searchforsolutions

Just another WordPress.com site

Tag Archives: Java

Optimizing start up time of an Spring application


  1. Load the bean lazily! Specify @Lazy (true) annotation for all the beans!
  2. Instead of class path scanning the beans could be loaded from a particular package name format or have a list of classes generated before hand (write some utility to generate discovered beans and dump in csv and then use it to load only certain beans)

Concurrency control for database updates

Deploying Tomcat with SSL / HTTPS enabled with POODLE vulnerablity fixed


1. To enable SSL deployment generate self signed certificate  or procure one from a trusted 3rd party store.

For the sake of simplicity i’ll use self signed certificate.Run the keytool located in the JDK under bin folder for generating self signed certificate.

keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore.keystore

For those wanting to have certificate from trusted Certificate Authority.

In case of For Importing the Chain Certificate into your keystore provided by trusted Certificate Authority
keytool -import -alias root -keystore <your_keystore_filename> -trustcacerts -file <filename_of_the_chain_certificate>

And finally import your new Certificate
keytool -import -alias tomcat -keystore <your_keystore_filename> -file <your_certificate_filename>

2. Configure Tomcat for SSL with POODLE fix

In server.xml under conf folder of tomcat installation enable SSL by removing comments around the SSL section and modifying it as given below

<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol” maxThreads=”150″ SSLEnabled=”true” scheme=”https” secure=”true” clientAuth=”false” sslProtocol=”TLS” keystorePass={password provided during certificate generation} keystoreFile=”\path\to\my\keystore.keystore” sslEnabledProtocols=”TLSv1.2,TLSv1.1,TLSv1″/>

Start Tomcat & hit https://localhost:8443 accept the certifcate and it will display default root application.

3. To confirm SSLv2/3 is disabled download the following tool https://github.com/rbsec/sslscan/releases
Execute the foolowing CLI
sslscan –ssl3 –no-failed 127.0.0.1:8443
sslscan –ssl2 –no-failed 127.0.0.1:8443

The tool should not return any results

 

Fixing the POODLE issue in Java client (HTTPSUrlConnection/Webservices etc.) , securing embedded jetty , fixing a .NET client stack (WCF etc.) and securing IIS7/8


– If your app is going to make HTTPS calls (act like a client) or for all Java apps using HTTPSUrlConnection set the following system property java.lang.System.setProperty(“https.protocols”,
“TLSv1,TLSv1.1,TLSv1.2”); or set the propety before starting the application with “java -Dhttps.protocols=”TLSv1,TLSv1.1,TLSv1.2″ MyAPP”

– To disable SSLv3 in embedded Jetty(v9.x)  setup the SslContextFactory

sslContextFactory.addExcludeProtocols(“SSLv3”);

sslContextFactory.setExcludeCipherSuites(“SSL_RSA_WITH_NULL_MD5”,
“SSL_RSA_WITH_NULL_SHA”, “SSL_RSA_EXPORT_WITH_RC4_40_MD5”,
“SSL_RSA_WITH_RC4_128_MD5”, “SSL_RSA_WITH_RC4_128_SHA”,
“SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5”,
“SSL_RSA_WITH_IDEA_CBC_SHA”,
“SSL_RSA_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_RSA_WITH_DES_CBC_SHA”, “SSL_RSA_WITH_3DES_EDE_CBC_SHA”,
“SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DH_DSS_WITH_DES_CBC_SHA”,
“SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA”,
“SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DH_RSA_WITH_DES_CBC_SHA”,
“SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA”,
“SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DHE_DSS_WITH_DES_CBC_SHA”,
“SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA”,
“SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DHE_RSA_WITH_DES_CBC_SHA”,
“SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA”,
“SSL_DH_anon_EXPORT_WITH_RC4_40_MD5”,
“SSL_DH_anon_WITH_RC4_128_MD5”,
“SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DH_anon_WITH_DES_CBC_SHA”,
“SSL_DH_anon_WITH_3DES_EDE_CBC_SHA”,
“SSL_FORTEZZA_KEA_WITH_NULL_SHA”,
“SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA”,
“SSL_FORTEZZA_KEA_WITH_RC4_128_SHA”,
“SSL_DHE_RSA_WITH_AES_128_CBC_SHA”,
“SSL_RSA_WITH_AES_128_CBC_SHA”);

-For securing Tomcat 7 follow the following steps

http://wiki.apache.org/tomcat/Security/POODLE

-For protecting .NET WCF or client HTTPS invocatons endpoints by forcing them to use TLS always. Set it globally for each AppDomain via the System.Net.ServicePointManager.SecurityProtocol property when the application starts up.

 

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

-Disabling SSLv3 on IIS7/8

http://support.microsoft.com/kb/187498

http://support.microsoft.com/kb/245030

Deploying Spring framework in Undertow web container


With Undertow ,the new web container replacement for JBoss AS/Wildfly , kicking ass in performance benchmarks [Ref: http://www.techempower.com/benchmarks/#section=data-r9&hw=peak&test=db%5D including node.js

I decided to explore it further. The Async features as well as Non-blocking IO features looks interesting. So going to explore that further and keep you guys posted.

Meanwhile have created reference template for getting kick started.

This could be used by anyone looking @ exploring undertow & spring deployments.

 

Source Code: https://github.com/rohitdev/project-templates

Maven Gotchas


1. Saving passwords data in settings.xml or any other xml doc with special characters

e.g. ur password is like @Q999988#

save it like <![CDATA[@Q999988#]]>

Solution – Eclipse / Springsource ToolSuite consumes large number of CPU cycles or hangs when starting Tomcat


  • Delete all the breakpoints that you may have set for debugging. I think it has some recursive call through the code to figure out the breakpoints. If the line has changed i guess it goes for a toss.
  • Disable all the validators
  • Close unrealted projects

Web application framework benchmarks


A very good benchmark for all the frameworks out in the market.

http://www.techempower.com/blog/2013/03/28/framework-benchmarks/

http://www.techempower.com/blog/2013/04/05/frameworks-round-2/

 

So JVM did not perform that bad. So much for all the noise about other frameworks.  JAVA is the king!

JSF framework for Web 2.0


Just stumbled across an JSF framework.

http://www.primefaces.org/

The demo portal looks quite promising

http://www.primefaces.org/showcase-labs/ui/home.jsf

I’m more comfortable with server-side user interface designing using component technologies.So this may not be suitable for high traffic websites but an awesome choice for enterprise applications

Java and WMI