Showing posts from January, 2017

Declare secured connector on Tomcat for https connections

To access your tomcat threw https, you have to declare a secured connector. There are two parts to do that :

modify your server.xml with the new connector configurationgenerate a java keystore the connector will refer to
Step 1 : Modify your serveur.xml like this

<Connector            protocol="org.apache.coyote.http11.Http11NioProtocol"            port="${ssl.port}" maxThreads="200"            scheme="https" secure="true" SSLEnabled="true"            keystoreFile="${java.home}/lib/security/tomcat_java.keystore" keystorePass="changeit"            clientAuth="false" sslProtocol="TLSv1.1" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_S…

Acces Apache Tomcat on port 80 or 443 from Linux

Default Linux security rules don't allow to access network ports < 1024 to non rooted processes. A bad idea would be to start your Tomcat as ROOT. Very bad idea!!! But these's another solution. You can start your Tomcat with a port > 1024 and then redirect requests from standard ports (such as HTTP/80  or HTPS/443) to ports > 1024.

Let's imagine you bound Tomcat https connector to 8301. We'll add a rule to iptables like this :

Prequisites : switch to root (su -)

iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 8301
/etc/init.d/iptables save
/etc/init.d/iptables restart

Then, just check if rule is active with iptables -L

target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https

Now, you can access your tomcat threw a classic https url :)

Use Spring profiles and yaml configuration without Spring Boot

That's a refinement you can do to updgrade legacy applications. Using yaml config files combines with Spring profiles is a great way to configure your apps. Let's see how to do that.

Firstly, let's consider that we weill inject something in a java class depending on the runtime  environment.

public class MyService {

private String URL;


application.yaml should be like this :


  profiles: production


Thus, if I lauch my applicatin without JVM Spring profile params, URL will be If I launch it with, URL will be Great! But this feature is natively supported only for Spring Boot based applications. So, let's active this on legacy apps with this XML spring config file fragment :
<bean id="yamlProperties" class="o…

Install Oracle Java Development Kit on Ubuntu

First of all, you need to download it from Oracle web site

Then unzip it somewhere (be carefull that location is reachable from users who would use java)

tar xvzf jdk-*-linux-x64.tar.gz

The fun part would be here...

You should set your JAVA_HOME. Set it in your /etc/environment for every users or .profile for your current user

Now, we will create two symbolic links for java and javac command using update-alternatives command. There's two steps : install and set. The first create a symbolic link and register it to etc/alternatives with its alias. The second actives this alias. So, let's do this :

sudo update-alternatives --install /usr/bin/java java /home/..../jdk*/bin/java 1
sudo update-alternatives --install /usr/bin/javac javac /home/..../jdk*/bin/javac 1

sudo update-alternatives --set java /home/..../jdk*/bin/java
sudo update-alternatives --set javac /home/..../jdk*/bin/javac