SSO : JOSSO VS CAS

JOSSO, CAS and openSSO are famous Java Single Sign-On in the open source world. The following are some comments on JOSSO and CAS.

CAS

• Architecture is simple to install. Security filtering is inside war file.
• Only work with SSL.
• Easily integrate in Spring security.

CAS + Spring Security integration guide


JOSSO
Architecture is hard to deploy. It consists of gateway and agent. Gateway is the project of SSO/login module. Agent need to be installed in all servers for security filtering. Thus, it tights the configuration to server and bunch of xml files in lib folder of tomcat. The security is configure in the server and not within the project. Even thought installation script is provided but it is just for all(agent, gateway,project) in one server. I got no idea how the configuration should be if more than one server is using...

JOSSO + Acegi integration
Look like outdated because have not upgraded to spring security.

Cross Platform Hibernate @Id Sequence setting

Cross platform @Id setting
@SequenceGenerator(name = "SEQ_HRMS_EMP", sequenceName = "SEQ_HRMS_EMP", initialValue = 1, allocationSize = 1)
@GeneratedValue(strategy = GenerationType.AUTO, generator = "SEQ_HRMS_EMP")
@Id
@Column(name = "user_id")
private Integer userId;

Schema export from hibernate

1. MySql
   create table HRMS_EMP (
   user_id integer not null auto_increment,
   
   MySql will ignore the generator = "SEQ_HRMS_EMP" setting because MySql does not have sequence.
2. Postgres
   create sequence SEQ_HRMS_EMP;
   
3. Oracle
   create sequence SEQ_HRMS_EMP;

Fluent Interface Design Pattern in IBatis3

I found the following coding style in ibatis3 tutorial. Look interesting about the coding.

private String selectPersonSql() {
BEGIN(); // Clears ThreadLocal variable
SELECT("P.ID, P.USERNAME, P.PASSWORD, P.FULL_NAME");
SELECT("P.LAST_NAME, P.CREATED_ON, P.UPDATED_ON");
FROM("PERSON P");
FROM("ACCOUNT A");
INNER_JOIN("DEPARTMENT D on D.ID = P.DEPARTMENT_ID");
INNER_JOIN("COMPANY C on D.COMPANY_ID = C.ID");
WHERE("P.ID = A.ID");
WHERE("P.FIRST_NAME like ?");
OR();
WHERE("P.LAST_NAME like ?");
GROUP_BY("P.ID");
HAVING("P.LAST_NAME like ?");
OR();
HAVING("P.FIRST_NAME like ?");
ORDER_BY("P.ID");
ORDER_BY("P.FULL_NAME");
return SQL();
}

IceSoft Name Card

Load Balance by using mod_jk + apache server2.0

1)Add following code to C:/Program Files/Apache Group/Apache2/conf/httpd.conf

# Include mod_jk configuration file

Include "C:/Program Files/Apache Group/Apache2/mod_jk/mod_jk.conf"

2)Create mod_jk.conf to C:/Program Files/Apache Group/Apache2/mod_jk/mod_jk.conf

# Load mod_jk module

# Specify the filename of the mod_jk lib

LoadModule jk_module "C:/Program Files/Apache Group/Apache2/mod_jk/mod_jk-1.2.28-httpd-2.0.52.so"

# Where to find workers.properties

JkWorkersFile "C:/Program Files/Apache Group/Apache2/mod_jk/workers.properties"

# Where to put jk logs

JkLogFile "C:\Program Files\Apache Group\Apache2\mod_jk/mod_jk.log"

JkLogLevel info

JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

JkRequestLogFormat "%w %V %T"

#Mount your webapps eg WebApplication1 using JkMount

# Add shared memory.

# This directive is present with 1.2.10 and

# later versions of mod_jk, and is needed for

# for load balancing to work properly

JkShmFile /var/log/apache2/jk.shm

JkMount /* router

<Location /router/>

JkMount router

Order deny,allow

Deny from all

Allow from 127.0.0.1

</Location>

3) Create worker.properties on C:\Program Files\Apache Group\Apache2\mod_jk\worker.properties

# The advanced router LB worker

worker.list=router

# Define a worker using ajp13

worker.worker1.port=8009

worker.worker1.host=127.0.0.1

worker.worker1.type=ajp13

worker.worker1.lbfactor=1

# Define preferred failover node for worker1

worker.worker1.redirect=worker2

# Define another worker using ajp13

worker.worker2.port=8009

worker.worker2.host=127.0.0.1

worker.worker2.type=ajp13

worker.worker2.lbfactor=1

# Disable worker2 for all requests except failover

worker.worker2.activation=disabled

# Define the LB worker

worker.router.type=lb

worker.router.balance_workers=worker1,worker2

4) Download iso mod_jk-1.2.28-httpd-2.0.52.so from http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win32/jk-1.2.28/

to C:\Program Files\Apache Group\Apache2\mod_jk\

5) For sticky session

Edit tomcat's server.xml for all tomcat

Comment <!-- <Engine name="Catalina" defaultHost="localhost"> -->

Uncomment <Engine name="Standalone" defaultHost="localhost" jvmRoute="worker1">

References

Step by step - http://www.devside.net/guides/windows/tomcat

Help for worker.properties

http://tomcat.apache.org/connectors-doc/reference/workers.html

http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html

JSF1 RichFaces Performance Tuning

1) JSF components tree state takes big enough memory. In the server-side
state saving ( default JSF behavior ) these objects are stored in the
session. For a many concurrent user connections every user gets own
session object. Possible solution - switch to the client-side state saving.
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>

Other possible solution is Facelets behavior that allows to build view
before request processing instead of state saving, but that solution has
sometimes unpredictable side effects. Use web.xml init parameter
together with the <f:view transient="true" > attribute.
<context-param>
<param-name>facelets.BUILD_BEFORE_RESTORE</param-name>
<param-value>true</param-value>
</context-param>
As an intermediate solution, it is makes sense to create custom FaceletsViewHandler subclass with special state processing for a some pages like menus which does not depends for a saved state. That custom handler could call buildView method instead of real restoreView procedure for a such pages.
2) Facelets library in the "debug" mode stores information about
components and beans up to 5 times for an every user. To disable this mode:
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>false</param-value>
</context-param>

3) Most filters use buffering for request processing. According to the
profile information, these buffers took big enough memory in the
application. I see a buffer-related parameter in the RichFaces Ajax filter:
<init-param>
<param-name>maxRequestSize</param-name>
<param-value>100000</param-value>
</init-param>
For a production server, it makes sense to reduce value to a real page
size or remove that parameter at all.
4) TIDY xml filter is DOM-based, thus it requires a lot of memory. It
would be better to use more optimized "NONE" or "NEKO" one :
<context-param>
<param-name>org.ajax4jsf.xmlparser.ORDER</param-name>
<param-value>NONE</param-value>
</context-param>

JSF Thing to cater for if you are JSF Developer

It is because JSF is component base(not simple as MVC direct request to action in controller layer).

Problem of coding style

1) DB query inside getter method of backing bean.

public List getUserRole(){
return userRoleDao.queryAllUserRole();
}

Issue : Getter may be call in restore view or apply request value or render response phase

• Table component, it wil cause the data being query 2 times.
• inputText/radio etc. component, it will check the previous submitted value store(JSF will store previous submitted value automatically) inside the inputText. If it is null, it will call the getter in backing bean to retrieve the value.

Following was the log.
[ INFO] 29-07-09 11:10:34 : BEFORE RESTORE_VIEW(1)
[ INFO] 29-07-09 11:10:34 : AFTER RESTORE_VIEW(1)
[ INFO] 29-07-09 11:10:34 : BEFORE APPLY_REQUEST_VALUES(2) Hibernate: select this_.role_name as ...
[ INFO] 29-07-09 11:10:34 : AFTER APPLY_REQUEST_VALUES(2)
[ INFO] 29-07-09 11:10:34 : BEFORE PROCESS_VALIDATIONS(3)
[ INFO] 29-07-09 11:10:34 : AFTER PROCESS_VALIDATIONS(3)
[ INFO] 29-07-09 11:10:34 : BEFORE UPDATE_MODEL_VALUES(4)
[ INFO] 29-07-09 11:10:34 : AFTER UPDATE_MODEL_VALUES(4)
[ INFO] 29-07-09 11:10:34 : BEFORE INVOKE_APPLICATION(5)
[ INFO] 29-07-09 11:10:34 : AFTER INVOKE_APPLICATION(5)
[ INFO] 29-07-09 11:10:34 : BEFORE RENDER_RESPONSE(6) Hibernate: select this_.role_name ...
[ INFO] 29-07-09 11:10:35 : AFTER RENDER_RESPONSE(6)

Solution : Only query DB when it is in render response phase.

public List getUserRole(){
if (FacesContext.getCurrentInstance().getRenderResponse())
return userRoleDao.queryAllUserRole();
else
return null;
}

or

public List getUserRole(){
if ( userRoleList!=null)
userRoleList = userRoleDao.queryAllUserRole();

return userRoleList;
}

JSF 2 going to have MVC lifecycle!!!

JSF 1 Immediate property

Immediate = true , it will no proceed to Validations phase. It suit for Cancel button that you don't want any validation(require=true etc.) on the page but it will reach to action of Cancel button. Since those parameters of inputText do not go through validation phase, it also will not update to your variable in backing bean. There is a workaround solution to retrieve those values.

hyperlink immediate = true. that only accepts values from a specific control (the immediate property for all of these components would be true).

App Server Performance Tuning Reference

Garbage Collection Guide

http://java.sun.com/javase/technologies/hotspot/gc/gc_tuning_6.html#generation_sizing

Performance Tuning Tips

http://www.javaperformancetuning.com/tips/appservers.shtml#REF12

Jboss

http://www.mastertheboss.com/en/jboss-application-server/113-jboss-performance-tuning-1.html

Jboss Tips

• 32bit OS max heap size is 2GB Ram. Inorder to increase the heap size, add jboss instance.

Attractive Tourism in Google Earth

Create tour in google earth for all tourist attraction.

• Bring tourist to go arround tourist attraction.
• Youtube included for more interactive.
• Search engine looking for place to go example shopping, outlet, night market,night scene, beach...

Thing to do

• Collect tourist attraction information.
• Build all the 3D building for tourist attraction in google earth. It not only building. 3D can be table, swimming poor, car... All Objects.
• Make movie in youtube.

Money channel Hotel, Restaurant, Government Tourism

• Specialist tourism IT department for government.
• Search nearest hotel.
• Build 3d hotel for them. Information and youtube intro the hotel. Then bring customer to their hotel home page.
• Ocean feature in google earth is focus on educate ppl importance of environmental protection. Help government to educate ppl, submit geographical data for research. See the youtube Google earth 5 launch event to know more about ocean.

Technically work!!! Totally not an issue.

It easier than war game in google earth. Start this phase first for training our guy to get use to google earth technology. Prepare for the second phase of social networking and war game.

Progress

Learning

• Using SketchUp to draw 3d building and integrate to google earth.
• Export kmz file for ppl download.

Next - How to import it to google earth to make it share with all users. No need download individual file to view. Because it can be public in google servel or private in individual kmz file.

Vista Setup Guide

1) Step

UAC Popup "Windows needs your permission to continue":

How to quickly disable User Account Control (UAC):

1. Click the round blue Windows Start button. Now click Control Panel
2. From the Control Panel, click User Accounts and Family Safety (or User Accounts if your in classic view)
3. Click the option to Turn User Account Control on or off
4. Uncheck the box next to Use User Account Control (UAC) to help protect your computer and click OK
5. Restart when prompted

2 )Step Configuration for Vista accept XP folder
Vista uses the more-picky NTLMv2 network protocol, while XP uses NTLMv1. The answer is, therefore, to switch Vista to use NTLMv1.

Here's the Mac-oriented post which tells how to modify Vista: http://www.broadbandreports.com/faq/14837

Rewriting it in Windows terminology, it would read:

To allow Vista to talk to your XP/2000/Linux shares, you must allow Vista to authenticate via NTLMv1:

If you have Windows Vista Home Basic/Premium:
Open the registry editor. Navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.

There will be a value called LmCompatibilityLevel. Set that to DWORD 1. Reboot and try to connect again.

Research 1 on Google earth

Thing can be on google earth

Create 3d model on google earth by using sketchup

Google Earth can be develop using Java Gwt API for Google Map

The Google Maps API provides a convenient JavaScript API which allows you to add mapping functionality to your application. The Google Maps library for GWT allows you to access this JavaScript API from Java code compiled with the GWT compiler.

Documentation for GWT Google Map

KML in Google Earth

KML is a file format used to display geographic data in an Earth browser, such as Google Earth, Google Maps, and Google Maps for mobile. You can create KML files to pinpoint locations, add image overlays, and expose rich data in new ways. KML is an international standard maintained by the Open Geospatial Consortium, Inc. (OGC).

KML Interactive Sampler You can see what can be done in google earth

IceSoft Logo

By Celine

---

Which one better?

World War on Google Earth

What can be done on google earth? Thing come out from my mind is game but it can link with the hottest idea in 2000 century which is social networking. Since google eart provide us the virtual earth. We can do anything on top of it right. We can rotate,split,stretch and finally boom the earth. Cool men...So why not we create a World War Game on Google Earth. since google already provide drawing feature for user to draw building on it. Then we just need to make animation on it. Create 3D ppl on it.


War Game
Player can register their house and draw their house on it. Then trying to protect their house and country. Thus, the war location is same as our earth. Player can be soldier when there is a war or can attact another country.










Social networking
Individual have their own identity in the virtual world. So you can do anything that you are not dare to do in real world for example boy wanted to tackle a girl but he scare on real worth. It can be done there. Whatelse...






Animation on Google Earth
Finally i found out the google earth api and demo

JBoss Clustering with Microsoft Network Load Balancing

Jboss configuration
Changes in jboss-service.xml
C:\Server\jboss-4.2.2\server\all\deploy\jboss-web-cluster.sar\META-INF\jboss-service.xml
1) delete <Config> <UDP> .... </Config>
2) paste the following code to the same area of deleted code.
The initial_hosts highlighted bellow is to specify other server's IP.
3) Sample jboss-service.xml is located in “NLB Manager PrintScreen & Config File” folder

<config>
<TCP start_port="7810" loopback="true" bind_addr="${bind.address}"
tcp_nodelay="true"
recv_buf_size="20000000"
send_buf_size="640000"
discard_incompatible_packets="true"
enable_bundling="false"
max_bundle_size="64000"
max_bundle_timeout="30"
use_incoming_packet_handler="true"
use_outgoing_packet_handler="false"
down_thread="false" up_thread="false"
use_send_queues="false"
sock_conn_timeout="300"
skip_suspected_members="true"/>
<TCPPING initial_hosts="192.168.0.7[7810]" port_range="3"
timeout="3000"
down_thread="false" up_thread="false"
num_initial_members="3"/>
<MERGE2 max_interval="100000"
down_thread="false" up_thread="false" min_interval="20000"/>
<FD_SOCK down_thread="false" up_thread="false"/>
<FD timeout="10000" max_tries="5" down_thread="false" up_thread="false" shun="true"/>
<VERIFY_SUSPECT timeout="1500" down_thread="false" up_thread="false"/>
<pbcast.NAKACK max_xmit_size="60000"
use_mcast_xmit="false" gc_lag="0"
retransmit_timeout="300,600,1200,2400,4800"
down_thread="false" up_thread="false"
discard_delivered_msgs="true"/>
<pbcast.STABLE stability_delay="1000" desired_avg_gossip="50000"
down_thread="false" up_thread="false"
max_bytes="400000"/>
<pbcast.GMS print_local_addr="true" join_timeout="3000"
down_thread="false" up_thread="false"
join_retry_timeout="2000" shun="true"
view_bundling="true"/>
<FC max_credits="2000000" down_thread="false" up_thread="false"
min_threshold="0.10"/>
<FRAG2 frag_size="60000" down_thread="false" up_thread="false"/>
<pbcast.STATE_TRANSFER down_thread="false" up_thread="false" use_flush="false"/>
</config>

4) change REPL_ASYNC to REPL_SYNC
<attribute name="CacheMode">REPL_SYNC</attribute>

Changes in cluster-service.xml
C:\Server\jboss-4.2.3.GA\server\all\deploy\cluster-service.xml
1) delete <Config> <UDP> .... </Config>
2) paste the following code to the same area of deleted code.
The initial_hosts highlighted bellow is to specify other server's IP.

<Config>
<TCP start_port="7800" loopback="true" bind_addr="${bind.address}"
tcp_nodelay="true"
recv_buf_size="20000000"
send_buf_size="640000"
discard_incompatible_packets="true"
enable_bundling="false"
max_bundle_size="64000"
max_bundle_timeout="30"
use_incoming_packet_handler="true"
use_outgoing_packet_handler="false"
down_thread="false" up_thread="false"
use_send_queues="false"
sock_conn_timeout="300"
skip_suspected_members="true"/>
<TCPPING initial_hosts="192.168.0.7[7800]" port_range="3"
timeout="3000"
down_thread="false" up_thread="false"
num_initial_members="3"/>
<MERGE2 max_interval="100000"
down_thread="false" up_thread="false" min_interval="20000"/>
<FD_SOCK down_thread="false" up_thread="false"/>
<FD timeout="10000" max_tries="5" down_thread="false" up_thread="false" shun="true"/>
<VERIFY_SUSPECT timeout="1500" down_thread="false" up_thread="false"/>
<pbcast.NAKACK max_xmit_size="60000"
use_mcast_xmit="false" gc_lag="0"
retransmit_timeout="300,600,1200,2400,4800"
down_thread="false" up_thread="false"
discard_delivered_msgs="true"/>
<pbcast.STABLE stability_delay="1000" desired_avg_gossip="50000"
down_thread="false" up_thread="false"
max_bytes="400000"/>
<pbcast.GMS print_local_addr="true" join_timeout="3000"
down_thread="false" up_thread="false"
join_retry_timeout="2000" shun="true"
view_bundling="true"/>
<pbcast.STATE_TRANSFER down_thread="false" up_thread="false" use_flush="false"/>
</Config>

</attribute>
<depends>jboss:service=Naming</depends>
</mbean>

3) replace the HAJNDI portion with following code. Highlighted word is the only changes.

<mbean code="org.jboss.ha.jndi.HANamingService"
name="jboss:service=HAJNDI">
<!-- We now inject the partition into the HAJNDI service instead
of requiring that the partition name be passed -->
<depends optional-attribute-name="ClusterPartition"
proxy-type="attribute">jboss:service=${jboss.partition.name:DefaultPartition}</depends>
<!-- Bind address of bootstrap and HA-JNDI RMI endpoints -->
<attribute name="BindAddress">${bind.address}</attribute>
<!-- Port on which the HA-JNDI stub is made available -->
<attribute name="Port">1100</attribute>
<!-- RmiPort to be used by the HA-JNDI service once bound. 0 => auto. -->
<attribute name="RmiPort">1101</attribute>
<!-- Accept backlog of the bootstrap socket -->
<attribute name="Backlog">50</attribute>
<!-- The thread pool service used to control the bootstrap and
auto discovery lookups -->
<depends optional-attribute-name="LookupPool"
proxy-type="attribute">jboss.system:service=ThreadPool</depends>

<!-- A flag to disable the auto discovery via multicast -->
<attribute name="DiscoveryDisabled">false</attribute>
<!-- Set the auto-discovery bootstrap multicast bind address. If not
specified and a BindAddress is specified, the BindAddress will be used. -->
<attribute name="AutoDiscoveryBindAddress">${bind.address}</attribute>
<!-- Multicast Address and group port used for auto-discovery -->
<attribute name="AutoDiscoveryAddress">${jboss.partition.udpGroup:230.0.0.4}</attribute>
<attribute name="AutoDiscoveryGroup">1102</attribute>
<!-- The TTL (time-to-live) for autodiscovery IP multicast packets -->
<attribute name="AutoDiscoveryTTL">16</attribute>
<!-- The load balancing policy for HA-JNDI -->
<attribute name="LoadBalancePolicy">org.jboss.ha.framework.interfaces.RoundRobin</attribute>

<!-- Client socket factory to be used for client-server
RMI invocations during JNDI queries
<attribute name="ClientSocketFactory">custom</attribute>
-->
<!-- Server socket factory to be used for client-server
RMI invocations during JNDI queries
<attribute name="ServerSocketFactory">custom</attribute>
-->
</mbean>

4) Sample cluster-service.xml is located in “NLB Manager PrintScreen & Config File” folder

Start your Jboss with the following command line.
Located in NLB Manager PrintScreen & Config File/runCluster.bat.
Modify the highlighted IP. 192.168.0.225 is virtual IP and 192.168.0.7 is local IP.
run -Dignore.bind.address=true -b 192.168.0.225 -Dbind.address=192.168.0.7 -c all

Change URL of GWT output

One of the issue in gwt is the url. If your package of app.gwt.xml is in com.y2bid.gwt, then your url of html output from compiler will be http://127.0.0.1/com.y2bid.gwt.app/index. Is it not nice!!! Inorder to avoid the package become URL you can choose the following methods.

3 Methods
1) < module rename-to="app" > . This way will give you a bit problem in hosted mode because of the url different and problem with your url in web.xml

2) Create new package and inherit the actual gwt.xml file.

3) Compiled all to javascript then rename the folder. This will cause you hard to do testing with your server if you have url mapping in web.xml

Conclusion
Method No. 2 is the best to fulfill all the need(Testing in hosted mode and deploy).