Eric's Agile Answers

Posts on whatever your host deems relevant.
Eric

LinkedIn Profile

Twitter

Affiliations

Blogroll

Tags

Archive

2012 (4)
2011 (31)
2010 (2)

Get Updates

Contributors

Eric Simmerman
 

MindTouch SSO using HttpClient 4.1 with Java

Most of the MindTouch sample code available in the wild is in PHP or C# so integrating with a Java stack can be painful. Here's a snip of the code we used to support SSO with our Java-based SaaS platform. The HttpClient framework is version 4.1 of Apache's HttpClient

Update: Modified to skip Cookie parsing based upon bjorg's comment



private boolean parseAndSetMindtouchCookie(final HttpServletResponse response,final DefaultHttpClient client,final User user) {
        StringBuffer buf = new StringBuffer("http://");
        buf.append(this.MINDTOUCH_HOST).append(this.MINDTOUCH_BASEURI).append("users/authenticate?authprovider=1&apikey=").append(MINDTOUCH_APIKEY);
        HttpGet get = new HttpGet(buf.toString());
        try {
            ResponseHandler<String> responseHandler = new BasicResponseHandler();
            String responseBody = client.execute(get, responseHandler);
            javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("authtoken", responseBody);
            cookie.setDomain(".example.com");
            cookie.setSecure(false);
            cookie.setPath("/");
            cookie.setMaxAge(3600); // 1 hour
            response.addCookie(cookie);                        
            log.debug("Successfully set mindtouch auth cookie");
            response.sendRedirect("http://"+MINDTOUCH_HOST);
            return true;                                        
        }catch(HttpResponseException hre){
            if(hre.getStatusCode() == HttpStatus.SC_UNAUTHORIZED ){
                log.debug("User has no Mindtouch account.");
            }else{
                log.error("Unable to auth user.",hre);
            }            
        } catch (Exception e) {
            log.error("Unable to authenticate user",e);
        }        
        return false;
    }

Posted by Eric Simmerman
 

Select max value of numeric CollectionOfElements with Hibernate

Consider a numeric CollectionOfElements held by a class Product such as: 
@Entity(name="Product")
public class Product {
protected Set serialNumbers = new HashSet();

@CollectionOfElements
@JoinTable(name="product_serialnumbers")
public Set getSerialNumbers() {
  return serialNumbers;
}
public void setSerialNumbers(Set serialNumbers) {
  this.serialNumbers = serialNumbers;
}

}
You can use a NamedQuery to determine the maximum SerialNumber held by any Product like this: 
@Entity(name="Product")
@NamedQueries ({
    @NamedQuery(
        name = "maxSerialNumber",
        query = "select max(elements(p.serialNumbers)) as value from Product p"
        )
})
public class Product {
protected Set serialNumbers = new HashSet();

@CollectionOfElements
@JoinTable(name="product_serialnumbers")
public Set getSerialNumbers() {
  return serialNumbers;
}
public void setSerialNumbers(Set serialNumbers) {
  this.serialNumbers = serialNumbers;
}

}
Posted by Eric Simmerman
 

Eclipse Galileo unable to read Subversion repository

After a clean Snow Leopard install on a new machine, I fired up a fresh Galileo Eclipse and pointed it at a copy of my old workspace.  I first encountered and resolved the missing Mac OS X JRE issue described in my last post, only to then find that my existing subversion repositories were inaccessible in the new Eclipse install. I hopefully added "-clean" as the first parameter of my eclipse.ini file and restarted but the situation remained unchanged. Undeterred, I launched eclipse from the command line with a -clean startup parameter and this did the trick: /Applications/<your install dir/Eclipse.app/Contents/MacOS/eclipse -clean
Posted by Eric Simmerman
 

Missing MacOS X VM in Eclipse Galileo on Snow Leopard

I recently encountered an issue where I was unable to add a JVM to my Eclipse install on Snow Leopard. There was no MacOS X VM option under Installed JREs -> Add and attempting to use the Standard VM resulted in an error. After digging around in Eclipse bug reports, I discovered this is a known issue with the Cocoa build of Galileo with PDT pre-installed.  The easy fix is to install Eclipse without PDT (just install the Eclipse IDE for Java - Cocoa 64 bit) and add PDT plugin later. When you take this route, the MacOS X VM will be configured automagically.
Posted by Eric Simmerman
 

Resolving a "CA key usage check failed: keyCertSign bit is not set" error in Tomcat

After installing a new GoDaddy SSL certificate in Tomcat 5.5.x my web browsers were able to properly negotiate SSL connections, but when back-end code attempted (specifically when CAS attempted to validate a ticket through Cas20ServiceTicketValidator) to connect using SSL the "CA key usage check failed: keyCertSign bit is not set" error was being thrown.

My tomcat server is fronted by Apache2 and Apache handles SSL negotiation. I discovered that I had improperly installed the intermediate certificate for GoDaddy and while modern browsers just ignored the resulting misconfiguration, Java was complaining.

I had set the SSLCertificateChainFile directive to point to the "cert-chain.crt" file. The mistake is understandable given the near identical naming of the directive and the file...but alas that intuitive connection is erroneous. The directive instead needs to point to the gd_intermediate.crt file that GoDaddy also provides. Here's what my correct config looks like on RHEL5: 

SSLCertificateChainFile /etc/pki/tls/certs/gd_intermediate.crt
Posted by Eric Simmerman
 

Compiling mod_caucho on RHEL 5.3

There is a known issue with APR that prevents the compilation of mod_caucho on RHEL 5.3 out of the box. Additionally, for some reason my installation of APR uses the name "apr-1-config" instead of "apr-config" so that to compile mod_caucho I had to do the following:

  1. Run configure --with-apxs
  2. Execute 'apr-config --cppflags --cflags'
  3. On my server this resulted in '-DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -pthread'
  4. Append the output of the above command to the "CFLAGS" line in config.status
  5. Run make; make install;
FYI, I also had to overwrite the "plugins" variable in the Resin configure script to manually set apache2 because the script was detecting and using apache1
Posted by Eric Simmerman
Posterous theme by Cory Watilo.