searchforsolutions

Just another WordPress.com site

Optimizing start up time of an Spring application


  1. Load the bean lazily! Specify @Lazy (true) annotation for all the beans!
  2. Instead of class path scanning the beans could be loaded from a particular package name format or have a list of classes generated before hand (write some utility to generate discovered beans and dump in csv and then use it to load only certain beans)
Advertisements

Concurrency control for database updates

DIY Smart TV with Raspberry PI 3


So after a long hiatus for looking at an value for money large TV ( yeah I’m an Indian and slowly the breed on the verge of extension). Browsing through the market offering, was quite disappointed as all models >55 inch are either too expensive or if well priced the build quality is pretty cheap ( edge bleeding, picture quality, viewing angle , support etc.).

I’ve been browsing for a good TV in the market for a long time so could was aware of price trends.

Finally got a good deal from paytm for a Panasonic Viera LED TV TH-55CX400DX for 95K with cashback of 15K so effectively a 80K for a 55inch UHD TV which is a pretty good deal. Year end is the best time to buy TV’s s you would come across stock clearance deals since new models would be coming in.Another trick is, add the items in your basket and wait . A2Z, Flipkart etc. have notifictaions which go out to vendors which suggest them to decrease the price to close the deal. I had added the item and the item was out of the delivery zone for the vendor so it could not be shipped. Eventually he changed his limitations and the price! I bought it immediately!

55CX400DX does not have smart features but can play media. I’m least bothered as i just wanted a stock large TV since I’m going to build out a Raspberyy PI3 based media centre. This way I control and upgrade the smartness of my TV without being at the mercy of the vendor and if the system ‘kaputs’ the board replacement for the TV is cheap too!

My media centre build out was as follows ( I procured from Amazon.in, but element14.com also provides it but hell i got a better deal from A2Z):

  • Raspberry Pi 3 Model B.
  • Raspberry pi official case (Model 3, Black-Grey).
  • Samsung Evo 16GB Class 10 micro SDHC Card (MB-MP16D/IN).
  • BlueRigger High Speed HDMI Cable with Ethernet(Supports 3D, 4K and Audio Return )(6.6 Feet / 2 Meters).
  • ePro Labs Power Adapter For Raspberry Pi 3 with USB Cable 5V 2.5A Power Supply.

I already have wireless Keyboard & Mouse.

Looking forward to install following OS

 

Total cost came to INR 4,220 , similar feature set in TV was adding another INR 50K tot the TV cost which essentially I assume i had saved!

Waiting for the shipment now!

Will keep this post updated for results and my handiwork!

 

 

 

 

 

 

 

 

Deploying Tomcat with SSL / HTTPS enabled with POODLE vulnerablity fixed


1. To enable SSL deployment generate self signed certificate  or procure one from a trusted 3rd party store.

For the sake of simplicity i’ll use self signed certificate.Run the keytool located in the JDK under bin folder for generating self signed certificate.

keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore.keystore

For those wanting to have certificate from trusted Certificate Authority.

In case of For Importing the Chain Certificate into your keystore provided by trusted Certificate Authority
keytool -import -alias root -keystore <your_keystore_filename> -trustcacerts -file <filename_of_the_chain_certificate>

And finally import your new Certificate
keytool -import -alias tomcat -keystore <your_keystore_filename> -file <your_certificate_filename>

2. Configure Tomcat for SSL with POODLE fix

In server.xml under conf folder of tomcat installation enable SSL by removing comments around the SSL section and modifying it as given below

<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol” maxThreads=”150″ SSLEnabled=”true” scheme=”https” secure=”true” clientAuth=”false” sslProtocol=”TLS” keystorePass={password provided during certificate generation} keystoreFile=”\path\to\my\keystore.keystore” sslEnabledProtocols=”TLSv1.2,TLSv1.1,TLSv1″/>

Start Tomcat & hit https://localhost:8443 accept the certifcate and it will display default root application.

3. To confirm SSLv2/3 is disabled download the following tool https://github.com/rbsec/sslscan/releases
Execute the foolowing CLI
sslscan –ssl3 –no-failed 127.0.0.1:8443
sslscan –ssl2 –no-failed 127.0.0.1:8443

The tool should not return any results

 

Fixing the POODLE issue in Java client (HTTPSUrlConnection/Webservices etc.) , securing embedded jetty , fixing a .NET client stack (WCF etc.) and securing IIS7/8


– If your app is going to make HTTPS calls (act like a client) or for all Java apps using HTTPSUrlConnection set the following system property java.lang.System.setProperty(“https.protocols”,
“TLSv1,TLSv1.1,TLSv1.2”); or set the propety before starting the application with “java -Dhttps.protocols=”TLSv1,TLSv1.1,TLSv1.2″ MyAPP”

– To disable SSLv3 in embedded Jetty(v9.x)  setup the SslContextFactory

sslContextFactory.addExcludeProtocols(“SSLv3”);

sslContextFactory.setExcludeCipherSuites(“SSL_RSA_WITH_NULL_MD5”,
“SSL_RSA_WITH_NULL_SHA”, “SSL_RSA_EXPORT_WITH_RC4_40_MD5”,
“SSL_RSA_WITH_RC4_128_MD5”, “SSL_RSA_WITH_RC4_128_SHA”,
“SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5”,
“SSL_RSA_WITH_IDEA_CBC_SHA”,
“SSL_RSA_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_RSA_WITH_DES_CBC_SHA”, “SSL_RSA_WITH_3DES_EDE_CBC_SHA”,
“SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DH_DSS_WITH_DES_CBC_SHA”,
“SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA”,
“SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DH_RSA_WITH_DES_CBC_SHA”,
“SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA”,
“SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DHE_DSS_WITH_DES_CBC_SHA”,
“SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA”,
“SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DHE_RSA_WITH_DES_CBC_SHA”,
“SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA”,
“SSL_DH_anon_EXPORT_WITH_RC4_40_MD5”,
“SSL_DH_anon_WITH_RC4_128_MD5”,
“SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DH_anon_WITH_DES_CBC_SHA”,
“SSL_DH_anon_WITH_3DES_EDE_CBC_SHA”,
“SSL_FORTEZZA_KEA_WITH_NULL_SHA”,
“SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA”,
“SSL_FORTEZZA_KEA_WITH_RC4_128_SHA”,
“SSL_DHE_RSA_WITH_AES_128_CBC_SHA”,
“SSL_RSA_WITH_AES_128_CBC_SHA”);

-For securing Tomcat 7 follow the following steps

http://wiki.apache.org/tomcat/Security/POODLE

-For protecting .NET WCF or client HTTPS invocatons endpoints by forcing them to use TLS always. Set it globally for each AppDomain via the System.Net.ServicePointManager.SecurityProtocol property when the application starts up.

 

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

-Disabling SSLv3 on IIS7/8

http://support.microsoft.com/kb/187498

http://support.microsoft.com/kb/245030

Deploying Spring framework in Undertow web container


With Undertow ,the new web container replacement for JBoss AS/Wildfly , kicking ass in performance benchmarks [Ref: http://www.techempower.com/benchmarks/#section=data-r9&hw=peak&test=db%5D including node.js

I decided to explore it further. The Async features as well as Non-blocking IO features looks interesting. So going to explore that further and keep you guys posted.

Meanwhile have created reference template for getting kick started.

This could be used by anyone looking @ exploring undertow & spring deployments.

 

Source Code: https://github.com/rohitdev/project-templates

Maven Gotchas


1. Saving passwords data in settings.xml or any other xml doc with special characters

e.g. ur password is like @Q999988#

save it like <![CDATA[@Q999988#]]>

Using Android apps on you PC


Install http://www.bluestacks.com.

Let it download different packages,drivers & updates .

Launch the application and have fun.

Hibernate Tools refuses to auto generate code in Eclipse


After debugging the plugin and observing the logs it seems there is some classloader issue for the tools plugin due to which the logger libs are creating an issue with code generation.

You would get the follwoing stacktrace in the eclipse logs

!MESSAGE An internal error occurred during: "Fetching children of Database".
!STACK 0
java.lang.NoSuchMethodError: org.slf4j.spi.LocationAwareLogger.log(Lorg/slf4j/Marker;Ljava/lang/String;ILjava/lang/String;[Ljava/lang/Object;Ljava/lang/Throwable;)
	at org.apache.commons.logging.impl.SLF4JLocationAwareLog.debug(SLF4JLocationAwareLog.java:133)
	at org.hibernate.cfg.reveng.JDBCReader.processTables(JDBCReader.java:550)
	at org.hibernate.cfg.reveng.JDBCReader.readDatabaseSchema(JDBCReader.java:74)

To workaround this issue there are 2 ways.

For maven based projects comment out the logger libs reference or if its a well organised maven project remove reference to the parent

Trigger the generation it would generate the code.

If its a normal java project remove the references tot the loggers temporarily and triger generation.

Shim Config for RequireJS and Slickgrid


“shim”:{
‘lib/jquery.event.drag’: [‘lib/jquery-1.10.1.min’],
‘lib/jquery.event.drop’: [‘lib/jquery-1.10.1.min’],
‘lib/slick.core’: [‘lib/jquery-1.10.1.min’,’lib/jquery.event.drag’],
‘lib/slick.grid’: [‘lib/jquery-1.10.1.min’,’lib/jquery.event.drag’,’lib/jquery.event.drop’,’lib/slick.core’]
}
})