Java on technocracy

MindTouch SSO using HttpClient 4.1 with Java

Tue, 05 Jul 2011 00:00:00 +0000

Most of the MindTouch sample code available in the wild is in PHP or C# so integrating with a Java stack can be painful. Here's a snip of the code we used to support SSO with our Java-based SaaS platform. The HttpClient framework is version 4.1 of Apache's HttpClient

Select max value of numeric CollectionOfElements with Hibernate

Tue, 23 Feb 2010 00:00:00 +0000

Consider a numeric CollectionOfElements held by a class Product such as:

@Entity(name="Product")public class Product {protected Set serialNumbers = new HashSet();@CollectionOfElements@JoinTable(name="product_serialnumbers")public Set getSerialNumbers() { return serialNumbers;}public void setSerialNumbers(Set serialNumbers) { this.serialNumbers = serialNumbers;}}

You can use a NamedQuery to determine the maximum SerialNumber held by any Product like this:

@Entity(name="Product")@NamedQueries ({ @NamedQuery( name = "maxSerialNumber", query = "select max(elements(p.serialNumbers)) as value from Product p" )})public class Product {protected Set serialNumbers = new HashSet();@CollectionOfElements@JoinTable(name="product_serialnumbers")public Set getSerialNumbers() { return serialNumbers;}public void setSerialNumbers(Set serialNumbers) { this.serialNumbers = serialNumbers;}}

Eclipse Galileo unable to read Subversion repository

Mon, 18 Jan 2010 00:00:00 +0000

After a clean Snow Leopard install on a new machine, I fired up a fresh Galileo Eclipse and pointed it at a copy of my old workspace. I first encountered and resolved the missing Mac OS X JRE issue described in my last post, only to then find that my existing subversion repositories were inaccessible in the new Eclipse install. I hopefully added "-clean" as the first parameter of my eclipse.ini file and restarted but the situation remained unchanged. Undeterred, I launched eclipse from the command line with a -clean startup parameter and this did the trick:/Applications/<your install dir/Eclipse.app/Contents/MacOS/eclipse -clean

Missing MacOS X VM in Eclipse Galileo on Snow Leopard

Mon, 18 Jan 2010 00:00:00 +0000

I recently encountered an issue where I was unable to add a JVM to my Eclipse install on Snow Leopard. There was no MacOS X VM option under Installed JREs -> Add and attempting to use the Standard VM resulted in an error. After digging around in Eclipse bug reports, I discovered this is a known issue with the Cocoa build of Galileo with PDT pre-installed. The easy fix is to install Eclipse without PDT (just install the Eclipse IDE for Java - Cocoa 64 bit) and add PDT plugin later. When you take this route, the MacOS X VM will be configured automagically.

Resolving a 'CA key usage check failed: keyCertSign bit is not set' error in Tomcat

Thu, 22 Oct 2009 00:00:00 +0000

After installing a new GoDaddy SSL certificate in Tomcat 5.5.x my web browsers were able to properly negotiate SSL connections, but when back-end code attempted (specifically when CAS attempted to validate a ticket through Cas20ServiceTicketValidator) to connect using SSL the "CA key usage check failed: keyCertSign bit is not set" error was being thrown.

My tomcat server is fronted by Apache2 and Apache handles SSL negotiation. I discovered that I had improperly installed the intermediate certificate for GoDaddy and while modern browsers just ignored the resulting misconfiguration, Java was complaining.

I had set the SSLCertificateChainFile directive to point to the "cert-chain.crt" file. The mistake is understandable given the near identical naming of the directive and the file...but alas that intuitive connection is erroneous. The directive instead needs to point to the gd_intermediate.crt file that GoDaddy also provides. Here's what my correct config looks like on RHEL5:

SSLCertificateChainFile /etc/pki/tls/certs/gd_intermediate.crt

Compiling mod_caucho on RHEL 5.3

Mon, 14 Sep 2009 00:00:00 +0000

There is a known issue with APR that prevents the compilation of mod_caucho on RHEL 5.3 out of the box. Additionally, for some reason my installation of APR uses the name "apr-1-config" instead of "apr-config" so that to compile mod_caucho I had to do the following:

Spring Security ACL intercept-methods with transaction advice

Thu, 13 Aug 2009 00:00:00 +0000

I recently used Spring to configure a manager to use Spring Security ACL method-level authorization. Here's a snip of my initial manager bean config:

<bean id="clientManager" class="com.acme.service.impl.ClientManagerImpl"> <sec:intercept-methods access-decision-manager-ref="accessDecisionManager"> <sec:protect method="get" access="AFTER_ACL_READ"/> <sec:protect method="save" access="ROLE_ADMIN,ACL_WRITE"/> </sec:intercept-methods> <constructor-arg ref="clientDao"/> <property name="mutableAclService" ref="aclService"/></bean>

With this configuration, my unit tests verified that the method-level authorization was working as expected. Next, I applied some declarative transaction management to the same manager:

<aop:config> <aop:advisor id="managerTx" advice-ref="txAdvice" pointcut="execution(* *..service.*Manager.*(..))" order="0"/></aop:config><tx:advice id="txAdvice"> <tx:attributes> <tx:method name="get*" read-only="true"/> <tx:method name="save*" rollback-for="DuplicateNameException,UserExistsException" /> <tx:method name="*"/> </tx:attributes></tx:advice>

After adding this transaction advice, my unit tests failed method-level authorization checks. I never traced the issue to its absolute root cause, but based upon some open tickets against Spring I believe the error was due to a "double-proxy" type issue. The short story is that proxies are final, and Spring can't proxy a proxy...

Regardless of the root cause, I found a reasonable workaround was to revert to one of the "old" (more verbose) methods of transaction demarcation. Here's what my final working configuration looks like:

<bean id="baseTransactionProxy" abstract="true" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean"> <property name="transactionManager" ref="transactionManager"/> <property name="transactionAttributes"> <props> <prop key="get*">PROPAGATION_REQUIRED,readOnly</prop> <prop key="save*">PROPAGATION_REQUIRED,-DuplicateNameException,-UserExistsException</prop> <prop key="*">PROPAGATION_REQUIRED</prop> </props> </property></bean><bean id="clientManager" parent="baseTransactionProxy"> <property name="target"> <bean class="com.acme.service.impl.ClientManagerImpl"> <sec:intercept-methods access-decision-manager-ref="accessDecisionManager"> <sec:protect method="get" access="AFTER_ACL_READ"/> <sec:protect method="save" access="ROLE_ADMIN,ACL_WRITE"/> </sec:intercept-methods> <constructor-arg ref="clientDao"/> <property name="mutableAclService" ref="aclService"/> </bean> </property></bean>

By leveraging the TransactionProxyFactoryBean directly instead of relying upon the tx:advice and aop:config tags, I was able to wrap my Spring ACL secured methods with declarative transactions. Nice.

Resolve foreign key constraint error/conflict with DBUnit CLEAN_INSERT operation (MySQLIntegrityConstraintViolationException)

Wed, 17 Jun 2009 00:00:00 +0000

If DBUnit starts throwing MySQLIntegrityConstraintViolationException while performing a CLEAN_INSERT you can lose quite a bit of sleep attempting to resolve it or you can cheat and get back to work. The shortcut is to simply disable constraints for the INSERT operation by disabling constraints for DBUnit altogether. You can do that by adding sessionVariables=FOREIGN_KEY_CHECKS=0 to your JDBC connection string to MySQL. I use maven and in pom.xml my configuration for the dbunit plugin looks like this

Spring MVC's checkboxes tag and support for enum

Sat, 21 Feb 2009 00:00:00 +0000

Using Spring MVC's checkboxes (or radiobuttons) tag to render form inputs for an enum property is easy and clean...once you know how. After a little gnashing of teeth, due to the fact that I needed a specific display order for all options, I found the following solution:

Here's the tag in my jsp

<form:checkboxes itemValue="value" itemLabel="label" path="user.degrees" items="${degreeLabels }" />

Here's the way I populated my model map to retain ordering. (I placed this code in my FormController's referenceData method)

List labelValues = new ArrayList<LabelValue>(); for (Degree d : Degree.values()) { labelValues.add(new LabelValue(d.name(), d.name())); } Map model = new HashMap(); model.put("degreeLabels", labelValues);

FYI, I ripped the LabelValue class used above from Matt Riable's excellent Appfuse project. The constructor takes two arguments which are mapped to the properties "value" and "label" and these properties have the typical pojo getters and setters.
You can see from the path on my tag that degrees is a property on my User object...which is the target of my form. Here's what that looks like...I threw in my Hibernate annotations for the curious:

private Set<Degree> degrees = new HashSet<Degree>(); @CollectionOfElements @Enumerated(EnumType.STRING) public Set<Degree> getDegrees() { return degrees; } public void setDegrees(Set<Degree> degrees) { this.degrees = degrees; }

It's probably obvious, but here's what the Degree enum looks like:

public enum Degree { BA,BS,BN,BSW,MA,MS,MBA,MSN,MSW,MD,JD,PhD,PharmD,PsyD,Other;}

Hibernate Annotations - IdentifierGenerationException: attempted to assign id from null one-to-one property

Wed, 18 Feb 2009 00:00:00 +0000

While using Hibernate annotations to implement a @OneToOne relationship where the entities are joined by primary key (@PrimaryKeyJoinColumn) I kept encountering a relatively infamous Exception:

IdentifierGenerationException: attempted to assign id from null one-to-one property

I discovered that my issue could easily be resolved by adding "optional=false" to the dependent side of the relation. Here's a brief summary of the relevant related code.

@Entitypublic class Profile implements Serializable { @OneToOne(mappedBy="profile", optional=false, fetch=FetchType.LAZY) public Hospital getHospital() { return hospital; } @Id @GeneratedValue(generator="foreign") @GenericGenerator(name="foreign", strategy = "foreign", parameters={ @Parameter(name="property", value="hospital") }) public Long getId() { return this.id; }}@Entitypublic class Hospital implements Serializable { @OneToOne(cascade = CascadeType.ALL,fetch=FetchType.LAZY) @PrimaryKeyJoinColumn public Profile getProfile() { return profile; } @Id @GeneratedValue(strategy=GenerationType.AUTO) public Long getId() { return id; }}

Spring JMS Remoting support for async calls and methods with void return types

Wed, 28 May 2008 00:00:00 +0000

I've submitted a patch to the Spring Framework to give their JMS remoting feature support for async calls and methods with void return types. The associated Jira ticket (SPR-4427) could use a few votes if you are so inclined.

Java webbrowser plugin for AMD64 Ubuntu

Mon, 29 Oct 2007 00:00:00 +0000

There is now (finally) a fix for Java applet support on AMD64 Ubuntu. Try the following:

sudo apt-get build-dep icedtea-java7-pluginsudo apt-get -b source icedtea-java7-plugin icedtea-java7-bin icedtea-java7-jre icedtea-java7-jdksudo dpkg -i icedtea-java7-*deb

Thanks to Fabien Lusseau for the tip in his comment here