: a OAuth_Token_Request_State (Path=/pvkeycloakdemo) and a AUTH_SESSION_ID (Path=/auth/realms/demo)

After authenticating in Keycloak, I get a KC_RESTART, a KEYCLOAK_IDENTITY and a KEYCLOAK_SESSION (Path=/auth/realms/demo)

KEYCLOAK_SESSION is a special one: it's the only one with a 12 hour expiration time (all others expire at end of session) and the value specifies the realm name : demo/34f600e7-bfd6-475c-9596-72491b9455fa/fa9c5c6b-5e70-43ce-aeb8-34b2188e3c7f (demo in this case)

If you choose the option "remember me", you get also a cookie KEYCLOAK_REMEMBER_ME



When you do a request.getPrincipal(), the java.security.Principal is a org.keycloak.KeycloakPrincipal, and the principal Name is the ID that you see in the Keycloak console, not the Name:






Sunday, November 5, 2017

Apache Commons ContextedException

https://commons.apache.org/proper/commons-lang/apidocs/org/apache/commons/lang3/exception/ContextedException.html

Developers often forget to attach context information to their exceptions. So one gets messages like "Unable to connect to server" and we don't know to which server and port the connection was attempted.

Add this to your pom.xml

<dependencies>
  <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
  <dependency>
   <groupId>org.apache.commons</groupId>
   <artifactId>commons-lang3</artifactId>
   <version>3.6</version>
  </dependency>
 </dependencies>

and this is the test code

package pvexceptions;

import org.apache.commons.lang3.exception.ContextedException;;

public class PVExceptionGenerator {
 public static void main(String[] args) {
  try {
   try {
    int a = 1 / 0;
   } catch (Throwable a) {
    throw new ContextedException("something went wrong in division", a).addContextValue("customer", "Mario").addContextValue("custno", 1234);
   }

  } catch (Throwable t) {
   t.printStackTrace();
  }
 }

}



The output is:

org.apache.commons.lang3.exception.ContextedException: something went wrong in division
Exception Context:
[1:customer=Mario]
[2:custno=1234]
---------------------------------
at pvexceptions.PVExceptionGenerator.main(PVExceptionGenerator.java:11)
Caused by: java.lang.ArithmeticException: / by zero
at pvexceptions.PVExceptionGenerator.main(PVExceptionGenerator.java:9)





H2 Database Tutorial

presentation here (English is iffy but content is good until half way, the rest forget it)




Download it from here http://www.h2database.com/html/download.html

go to d:\apps\H2\bin and run h2.bat

this will open the browser at http://192.168.56.1:8082/login.jsp?jsessionid=884e38fb4c3da545d97e2fc9be776bd8


the JAR is D:\apps\H2\bin\h2-1.4.196.jar


How to use H2 as embedded DB




Interesting project demonstrating embedded H2 DB https://www.mkyong.com/spring/spring-embedded-database-examples/

but also this one https://github.com/Pscheidl/cdi-events-playground demonstrating CDI, JSF and H2

CDI in Java SE 8

In Eclipse (pueah, I know, IntelliJ is much better) create a simple Java project, give it the Maven feature, and create this structure:


Add this dependency:

<dependency>
<groupId>org.jboss.weld.se</groupId>
<artifactId>weld-se-shaded</artifactId>
<version>3.0.0.Final</version>
</dependency>


and the code to bootstrap the WELD engine is:

import javax.enterprise.inject.se.SeContainer;
import javax.enterprise.inject.se.SeContainerInitializer;

public class MyMain {
 public static void main(String[] args) {
  SeContainer container = SeContainerInitializer.newInstance().initialize();
  CDITester cdiTester = container.select(CDITester.class).get();
  cdiTester.greet();
 }
}



or also (thanks gist-it)



The beans.xml file is empty and required, without it you would get this error:


Exception in thread "main" java.lang.IllegalStateException: WELD-ENV-000016: Missing beans.xml file in META-INF
at org.jboss.weld.environment.se.Weld.initialize(Weld.java:742)
at org.jboss.weld.environment.se.Weld.initialize(Weld.java:174)
at org.pierre.cditests.MyMain.main(MyMain.java:8)




The whole solution is here https://github.com/vernetto/JavaMonAmour/tree/master/pvcdi.
When you start the MyMain inside Eclipse (no need to deploy it Wildfly!!!) you should see:


Nov 05, 2017 5:13:17 PM org.jboss.weld.bootstrap.WeldStartup
INFO: WELD-000900: 3.0.0 (Final)
Nov 05, 2017 5:13:17 PM org.jboss.weld.bootstrap.WeldStartup startContainer
INFO: WELD-000101: Transactional services not available. Injection of @Inject UserTransaction not available. Transactional observers will be invoked synchronously.
Nov 05, 2017 5:13:17 PM org.jboss.weld.environment.se.WeldContainer fireContainerInitializedEvent
INFO: WELD-ENV-002003: Weld SE container aabfa8d7-3cf1-44da-8b63-173e651f18a8 initialized
Hello, pierre.
Weld SE container aabfa8d7-3cf1-44da-8b63-173e651f18a8 shut down by shutdown hook


I really wonder why Java still in 2017 doesn't offer you an ready-made CDI engine in SE.... in fact, I wonder why we still have this separation between SE and EE.... nonsense.... it will go away, like all the nonsense...


Incidentally , https://dzone.com/articles/how-to-inject-property-file-properties-with-cdi really simple way to inject property values with annotations (Spring has a similar concept