Share

Something that has bugged me for a significant amount of time is the guarantee that the software you deliver to your client / customer is not going to have an adverse or malicious affect on their business.

If we look at threats like viruses and malware applications we can protect against those. We have tools and scanners that pick up signatures and take the appropriate action. If we look at the vectors of these attacks they are always external. So something from the outside has to get into your machine in order for them to be effective.

First lets do a bit of digging. Generally the biggest threat to any internal business system is not external attacks, it is the internal attacks. How many times have you heard about a disgruntled employee using back doors or knowing how to access the devices remotely and wreaking havoc on the business systems. At a stage this type of attack was considered to be more prevalent and more successful than any other type of attack. The reason for this is a little thing called trust.

When a company employs an individual they entrust certain knowledge to this individual. If the individual is responsible for the I.T. systems then even more trust is placed in them. Unlike computers or routers or any other computational device that supports it, you cannot revoke access to the knowledge that the individual has gained while working on, configuring and perhaps even installing in your infrastructure. Some might suggest a segregation of this knowledge in such a way that one role / position does not have sufficient knowledge to compromise the infrastructure. This might work in larger companies but how do smaller companies manage?

Now lets take a look from a different perspective. What if you develop software for customers. Your code is going to be running in a trusted environment. It might require elevated permissions to perform the tasks that you are expecting it to. Your clients / customers are placing a significant amount of trust in the company you work for and thereby placing a significant amount of trust in your integrity and moral view points. Should a software vendors employees at any stage become upset with the company they work for and decided to teach their employers a lesson the impact on the client / customer could be catastrophic. Yes I am aware that the customer / client can take action against the vendor and in turn the employer takes action against the employee.

My main concern about this chain is how reactive it is. How do you proactively and cost effectively guarantee the code you are releasing will not harm the environment it is being deployed into. Perhaps the idea of paired programming would keep developers in check. The other angle is a dual sign off on a commit to the source repository. Much like banks that require the signature of all partners in a business to authorize spends, dual sign off on a commit would require that two developers approve the code before it is committed to source control. If one developer has some nasty ideas, the second developer can spot them and rectify the code or raise a flag. I don’t see a way that an automated tool could accomplish this. Perhaps it could look for certain signatures and point them out for manual verification but there is no way to decide if something is not supposed to be there.

Either way, if you are entrusted with a code base best you remember that with great power comes great responsibility. Any one with other ideas, please share.

Tweet

Share

Right lets get cracking. First thing you going to want to do is grab the Jenkins files available at http://mirrors.jenkins-ci.org/. Select the package you looking for. The WAR file is the web application deployable to containers such as Tomcat or Glassfish. There is also a standalone version but seeing as I want to brush up my Glassfish skills I decided to grab the WAR file.

Now this is were I generally start getting extremely nervous. In my experience, deploying these things on app servers is always a nightmare requiring tweaking and additional work. So here we go.

In the Glassfish administration console, select the applications link. This will give you a list of currently deployed applications on the server. Right now I have zero So, select the deploy button on the grid header, select the browse button and navigate to your jenkins.war file.

Once you have done all this you will notice that Glassfish has conveniently detected that it is a web application, suggested a context root and an application name. Select the the item “server” in the virtual servers list and make sure “Enabled” is checked. Proceed to select anything else you want the server to handle. I just want to get this deployed so I am going to keep it minimal. Once you are satisfied click the “OK” button on the bottom right of the page. I was pleasantly suppressed to see that the deployment went off with out a hitch! If successful you will be returned to the Applications list with jenkins listed there now. On the right of the grid you will see links to perform actions. Select the “Launch” link. This will take you to a web page giving you the URL for the http location and the https location.

Click the link you want and wait for jenkins to perform it’s initial operations. If all goes well, you will be presented with the dashboard to perform your configuration and maintenance.

Just as a side note, having been involved with Glassfish 1 and 2 then slacking off during development of 3 I must admit that the level of the application server has increased significantly! I am very impressed at how the admin UI has been fixed and the ease of use and deployment. Hats off to the development team.

Oh, just as point, for those that think they have to go buy super powered machines, this box is running 1GB RAM with one of the first AMD 64 bit processors and runs fine, so now need to empty the wallet just yet Bear in mind that this is a personal machine so it isn’t subject to huge loads. Will do some stress testing and see where it gets me.

Other than that, have fun!

Tweet

Share

First things first. Lets get the downloads out the way.

Go grab java 7 from http://www.oracle.com/technetwork/java/javase/downloads/index.html

Then go and grab Glassfish 3 from http://glassfish.java.net/public/downloadsindex.html#top (I went with the open source edition)

Install Java 7 (you only need to do this if you don’t have a JRE 6 or higher). Then you need to install Glassfish. Follow the prompts. I left the installation location the same (c:\glassfish3).

Next thing you need to do is navigate to c:\glassfish3\bin. I had to open the asadmin.bat file and edit it. I had to change all virtual references to physical references (perhaps because the environment variables hadn’t been set yet)

Next thing, open a command prompt and navigate to c:\glassfish3\bin. We are going to create a domain now, you can do this by entering the command asadmin create-domain. This will walk you through the domain creation process. Once that is done you can run the command asadmin start-domain. To verify that the domain has started navigate http://localhost:4848 (or change the port to the admin port you stipulated). If you see the admin console everything is running 100%

Next post I am going to explore deploying Jenkins http://jenkins-ci.org/

References:

http://glassfish.java.net/public/downloadsindex.html#top

http://blogs.eteration.com/blog/?p=494

http://www.oracle.com/technetwork/java/javase/downloads/index.html

file:///C:/glassfish3/glassfish/docs/quickstart.html

Tweet

Share

Ok here we go again. Now I am struggling get Hibernate working with the persistence unit declaration.

The reason I am writing this is more a pointer to myself should I ever have to do this again. Oh, check out my project on github. It is an implementation of a repository pattern using hibernate. It is extendable if you download the source and implement other providers. It is defined for standalone instances, not the full Java 5 EE stack although I am pretty sure with a bit of tweeking it can be used in that instance. Available here https://github.com/RabidDog/Java-Repository-Definition

First I was getting the dreaded "javax.persistence.PersistenceException: No Persistence provider for EntityManager named”. After a little testing I figured out that the properties file contained an inverted commas wrapped persistence unit name where it should not have been wrapped

datastore.database.persistanceunit = "PU1" -> wrong!
datastore.database.persistanceunit = PU1 -> resolved correctly.

Ok so yeah I am rusty but bare with me. After getting that right I started running into Unable to build EntityManagerFactory. Drilling down a bit further it came down to not having an initial context. So I went and manipulated the persistence.xml file to no avail. Then I started digging deeper and found a ClassNotDefined exception (doh!). Seems I had forgotten to include the Postgres driver jar file (this is one feature I really like in C#, if you reference an assembly that references another assembly you get a warning if you haven’t referenced the dependency. Although I can see how this falls through using an XML configuration when there is no type checking happening. So the driver is obviously being created using some sort of reflection. Note to the Hibernate and JPA developers – please provide more verbose or smarter messages. Perhaps I just need to wake up!

Ok well, now the persistence.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<persistence version="1.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd">
    <persistence-unit name="CommunityPlatformPU" transaction-type="RESOURCE_LOCAL">
        <provider>org.hibernate.ejb.HibernatePersistence</provider>
        <properties>
            <property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQLDialect"/>
            <property name="hibernate.connection.username" value="xxx"/>
            <property name="hibernate.connection.driver_class" value="org.postgresql.Driver"/>
            <property name="hibernate.connection.password" value="xxx"/>
            <property name="hibernate.connection.url" value="jdbc:postgresql://localhost:5432/database"/>
            <property name="hibernate.cache.provider_class" value="org.hibernate.cache.NoCacheProvider"/>
            <property name="hibernate.hbm2ddl.auto" value="update"/>
        </properties>
    </persistence-unit>
</persistence>

Right, new exception to deal with. For primary keys I prefer using UUIDs or GUIDs as they are always unique. Yes I know indexing issues blah blah blah speed related issues blah blah blah. I use it for a reason. When I transform the data into XML I want globally unique Ids so I can link via Ids. Now I usually got round this with the @PrePersist annotation (because the implementations only supported the integer values) but wanted to see if there had been any improvements since my last run in with JPA. Turns out there has been.

This is the way you use UUIDs as PrimaryKeys

@Id
    @GeneratedValue(generator="system-uuid")
    @GenericGenerator(name = "system-uuid", strategy = "uuid2")
    @Type(type = "pg-uuid")
    private UUID id;

    public UUID getId() {
        return id;
    }

    public void setId(UUID id) {
        this.id = id;
    }

Cool!  Next …

This little rig didn’t seem to like the jdbc3 drivers so switching to the jdbc4 drivers seemed to resolve that.

So that is that! Finally my test is passing and I am able to go to bed   Well almost. Next it is time to configure the caching for the database and the connection pooling. Seems most of the libraries are included in the hibernate distribution. So the final persistence.xml file looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<persistence version="1.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd">
    <persistence-unit name="CommunityPlatformPU" transaction-type="RESOURCE_LOCAL">
        <provider>org.hibernate.ejb.HibernatePersistence</provider>
        <properties>
            <property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQLDialect"/>
            <property name="hibernate.connection.username" value="dev"/>
            <property name="hibernate.connection.driver_class" value="org.postgresql.Driver"/>
            <property name="hibernate.connection.password" value="dev"/>
            <property name="hibernate.connection.url" value="jdbc:postgresql://localhost:5432/communityplatform"/>
            <property name="hibernate.hbm2ddl.auto" value="update"/>
            
            <property name="hibernate.cache.provider_class" value="org.hibernate.cache.EhCacheProvider" />
            <property name="hibernate.cache.use_second_level_cache" value="true" />
            
            <property name="c3p0.min_size" value="5" />
            <property name="c3p0.max_size" value="20" />
            <property name="c3p0.timeout" value="300" />
            <property name="c3p0.max_statements" value="50" />
            <property name="c3p0.idle_test_period" value="3000" />
            
            <property name="current_session_context_class" value="thread" />
        </properties>
    </persistence-unit>
</persistence>

Green light on the tests, creating the database structure and persisting the information. Cool, now it is definitely time for bed, big day tomorrow, Skye turns 6

References:

http://docs.jboss.org/hibernate/core/3.6/reference/en-US/html/mapping.html#d0e5294

http://docs.jboss.org/hibernate/core/3.3/reference/en/html/session-configuration.html#configuration-hibernatejdbc

http://docs.jboss.org/hibernate/core/3.3/reference/en/html/performance.html#performance-cache

Tweet

Share

Ok so I am making progress on a fiddle project that I am working on. I decided I was going to store the the persistence unit name in a properties file to prevent embedding strings in the instantiation methods.

I sat and fought for sometime trying to get the resources as a stream and came across some interesting links that explain how to do this. Namely:

http://www.bartbusschots.ie/blog/?p=360

http://download.oracle.com/javase/6/docs/api/java/lang/ClassLoader.html

http://download.oracle.com/javase/6/docs/api/java/lang/ClassLoader.html#getSystemClassLoader%28%29

http://download.oracle.com/javase/6/docs/api/java/lang/ClassLoader.html#getResourceAsStream%28java.lang.String%29

After fiddling and fiddling and getting very frustrated with the NullPointerException that kept on happening I was just about to give up.

Then I realised something. Looking at all the examples there is something I had added that I shouldn’t have

//Spot the ERROR!
Properties configFile = new Properties();
configFile.load(ClassLoader.getSystemResourceAsStream("/za/co/codeshark/application.properties"));

Don’t feel bad if you don’t see the problem. Laugh at me if you do So here is the problem. If you have a look at the string pointing to the resource it has a leading “/”. Yes, this makes the path unresolvable. So it should have look like:

Properties configFile = new Properties();
configFile.load(ClassLoader.getSystemResourceAsStream("za/co/codeshark/application.properties"));

Notice that there is no leading “/”. Once I made this change everything started grooving and I was able to access my resource file. Once again kicking myself for not keeping these skills fresh. I find it weird though, that with all the examples of how to do this, none point out anything about how to resolve the path. Perhaps I am just over tired but I figured it might be good to make a note of this for 50 years from now!

Tweet

Share

So I have been wiping the cobwebs from my Java skills and kicking myself for neglecting them. I suppose with work being focused on .NET development, two young children and a training schedule that leaves very little time for exploration on personal projects, it was bound to happen.

Anyway, things have changed now and I am able to squeeze in personal development time by sleeping less . Right, lets get to the point of this article. While designing an API in Java I noticed that I was finding it very difficult to package my classes the way I was doing it in .NET so I started doing some digging.

My first thought was to have a look at the access modifiers available in both languages. Do a like for like comparison and see if there were any equivalents. So the C# language has the following access modifiers:

C#

• Public: This is pretty much a free for all. The class can be accessed by everything inside the assembly and anything referencing the assembly. This applies to types and type members.
• Private: This makes members of the class only accessible to operations in the definition of the class. Kinda like private parts
• Internal: This allows the the types or type members to be visible from the within the same assembly. So even if a different assembly shares the namespace (for whatever reason) it will not be able to access the internal types or methods of the referenced assembly.
• Protected: This is a member access modifier that dictates that only types that extend the declaring type can access this member. So a shared property, field, method or function that you want to be visible inside a type extending the type declaring the members but not available internally to the assembly or publically.

Right lets move on shall we?

Java

• Public: Pretty much the same as C#. Free for all on everything declared.
• Private: Again, pretty much the same as C# and the private parts.
• No Access Modifier: This means that anything declared in the type or the type itself will only be visible in the package space it is declared in. Remember this! It is the topic of this post.
• Protected: Available to types extending the declaring type.

Right lets get to the point of this article. Now that we have established each languages modifiers, lets have a look at this http://www.javacamp.org/javavscsharp/internal.html

Looking at that you will see that the C# access modifier “internal” is implied to be the equivalent of the Java default or no access modifier declaration. Does the Java definition behave the same as the C# internal definition? Well have a look at the definitions again:

• C# Internal: Accessible to everything inside the assembly. This means namespaces moving up to the root namespace and down to the last namespace node.
• Java No Modifier: Only available inside the package it is declared in.

Can you see it yet?

Lets have a look at a code sample real quick:

C# Code sample

//Assuming this is inside assembly my.cool.dll
namespace my.cool.project{
  internal class Cheese(){}
}

namespace my.cool{
    public class StartTheCheese(){
        var cheese = new Cheese(); //valid
    }
}

namespace my.cool.project.goes.on{
    public class DigestTheCheese(){
        var cheese = new Cheese(); //valid
    }
}
//end assembly

//Assuming this is inside assembly my.ref.dll
namespace my.cool{
    public class DoWeHaveCheese(){
        var cheese = new Cheese(); //invalid
    }
}

Java Code Sample

package my.cool.project

class CatchMe(){ // note that no access modifier is declared
 //body
}

package my.cool

public class TheCheese(){
    CatchMe catchMe = new CatchMe(); //fails!   
}

You can see it now right? The primary, intrinsic difference is that the C# internal modifier can span multiple namespaces in the same assembly. The Java declaration with no access modifier cannot be seen outside the package my.cool.project. This means that there is no equivalent “internal” in Java. So here is the crux of the matter. If making comparisons, like in maths, we have to find the lowest common denominator before comparing or performing operations of logic in deciding the equivalents. Compare apples with apples to avoid confusion. Things we might take for granted will drive other people mad!

References:

• http://msdn.microsoft.com/en-us/library/6tcf2h8w%28v=vs.71%29.aspx
• http://www.javacamp.org/javaI/Modifier.html
• http://www.javacamp.org/javavscsharp/internal.html

Tweet

Share

It has been a while since I have been able to write some Java code outside the context of Android. So I decided to take my C# NewsFeedParser (https://github.com/RabidDog/C--News-Feed-Parser) and port it to Java just as an exercise. While I have just finished the RSS content parser I have also picked up a few issues with the C# version so will be cleaning that up soon.

Most of the concepts where the same but I must admit, I missed the internal key word available in C# . I still have to do a few tests to verify that I haven’t accidentally exposed anything in the library.

The one thing that was a bit upsetting is Java’s handling of date strings. The parsing of date strings requires a format to be stipulated if you are using the framework parsing mechanism. Examples can be found at http://techtracer.com/2007/03/28/convert-date-to-string-and-string-to-date-in-java/ and http://javatechniques.com/blog/dateformat-and-simpledateformat-examples/ and many other places on how to parse a date using a format. While this works when you have control of the format, it can be quiet tricky when you don’t have control over the format.

A bit more searching led me to http://stackoverflow.com/questions/3389348/parse-any-date-in-java and then a little piece of gold. http://darthanthony.wordpress.com/2009/05/29/java-date-parsing-with-an-unknown-format/ pointed to a project called the POJava Project. The article also pointed out that there is a handy DateTime object that has the capacity to parse dates from most strings.

Usage is something like

import org.pojava.datetime.DateTime;

//rest of the class definition
Date date = DateTime.parse(myDateString).toDate();

So now you can parse many strings into date objects. Big thanks to the guys over at the POJava project. You can find them at http://www.pojava.org/.

Time to go clean up the C# project

Tweet