Skip to main content

Posts

Showing posts from January, 2017

Declare secured connector on Tomcat for https connections

To access your tomcat threw https, you have to declare a secured connector. There are two parts to do that :


modify your server.xml with the new connector configurationgenerate a java keystore the connector will refer to
Step 1 : Modify your serveur.xml like this

<Connector            protocol="org.apache.coyote.http11.Http11NioProtocol"            port="${ssl.port}" maxThreads="200"            scheme="https" secure="true" SSLEnabled="true"            keystoreFile="${java.home}/lib/security/tomcat_java.keystore" keystorePass="changeit"            clientAuth="false" sslProtocol="TLSv1.1" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_S…

Acces Apache Tomcat on port 80 or 443 from Linux

Default Linux security rules don't allow to access network ports < 1024 to non rooted processes. A bad idea would be to start your Tomcat as ROOT. Very bad idea!!! But these's another solution. You can start your Tomcat with a port > 1024 and then redirect requests from standard ports (such as HTTP/80  or HTPS/443) to ports > 1024.

Let's imagine you bound Tomcat https connector to 8301. We'll add a rule to iptables like this :

Prequisites : switch to root (su -)

iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 8301
/etc/init.d/iptables save
/etc/init.d/iptables restart

Then, just check if rule is active with iptables -L

target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https

Now, you can access your tomcat threw a classic https url :)

Use Spring profiles and yaml configuration without Spring Boot

That's a refinement you can do to updgrade legacy applications. Using yaml config files combines with Spring profiles is a great way to configure your apps. Let's see how to do that.

Firstly, let's consider that we weill inject something in a java class depending on the runtime  environment.

@Service
public class MyService {

@Value("${service.url}")
private String URL;

}

application.yaml should be like this :

service:
   url: http://alexdp.free.fr/violetumleditor

---
spring:
  profiles: production

service:
   url: http://violet.sourceforge.net


Thus, if I lauch my applicatin without JVM Spring profile params, URL will be http://alexdp.free.fr/violetumleditor. If I launch it with -Dspring.profiles.active=production, URL will be http://violet.sourceforge.net. Great! But this feature is natively supported only for Spring Boot based applications. So, let's active this on legacy apps with this XML spring config file fragment :
<bean id="yamlProperties" class="o…

Install Oracle Java Development Kit on Ubuntu

First of all, you need to download it from Oracle web site

http://www.oracle.com/technetwork/pt/java/javase/downloads/index.html

Then unzip it somewhere (be carefull that location is reachable from users who would use java)

tar xvzf jdk-*-linux-x64.tar.gz

The fun part would be here...

You should set your JAVA_HOME. Set it in your /etc/environment for every users or .profile for your current user

Now, we will create two symbolic links for java and javac command using update-alternatives command. There's two steps : install and set. The first create a symbolic link and register it to etc/alternatives with its alias. The second actives this alias. So, let's do this :


sudo update-alternatives --install /usr/bin/java java /home/..../jdk*/bin/java 1
sudo update-alternatives --install /usr/bin/javac javac /home/..../jdk*/bin/javac 1

sudo update-alternatives --set java /home/..../jdk*/bin/java
sudo update-alternatives --set javac /home/..../jdk*/bin/javac