JAX-RS 2.0 Tip of the Day: Using MOXy and Forms Example on GlassFish 5.0

Glass Fish

I have been tasked with doing some JAX-RS coding during my day job. I wanted to update my skills for JAX-RS which is one of my favorite technologies. I specifically use Jersey which I find very well done and easy to use. As a number of you may know... I am a GlassFish fan too (one just needs to look at my banner). I decided to use my trusty NetBeans 8.2 install to write a quick example.

MOXy is enabled by default if you add the dependency to your Maven project.


This is a great feature, and I wanted to give it a spin instead of using Jackson, or Jettison. The usage was as simple as adding a @XmlRootElement annotation to the model class. The rest was handled automagically.

The entire project including a war file are available on Github: jaxrs-form-data-parameters.

A simple platform independent file is used to setup the application.


We set up web resource (service) to handle our requests.


That's it! You now have a JAX-RS Web Service. The project runs successfully on GlassFish 5.0 (.war file on GitHub).

NOTE: MOXy has some issues running on GlassFish 4.1, 4.1.1, and 4.2.

JSF HTML Whitespace, JS, and CSS Compression

This is the second approach to whitespace removal, JS, and CSS compression. In my article Whitespace Servlet Filter, I mentioned that I tried a number of approaches using htmlcompressor to accomplish this task.

This was my second approach which was to wrap the ResponseWriter in JSF to accomplish this task. The approach worked, but was abandoned before I finished writing some additional code to handle AJAX. This could be easily resolved with code that is similar to that found in Whitespace Servlet Filter.

This approach is very specific to JSF and relies on the project being pure JSF. The filter approach is more flexible in my judgement. I did think it was important to publish the code though on Github.

The code for the project can be found here: jsf-html-compressor.

Whitespace Servlet Filter

A few years ago I worked on a number of different techniques to strip the whitespace out of web pages. My goal was to come up with a solution for JSF pages. I tried a number of different solutions,  but they were all based on a framework called htmlcompressor which is a now abandoned project in the archives of Google Code. This framework used the Google Closure Compiler to handle the heavy lifting.

This solution worked flawlessly when we tested it on JSF pages, but there was a push to use pre-minified pages for static content, and leave JSF pages alone. I abandoned this project until I was using Google PageSpeed to check the speed of some pages to enhance their performance.  I remembered this approach I tried back in 2011, and tried it again with great success and only minor tweaking. I have decided to publish the code on Github.

The project can be found here: whitespace-filter.

Embedded Tomcat 8.5

I was recently tasked with updating an embedded application that we use from Apache Tomcat 8.0.0 RC5. Yes, the project used a release candidate when it was created. I imagine it was like a number of projects where the project was being developed and the expectation was that Apache Tomcat 8.0 would be released and that they would update everything. Well that temporary solution became a permanent one. Years passed and finally a security audit brought to light that the application was out of date, and on further observation a release candidate was used.

I went back and looked at RC5, and subsequent versions including release notes. Release candidate 5 was very similar to Apache Tomcat 7. In fact, the same authentication was used. This changed in the actual 8.0 release where a new authentication mechanism was put into place. This change may have prevented those early adopters from updating the project since the authentication mechanism would have delayed the project since the internals would have needed a rewrite.

I was blessed with upgrading the project, but I also needed to look at using the latest stable version of Apache Tomcat 8.5.x. After trying out some of the new code I was pleasantly surprised at how easy it was to implement a very simple application in Apache Tomcat 8 embedded.

One of the items I really like is the ability to programmatically add various web objects like servlets to the container. It was slick and easy to accomplish. Think of it like a programmatic web.xml file.

The code for the sample project can be found on github at: tomcat-8-embedded

Apache Tomcat Container Managed Security and HTTP Security Headers

Secure j_security_check Response Headers

Introduction

I was recently tasked with resolving a security issue with Apache Tomcat. The issue was that a series of Filter classes that were implemented in the web.xml were being bypassed when we are using container managed security, e.g. j_security_check. The filters were adding security headers:

• X-Content-Type-Options: nosniff
• X-Frame-Options: SAMEORIGIN
• X-XSS-Protection: 1; mode=block

When the response is returned, it would include these values. The filters were written prior to the org.apache.catalina.filters.HttpHeaderSecurityFilter. They duplicate the functionality, but the Apache version has a few more features. The Apache version is generally implemented in the web.xml file for the whole server, e.g., <CATALINA_HOME>/conf/web.xml. The code is really well written, and I would recommend using it except if you are using container managed security.

Issue

Container managed security,j_security_check, is implemented using a Valve. In particular, this intercepts the call and returns the form based login page which contains something like this: The resulting response does not contain the headers noted above using either our custom filters, nor from the Apache HttpHeaderSecurityFilter. Our automated security testing software, OWASP Zap caught it.

Solution

The easiest solution I came up with was to implement a couple of valves that add the selected response headers. I then added the Valve implementations to the <CATALINA_HOME>/conf/context.xml. Adding them to the default context.xml file allows them to be used on all applications deployed to the server. If you don't want applied to every application, you can add it to the context.xml file in the individual project.

The project can be found on Github here: tomcat-security-valves.

<dependency>
  <groupId>com.bluelotussoftware</groupId>
  <artifactId>tomcat-security-valves</artifactId>
  <version>1.0.0</version>
</dependency>

An example application using the default Apache Tomcat realm is available here: tomcat-container-managed-security

XContentTypeOptionsValve.java

---

XFrameOptionsValve.java

---

XSSProtectionValve.java

---

Book Review: Murach's Java Servlets and JSP

Cyndi Vasquez sent me this title a while back. I have been so bogged down that I finally got a chance to look at it. Thanks Murach... this is a good book.

The book is written in a style that many will either love, or hate. I personally am on the former. The pages on the left side are an explanation of the technical matter, and the right side are examples. The book is designed to guide you from front to back on an adventure into programming. Along the safari, I assure you will be pleased. The quarry is knowledge and this book is the tool to capture it.

The books is divided into five sections which will take you from absolute beginner to accomplished Servlet and JSP aficionado. It will even teach you a little about databases, and JSF along the way. There are two appendices that will show you how to set up your computer either Mac, or PC before you get started on your journey.

One of the thrills about this book is the use of NetBeans. I believe that NetBeans is the easiest tool for developing web based applications using Servlets and JSP. It also is my preferred tool for Java development in general. The book not only teaches you about the essentials of the title technologies, but helps you gain an in-depth knowledge of a valuable IDE that you can bank your career on.

Section one covers the basics of the technology and the MVC pattern. This is followed by a crash course on HTML, CSS, and web technologies based on Java.  The 8th chapter on EL is a great reference for how to use this important technology in your web applications.

Section three covers essential database skills to get you started with web development. These skills are the bare minimum to get started, but are complete for the purpose of this book. Keep in mind, these are the basics.

Section four is the meat of the book. This covers the advanced Servlet and JSP skills. It also covers some additional technologies like JSF. My favorite parts of this section are chapters 18, 19, and 20. The HTTP Request and Response skills are something every developer should strive to make sure they understand. Chapter 19 covers listeners which are truly your friends. Chapter 20 covers another often misused, abused, and otherwise fantastic technology. The filter can make your life as a web developer a great pleasure, or a rabbit hole in which you feel like Alice in Wonderland.

The final concluding section five puts all of the pieces together in a Music Store website. The Music Store website uses most of the technologies covered, and takes the learner to the next level with clear and concise directions.

Overall this is a great book for anyone interested in learning about Servlet and JSP technology. Please keep in mind that all Java web technologies are based on the Servlet foundation. JSF is nothing more than a veneer on top of this technology as an example.

SourceServlet: Displaying the Source Code and Pages from a Project on your Blog

SourceServlet

I had been working on a way to create nice examples that include a way to display the page and source code for it. I created a servlet that will display the code as plain text that I would like to share with all of you.

SourceServlet.java

---

HOWTO: Adding SyntaxHighlighter to Blogger

If you want to use SyntaxHighlighter in your blog, you can simply add the code below to the <head /> element in the template for your Blogger blog.

Java EE 7 Tip of the Day: Web Application Lifecycle Listeners

Introduction

I have been trying to come up with a way to highlight these fascinating classes in a way that demonstrates their power and usefulness. In my post Java EE 7 Tip of the Day: Programmatic Control of Session Tracking with ServletContextListener I highlighted the use of the ServletContextListener to set session tracking programmatically. However, there are a number of listener classes that can help you. Here they are in generally decreasing scope:

• ServletContainerInitializer
• ServletContextListener
• ServletContextAttributeListener
• HttpSessionListener
• HttpSessionAttributeListener
• HttpSessionIdListener
• HttpSessionBindingListener
• ServletRequestListener
• ServletRequestAttributeListener

Web Application Lifecycle Listeners

ServletContainerInitializer

The ServletContainerInitializer is a special case that must be registered with the Service Provider Interface (SPI) loading mechanism. Please see the Javadocs for more details on its usage. That is a topic for a different post.

ServletContextListener

The ServletContextListener has been previously mentioned in another post as noted above. This listener is notified of lifecycle changes, e.g. context initialized and destroyed. This gives the developer the opportunity to perform application setup such as setting a logger, or enabling other listeners. It also provides a clean mechanism to handle application cleanup when an application is shutdown, or disabled.

ServletContextAttributeListener

The ServletContextAttributeListener listens for events that occur when attributes are added, modified, or removed from the ServletContext. This could be used to modify those attributes, or perhaps log them. Interestingly, the order in which the implementations are invoked is not specified.

HttpSessionListener

The HttpSessionListener listens for session creation, and destruction events. I have found this to be one of the most useful classes in a web application. This can be used to set up a persistent data connection while the session is valid, and close the connection when the session expires, or is invalidated.

The listener implementations are invoked in the order of declaration, and destroyed in reverse order. A way to think of this is like the layers of filo dough. If you go from top to bottom, then you must reverse order from bottom to top.

HttpSessionAttributeListener

The sibling interface HttpSessionAttributeListener is the second most used class in my toolbox for listeners behind the ServletContextListener and HttpSessionListener. I have found that I often need to examine when attributes are added, modified, or removed from a session. This is the tool I use to manage that.

Keep in mind that the HttpSessionAttributeListener behaves like the ServletContextAttributeListener in that the order in which the implementations are invoked is unspecified. This means that you can not rely on a specified ordering to take place across containers. Usually, the ordering is consistent on a container basis, but the contract is explicit that the ordering is undefined.

HttpSessionIdListener

This is a new to Java EE 7. The HttpSessionBindingListener is used to handle when a HttpSession ID changes. This is usually the result of a HttpServletRequest.changeSessionId() command. This was added in Java EE 7 to help solve a security issue called Session Fixation. Typically, you would change the session id after the user successfully authenticates. This can help you with this transition. Otherwise, you need to do a lot of work to make it happen. In this case, it is just great to be able to let the API handle it.

This interface will allow you to modify your application based on the ID change. Please note that the order in which the implementations are invoked is not specified.

HttpSessionBindingListener

The HttpSessionBindingListener listens for binding events. This occurs when an object is bound, or unbound from a session. There are a couple of examples from BalusC on Stackoverflow. Here are a couple: Getting SessionScoped bean from HttpSessionListener? and How to access HTTP sessions in Java. These are just a couple of examples on its usage. I personally have never used it directly. I was just thinking I should come up with my own example for it.

ServletRequestListener

The ServletRequestListener is another listener that I use. However its usage is not as frequent as the other aforementioned ones. I usually end up checking the ServletRequest with an instanceof for HttpServletRequest and casting it. This listener will allow you to modify an individual request.

Since it has every request pass through it, you should make sure that there is no excessive overhead in the listener such as database lookups, or excessive logging. Abuse of this listener can result in massive performance issues.

ServletRequestAttributeListener

Finally, we have the ServletRequestAttributeListener that listens for request attribute changes. The same warning as noted in the ServletRequestListener applies here. Any excessive overhead will result in dramatic performance decreases.

Like the other attribute listeners, this listener does not have a specific order in which they are invoked.

Code Examples

The code for this project was developed using NetBeans 7.4, Apache Maven, Mercurial, and is hosted on Bitbucket. The code in the examples is somewhat contrived, but does demonstrate the functionality of the listeners.

I strongly recommend downloading the code, executing it, and looking at the output. It will give you a better picture of how the code works, and also show you some hidden "features" of your application that you may be unaware of.

The source code can be downloaded from here: web-application-listeners.

ServletContextListenerImpl.java

---

ServletContextAttributeListenerImpl.java

---

HttpSessionListenerImpl.java

---

HttpSessionAttributeListenerImpl.java

---

ServletRequestListenerImpl.java

---

ServletRequstAttributeListenerImpl.java

---

Conclusion

Web application lifecycle listeners are essential tools for the web developer. If you are not using them, you should consider them to simplify your web development. Hopefully the explanations and code provided help you along your path to becoming a great developer.

GlassFish Tip of the Day: HttpOnly

This is just a quick tip for those who are configuring HttpOnly on GlassFish.  To enable it, you simply add the following to your web.xml.
The default on GlassFish is to have it enabled anyway, and you must explicitly disable it.

UPDATE:
The issue I had was testing it. When I deployed my application to localhost I did not see any of the cookies being marked as HttpOnly. I was using Chrome and auto-deploying my application, before I turned on the developer tools. The initial request contained the header marking it as HttpOnly. You can confirm it by easily using JSF and the method below. Simply invalidate the session while using the developer tools and examine the response returned.
I got a response header like the one below.

Internet Explorer 9 (IE9) Table White Space Issues

I was tasked with fixing a problem in our product where one of our data tables (HTML) was rendering on IE9 with spaces randomly scattered throughout the table this resulted in the data being in the wrong columns, or headers appearing in the wrong place. I originally thought I might there might be "holes", or null values in my data which was resulting in the error. I was wrong.

It is actually a bug in IE9.

The issue shows up, most often, when using AJAX when there is partial page rendering. It seems according to forum remarks to be focused on white space between table tag elements like line breaks, spaces, or carriage returns. So if you use HTML tidy, you will screw up your output. Nice one Microsoft!

Fortunately, there are "fixes" out there to help you get along. Here is the fix which I slightly modified from an answer on stackoverflow. A shout out goes to Blago for his recursive function listed below.

You can implement it this way.
Here are some references on the issue if you are interested.

• [Bug]IE9 skips cells when rendering large table from Ajax using jquery
• IE9 table layout apparently affected by whitespace between HTML elements
• IE9 table has random rows which are offset at random columns
• Remove whitespace and line breaks between HTML elements using jQuery

Annoying IE9 CSS Hover and Overflow Issue

Case

I have a <table/> which is surrounded by a <div/> which has the attribute style="overflow:auto". The table has a hover attribute to highlight table rows on mouseover. Additionally, There are some checkboxes arranged in a table below it, but it could be another element. When you mouseover the table in the div, the checkboxes start moving the the bottom of the page.

Resolution

I found the following bug posted on the jQuery bug tracker: Problem with .hover() and IE9 that describes the behavior. Brian Richards, who is linked to in the bug, has a simple bug elegant fix that worked for me.In his blog post, IE9 Hover Bug Workaround, he simply added min-height:0% to the style.

I hope that the solution works for others who may encounter the problem. I also found another blog to put on my blog roll to keep an eye on. Thanks for blogging Richard.

Cuneiform Inscription in Persepolis

This chart is based on my original which I did in 2004 for HTML 4. I decided to update it, and post it since it seems I am always looking for it. This should give a Java, or web developer the Unicode, numeric, and named entity values.

ISO-8859-1 Character Encoding

Unicode Escaped	Numeric Entity	Named Entity	Symbol	Description
\u0009				\t	Horizontal tab
\u000A	
		\n	Line feed
\u000D	
		\r	Carriage return
\u0020	 			Space
\u0021	!		!	Exclamation point
\u0022	"	"	"	Quotation mark
\u0023	#		#	Hash mark
\u0024	$		$	Dollar sign
\u0025	%		%	Percent sign
\u0026	&	&	&	Ampersand
\u0027	'		'	Apostrophe
\u0028	(		(	Left parenthesis
\u0029	)		)	Right parenthesis
\u002A	*		*	Asterisk
\u002B	+		+	Plus sign
\u002C	,		,	Comma
\u002D	-		-	Hyphen
\u002E	.		.	Period
\u002F	/		/	Slash
\u0030-\u0039	0-9		0-9	Digits 0-9
\u003A	:		:	Colon
\u003B	&#059;		;	Semicolon
\u003C	&#060;	&lt;	<	Less than
\u003D	&#061;		=	Equals sign
\u003E	&#062;	&gt;	>	Greater than
\u003F	&#063;		?	Question mark
\u0040	&#064;		@	Commercial at sign
\u0041-\u005A	&#065;-&#090;		A-Z	Letters A-Z
\u005B	&#091;		[	Left square bracket
\u005C	&#092;		\	Backslash
\u005D	&#093;		]	Right square bracket
\u005E	&#094;		^	Caret
\u005F	&#095;		_	Underscore
\u0060	&#096;		`	Grave accent
\u0061-\u007A	&#097;-&#122;		a-z	Letters a-z
\u007B	&#123;		{	Left curly brace
\u007C	&#124;		|	Vertical bar
\u007D	&#125;		}	Right curly brace
\u007E	&#126;		~	Tilde
\u0082	&#130;		,	Low left single quote
\u0083	&#131;		ƒ	Florin
\u0084	&#132;		,,	Low left double quote
\u0085	&#133;		...	Ellipsis
\u0086	&#134;		†	Dagger
\u0087	&#135;		‡	Double dagger
\u0088	&#136;		^	Circumflex
\u0089	&#137;		‰	Permil
\u008A	&#138;		Š	Capital S, caron
\u008B	&#139;		<	Less-than sign
\u008C	&#140;		Œ	Capital OE ligature
\u0091	&#145;		`	Left single quote
\u0092	&#146;		'	Right single quote
\u0093	&#147;		"	Left double quote
\u0094	&#148;		"	Right double quote
\u0095	&#149;		•	Bullet
\u0096	&#150;		-	En dash
\u0097	&#151;		—	Em dash
\u0098	&#152;		~	Tilde
\u0099	&#153;		™	Trademark
\u009A	&#154;		š	Small s, caron
\u009B	&#155;		>	Greater-than sign
\u009C	&#156;		œ	Small oe ligature
\u009F	&#159;		Ÿ	Capital Y, umlaut
\u00A0	&#160;	&nbsp;		Nonbreaking space
\u00A1	&#161;	&iexcl;	¡	Inverted exclamation point
\u00A2	&#162;	&cent;	¢	Cent sign
\u00A3	&#163;	&pound;	£	Pound sign
\u00A4	&#164;	&curren;	¤	General currency sign
\u00A5	&#165;	&yen;	¥	Yen sign
\u00A6	&#166;	&brvbar;	|	Broken vertical bar
\u00A7	&#167;	&sect;	§	Section sign
\u00A8	&#168;	&uml;	¨	Umlaut
\u00A9	&#169;	&copy;	©	Copyright
\u00AA	&#170;	&ordf;	ª	Feminine ordinal
\u00AB	&#171;	&laquo;	«	Left angle quote
\u00AC	&#172;	&not;	¬	Not sign
\u00AD	&#173;	&shy;	-	Soft hyphen
\u00AE	&#174;	&reg;	®	Registered trademark
\u00AF	&#175;	&macr;	¯	Macron accent
\u00B0	&#176;	&deg;	°	Degree sign
\u00B1	&#177;	&plusmn;	±	Plus or minus
\u00B2	&#178;	&sup2;	2	Superscript 2
\u00B3	&#179;	&sup3;	3	Superscript 3
\u00B4	&#180;	&acute;	´	Acute accent
\u00B5	&#181;	&micro;	µ	Micro sign (Greek mu)
\u00B6	&#182;	&para;	¶	Paragraph sign
\u00B7	&#183;	&middot;	·	Middle dot
\u00B8	&#184;	&cedil;	¸	Cedilla
\u00B9	&#185;	&sup1;	1	Superscript 1
\u00BA	&#186;	&ordm;	º	Masculine ordinal
\u00BB	&#187;	&raquo;	»	Right angle quote
\u00BC	&#188;	&frac14;	1/4	Fraction one-fourth
\u00BD	&#189;	&frac12;	1/2	Fraction one-half
\u00BE	&#190;	&frac34;	3/4	Fraction three-fourths
\u00BF	&#191;	&iquest;	¿	Inverted question mark
\u00C0	&#192;	&Agrave;	À	Capital A, grave accent
\u00C1	&#193;	&Aacute;	Á	Capital A, acute accent
\u00C2	&#194;	&Acirc;	¯	Capital A, circumflex accent
\u00C3	&#195;	&Atilde;	Ã	Capital A, tilde
\u00C4	&#196;	&Auml;	Ä	Capital A, umlaut
\u00C5	&#197;	&Aring;	Å	Capital A, ring
\u00C6	&#198;	&AElig;	Æ	Capital AE ligature
\u00C7	&#199;	&Ccedil;	Ç	Capital C, cedilla
\u00C8	&#200;	&Egrave;	È	Capital E, grave accent
\u00C9	&#201;	&Eacute;	É	Capital E, acute accent
\u00CA	&#202;	&Ecirc;	Ê	Capital E, circumflex accent
\u00CB	&#203;	&Euml;	Ë	Capital E, umlaut
\u00CC	&#204;	&Igrave;	Ì	Capital I, grave accent
\u00CD	&#205;	&Iacute;	Í	Capital I, acute accent
\u00CE	&#206;	&Icirc;	Î	Capital I, circumflex accent
\u00CF	&#207;	&Iuml;	Ï	Capital I, umlaut
\u00D0	&#208;	&ETH;	Ð	Capital eth, Icelandic
\u00D1	&#209;	&Ntilde;	Ñ	Capital N, tilde
\u00D2	&#210;	&Ograve;	Ò	Capital O, grave accent
\u00D3	&#211;	&Oacute;	Ó	Capital O, acute accent
\u00D4	&#212;	&Ocirc;	Ô	Capital O, circumflex accent
\u00D5	&#213;	&Otilde;	Õ	Capital O, tilde
\u00D6	&#214;	&Ouml;	Ö	Capital O, umlaut
\u00D7	&#215;	&times;	x	Multiply sign
\u00D8	&#216;	&Oslash;	Ø	Capital O, slash
\u00D9	&#217;	&Ugrave;	Ù	Capital U, grave accent
\u00DA	&#218;	&Uacute;	Ú	Capital U, acute accent
\u00DB	&#219;	&Ucirc;	û	Capital U, circumflex accent
\u00DC	&#220;	&Uuml;	Ü	Capital U, umlaut
\u00DD	&#221;	&Yacute;	Ý	Capital Y, acute accent
\u00DE	&#222;	&THORN;	Þ	Capital thorn, Icelandic
\u00DF	&#223;	&szlig;	ß	Small sz ligature, German
\u00E0	&#224;	&agrave;	à	Small a, grave accent
\u00E1	&#225;	&aacute;	á	Small a, acute accent
\u00E2	&#226;	&acirc;	â	Small a, circumflex accent
\u00E3	&#227;	&atilde;	ã	Small a, tilde
\u00E4	&#228;	&auml;	ä	Small a, umlaut
\u00E5	&#229;	&aring;	å	Small a, ring
\u00E6	&#230;	&aelig;	æ	Small ae ligature
\u00E7	&#231;	&ccedil;	ç	Small c, cedilla
\u00E8	&#232;	&egrave;	è	Small e, grave accent
\u00E9	&#233;	&eacute;	é	Small e, acute accent
\u00EA	&#234;	&ecirc;	ê	Small e, circumflex accent
\u00EB	&#235;	&euml;	ë	Small e, umlaut
\u00EC	&#236;	&igrave;	ì	Small i, grave accent
\u00ED	&#237;	&iacute;	í	Small i, acute accent
\u00EE	&#238;	&icirc;	î	Small i, circumflex accent
\u00EF	&#239;	&iuml;	ï	Small i, umlaut
\u00F0	&#240;	&eth;	ð	Small eth, Icelandic
\u00F1	&#241;	&ntilde;	ñ	Small n, tilde
\u00F2	&#242;	&ograve;	ò	Small o, grave accent
\u00F3	&#243;	&oacute;	ó	Small o, acute accent
\u00F4	&#244;	&ocirc;	ô	Small o, circumflex accent
\u00F5	&#245;	&otilde;	õ	Small o, tilde
\u00F6	&#246;	&ouml;	ö	Small o, umlaut
\u00F7	&#247;	&divide;	÷	Division sign
\u00F8	&#248;	&oslash;	ø	Small o, slash
\u00F9	&#249;	&ugrave;	ù	Small u, grave accent
\u00FA	&#250;	&uacute;	ú	Small u, acute accent
\u00FB	&#251;	&ucirc;	Û	Small u, circumflex accent
\u00FC	&#252;	&uuml;	ü	Small u, umlaut
\u00FD	&#253;	&yacute;	ý	Small y, acute accent
\u00FE	&#254;	&thorn;	þ	Small thorn, Icelandic
\u00FF	&#255;	&yuml;	ÿ	Small y, umlaut

Using Apache HTTPD (Web Server) mod_proxy with GlassFish and Mercurial

I wrote an article on how to use Secure Mercurial in GlassFish using SSL a few weeks ago. After the article was published, I was asked about URL rewriting. I had not really messed with it in the past except with PrettyFaces (which works like a champ for reference).

I tried a framework called Url Rewrite Filter which did a decent job of rewriting URLs. It is a simple library added to your project which uses a servlet filter to handle the URL re-writing. Add the filter to the web.xml, and a urlrewrite.xml which handles the rewrites. It works much in the same manner as PrettyFaces, but is targeted at JSP/Servlets.

In my case, I have an Apple G5 PPC which is the main server for my source repository for Mercurial. This presents some challenges since the Java version is limited to 1.5, and therefore GlassFish can't be upgraded to v3 from v2.1.1. I did manage to get GlassFish v3 to run with OpenJDK 1.7 (BSD Port), but the Zero VM is too slow to handle the load. Kurt Miller has a couple of the builds for Mac PPC There are a number of reasons for my interest, the primary one for URL rewriting is that GlassFish v3 supports AJP out of the box.

Enabling JK Listener (mod_jk)

Using GlassFish v3 would provide a more optimal solution as you can see from the administration console. I decided to try using the mod_jk articles I found for GlassFish v2 from Amy Roh: GlassFish supports configurable AJP Connector and Jean-Francois Arcand's Running GlassFish with Apache httpd.  I tried to combine these with mod_proxy and mod_proxy_ajp. The articles are focused on a specific build, and I was unsuccessful in using them. I am sure it has to framework versions, but I did not want spend too much time troubleshooting.

Finally, I tried using a simple mod_proxy arrangement along with mod_rewrite. This arrangement was surprisingly easy to configure, and worked the first time I tried it.

Here is the configuration I used:

httpd.conf

---

httpd-vhosts.conf

---

Those simple changes allowed me to rewrite the URL, and open only two ports on my firewall 80 and 443 which are a very good arrangement. As noted in Secure Mercurial in GlassFish using SSL, I am using GlassFish SSL and security to handle my authentication so this is truly a very good solution.

Mercurial Repositories

RichFaces 4.1.0 Final on NetBeans 7.1 IDE

I created a video which demonstrates how to add RichFaces 4.1.0 Final as a component library in NetBeans 7.1. The video details how to add the required jars to create the library, demonstrates code completion, and finally deployment to GlassFish 3.1.1 for display.

In the video I take advantage of using my local Apache Maven repository which includes all of the dependencies required.

The list below includes references to the required libraries and versions. There is a link to the video as well.

• sac-1.3.jar
• guava-r08.jar
• cssparser-0.9.5.jar
• richfaces-core-api-4.1.0.Final.jar
• richfaces-core-impl-4.1.0.Final.jar
• richfaces-components-api-4.1.0.Final.jar
• richfaces-components-ui-4.1.0.Final.jar

NetBeans 7.1 Library Manager

@PostConstruct Example Using Stateless Session Beans and CDI

There was a question posed about using @PostConstruct to initialize JSF fields from a database on the NetBeans Java EE Forum. I thought I would write a quick example of how to use @PostConstruct to initialize a list of customers, and select one to display.

This example also includes using a stateless session bean directly with the @Named annotation from Context and Dependency Injection (CDI).

All of this was accomplished using NetBeans 7.0.1.

Index.java

---

A copy of the project can be downloaded here: postconstruct.zip

JSF Trick of the Day: CSS and EL

Image via Wikipedia

If you need to dynamically change CSS based on page location, you probably have seen something like this:

background-image: url('../../../../resources/images/background.gif');

You can remove all of the ../../../../ from the CSS by using Expression Language (EL) selectively in your CSS for example the above example can be modified to use the FacesContext to determine the location of an image resource from any page. See the example below.

background-image: url('#{facesContext.externalContext.requestContextPath}/resources/images/background.gif');

This will always have the correct path to the resources no matter how nested the pages are in your application. This same technique can be used to manipulate other CSS entries dynamically. This technique works on JSF 1.2 and JSF 2.0.

UPDATE:
As a friend pointed out in the comments it can be shortened further. I want to make a point that this technique gives you access to the FacesContext object which gives you a lot more flexibility.

Creating a Maven Web Application Archetype in NetBeans 7.0

Image by quasarkitten via Flickr

The  basics for creating a Maven archetype can be found in the Maven - Guide to Creating Archetypes. The guide gives general guidelines for creating an archetype, but no specific details for web applications. This tutorial will show you a simple way of creating a web application archetype and using it. We will use NetBeans 7.0 to create our project, create the archetype, and consume it. This application uses JSF 2.x and GlassFish. However the principles are the same for web applications in general.

The first more practical approach is to create, or use an existing application, and convert it to an archetype.

1. Create a new Maven web project in NetBeans.
2. Modify the pom.xml to include the dependencies you require in the project.
3. (Optional) Modify the pom.xml to include a license
4. (Optional) Create a web.xml. This is not required for JEE6 web application generally. However, we need one for the Faces Servlet.
5. (Optional) Add a resource file for externalizing message resources
6. Create a basic web page, and supporting classes. JSF for example has the following.
   
   • Index.xhtml
   • IndexBean.java is a Java EE 6 JSF @ManagedBean, and @RequestScoped bean. You could use @Named and @RequstScoped from CDI as well.
     
7. Once you are satisfied withe the project, execute mvn archetype:create-from-project. This will create your new archetype in the target/generated-sources/ directory.
8. Open the newly created project in NetBeans and make any necessary changes.
9. Next execute mvn install. This will install your new archetype in the local repository.
10. Create a new project using the new archetype, and run it.

Here is a link to the project: jsf2.zip You can create the archetype from it.

I have created a Youtube video that demonstrates the process.