Java: Loading self-signed, CA, and SAN certificates into a Java Keystore

The JRE comes preloaded with a set of trusted root authorities, but if you are working with self-signed certificates, or SAN server certificates that were signed using your own Certificate Authority then you are going to need to add these certificates to your trusted keystore.

If your Java application attempts to communicate via TLS to a remote host that does not have a trusted chain of security you will get the all too famous “SSLHandshakeException: PKIX path building failed” exception.  At this point you have a couple of options:

  • Bypass all security checks by injecting a custom X509TrustManager that allows all communication
  • Add the certificates you want to trust into the TrustManager keystore

Bypassing security at this level is not a good idea.  It’s like telling your browser that you will never care about HTTPS certificates, so from now on just show the green icon in the address bar no matter what.    It is best to address security from day one, and not as a future feature.

In this article I will lead you through installing a self-signed as well as CA signed certificate into the Trust Manager keystore so that TLS communication to remote sites is handled correctly and securely.

Continue reading “Java: Loading self-signed, CA, and SAN certificates into a Java Keystore”

Maven: Installing a private Maven repository on Ubuntu using Apache Archiva

An essential part of the standard build process for Java applications is having a repository where project artifacts are stored.

Artifact curation provides the ability to manage dependencies, quickly rollback releases, support compatibility of downstream projects, do QA promotion from test to production, support a continuous build pipeline, and provides auditability.

Archiva from the Apache foundation is open-source and can serve as the repository manager for popular build tools such as Maven and Jenkins.

Continue reading “Maven: Installing a private Maven repository on Ubuntu using Apache Archiva”

Java: Using XMLAdapter to process custom datatypes using JAXB

JAXB provides a framework for two-way binding between XML and Java structures, making it easy for developers to serialize and deserialize their XML into Java objects.

Decorating a class with @XmlElement and @XmlAttribute annotations is all it usually takes to build a rich domain model from XML, but sometimes you get into a situation where more custom processing is required.

A custom XMLJavaTypeAdapter can help resolve these issues by providing custom methods for marshalling and unmarshalling the XML into the correct Java type.

Continue reading “Java: Using XMLAdapter to process custom datatypes using JAXB”

Java: Determining the Java version used to compile a class, ‘class file has the wrong version’

If a Java class file is compiled with a higher supported version than is currently being run, you will get the ‘bad class file’, ‘class file has the wrong version XX.0, should be XX.0’ error message.

The good news is that this is a relatively simple issue to address.  For example, if the .class file was compiled as a Java 1.8 class file on a Jenkins continuous integration node, but the JRE on the desktop where you want to run it only has Java 1.7, then you will get this message when you attempt to run it.

Continue reading “Java: Determining the Java version used to compile a class, ‘class file has the wrong version’”

Java: Using Maven from the console for running classes, unit tests, checking dependencies

In this short article, I’ll provide some Maven commands that I’ve found helpful.

 

Run single class from src/main/java

mvn exec:java -Dexec.mainClass=this.is.MyClass -Dexec.args="myarg1 'my second arg' myarg3"

Run unit test from src/test/java, all methods decorated with @Test

mvn test -Dtest=this.is.MyTestClass

Run unit test from src/test/java, only methods decorated with @Test and that start with ‘testDatabase’

mvn test -Dtest=this.is.MyTestClass#testDatabase*

Continue reading “Java: Using Maven from the console for running classes, unit tests, checking dependencies”

CloudFoundry: Enabling Java JMX/RMI access for remote containers

Enabling the use of real-time JVM monitoring tools like jconsole and VisualVM can be extremely beneficial when troubleshooting issues.  These tools work by enabling a JMX/RMI communication channel to the JVM.

These are typically thought of as local development tools, but they can also be used on remote CF containers running Java.  In this article, I’ll show you how to enable JMX/RMI to your remote Cloud Foundry container.

Continue reading “CloudFoundry: Enabling Java JMX/RMI access for remote containers”

CloudFoundry: Java thread and heap dump analysis on remote containers

Java thread and heap dumps are valuable tools for troubleshooting local development,  but they can also be used on remote CF containers running a JVM.  In this article, we’ll go through various method of gathering this data from a Cloud Foundry container and then tools for analyzing this data.

Now matter how uniform your environments, whether using Cloud Foundry stemcells/containers, configuration management tools,  or Docker images, there are always real-world issues that show up only in certain environments (especially production!).  There are unique corner cases that get exposed by end user experimentation, unexpected thread locking,  generational memory issues,  etc… and thread and heap dump analysis tools can assist.

Continue reading “CloudFoundry: Java thread and heap dump analysis on remote containers”

CloudFoundry: Enabling Java remote debugging with Eclipse

Remote debugging of Java applications from an IDE can be essential when debugging difficult issues.  There is no reason to give this functionality up just because you are deploying to a container in Cloud Foundry.

In this article we’ll go over how to enable remote debugging from a local Eclipse IDE to a public CF provider like Pivotal CloudFoundry.

Continue reading “CloudFoundry: Enabling Java remote debugging with Eclipse”

CloudFoundry: Monitoring the spring-music webapp, Part 5

Cloud Foundry is an opinionated Platform-as-a-Service that allows you to manage applications at scale. This article is part of a series that explores different facets of a Cloud Foundry deployment using the spring-music project as an example.

This article is Part 5 of  a series on Cloud Foundry concepts:

In this particular article, we will look at application level monitoring of CF deployed applications using the New Relic Service Broker.  The New Relic product enables real-time monitoring of applications.

Continue reading “CloudFoundry: Monitoring the spring-music webapp, Part 5”

CloudFoundry: Logging for the spring-music webapp, Part 4

Cloud Foundry is an opinionated Platform-as-a-Service that allows you to manage applications at scale.  This article is part of a series that explores different facets of a Cloud Foundry deployment using the spring-music project as an example.

This article is Part 4 of  a series on Cloud Foundry concepts:

In this particular article, we will look at the Cloud Foundry log types, how to configure logback for spring-music, and then how to inject those events into a log pipeline.

Continue reading “CloudFoundry: Logging for the spring-music webapp, Part 4”

CloudFoundry: Scaling the spring-music webapp, Part 3

Cloud Foundry is an opinionated Platform-as-a-Service that allows you to manage applications at scale.  This article is part of a series that explores different facets of a Cloud Foundry deployment using the spring-music project as an example.

This article is Part 3 of  a series on Cloud Foundry concepts:

Specifically in this article, we will horizontally and vertically scale up the spring-music application and show how this affects the routing and logging.

Continue reading “CloudFoundry: Scaling the spring-music webapp, Part 3”

CloudFoundry: Persisting spring-music data using Postgres service, Part 2

Cloud Foundry is an opinionated Platform-as-a-Service that allows you to manage applications at scale.  This article is part of a series that explores different facets of a Cloud Foundry deployment using the spring-music project as an example.

This article is Part 2 of  a series on Cloud Foundry concepts:

In this particular article, we will create a Cloud Foundry Postgres service to externalize the persistent store instead of using the default in-memory H2 database which is destroyed every time the application is restarted or restaged.

Continue reading “CloudFoundry: Persisting spring-music data using Postgres service, Part 2”

CloudFoundry: Deploying the spring-music webapp, Part 1

Cloud Foundry is an opinionated Platform-as-a-Service that allows you to manage applications at scale.  It supports multiple infrastructure platforms, and is able to standardize deployment, logging,  scaling, and routing in a way friendly to a continuous delivery pipeline.

This article is Part 1 of  a series on Cloud Foundry concepts:

In this particular article, we will install the command line interface for Cloud Foundry on Ubuntu and then use that to deploy the Spring Boot based spring-music project to a CF provider.

Continue reading “CloudFoundry: Deploying the spring-music webapp, Part 1”

Docker: Sending Spring Boot logging to syslog

Building services using Spring Boot gives a development team a jump start on many production concerns, including logging.  But unlike a standard deployment where logging to a local file is where the developer’s responsibility typically ends, with Docker we must think about how to log to a public space outside our ephemeral container space.

The Docker logging drivers capture all the output from a container’s stdout/stderr, and can send a container’s logs directly to most major logging solutions (syslog, Logstash, gelf, fluentd).

As an added benefit, by making the logging implementation a runtime choice for the container, it provides flexibility to use a simpler implementation during development but a highly-available, scalable logging solution in production.

Continue reading “Docker: Sending Spring Boot logging to syslog”

Spring: Spring Boot with SLF4J/Logback sending to syslog

The Spring framework provides a proven and well documented model for the development of custom projects and services. The Spring Boot project takes an opinionated view of building production Spring applications, which favors convention over configuration.

In this article we will explore how to configure a Spring Boot project to use the Simple Logging Facade for Java (SLF4J) with a Logback backend to send log events to the console, filesystem, and syslog.

Continue reading “Spring: Spring Boot with SLF4J/Logback sending to syslog”

Maven: Installing a 3rd party jar to a local or remote repository

Especially in enterprise application development, there can be 3rd party dependencies that are not available in public Maven repositories.  These may be internal, business specific libraries or licensed libraries that have limitations on usage.

When this is the case, you can either publish to a private Maven repository that controls authorization or you can put them into your local cached maven repository.

Continue reading “Maven: Installing a 3rd party jar to a local or remote repository”

Maven: Installing a private Maven repository on Ubuntu using Artifactory

An essential part of the standard build process for Java applications is having a set of repositories where project artifacts are stored.

Artifact curation provides the ability to manage dependencies, quickly rollback releases, support compatibility of downstream projects, do QA promotion from test to production, support a continuous build pipeline, and provides auditability.

JFrog puts out an open-source Maven server called Artifactory that is perfect for setting up a private Maven repository for internal applications.

Continue reading “Maven: Installing a private Maven repository on Ubuntu using Artifactory”

Selenium: Running headless automated tests on Ubuntu

Selenium is an open-source solution for automating the browser allowing you to run continuous integration tests, validate performance and scalability, and perform regression testing of web applications.

This kind of automated testing is useful not only from desktop systems, but also from server machines where you may want to monitor availability or correctness of returned pages.  For example, web site response monitoring or as part of a Jenkins validation pipeline.

The first method we can use to accomplish this is to use a headless driver such as the HtmlUnit or PhantomJS driver – these are tiny browser implementations that load and execute web pages but do not actually draw the results to a screen.

The second method is specific to Linux based systems, where you use the actual Chrome browser.  The trick is to use Xvfb as a virtualized display.

Continue reading “Selenium: Running headless automated tests on Ubuntu”

AppDynamics: Java Spring PetClinic and MySQL configured for monitoring

As an exploration of AppDynamics’ APM functionality, you may find it useful to deploy a sample application that can quickly return back useful data.  The Java Spring PetClinic connecting back to a MySQL database provides a simple code base that exercises both database and application monitoring.

We’ll deploy the Java Spring PetClinic unto Tomcat running on Ubuntu 14.04.  MySQL will be the backing persistence engine for the web application.  The AppDynamics Java agent will be loaded into the JVM running Tomcat, and the AppDynamics Database Agent will connect to MySQL for metrics gathering.

Continue reading “AppDynamics: Java Spring PetClinic and MySQL configured for monitoring”

Ubuntu: Decompiling Java classes on Ubuntu using Eclipse and JD-GUI

ubuntuDecompiling Java classes is sometimes associated with dubious behavior around proprietary and licensed software, but in reality there are many valid reasons why one may find it necessary to dig into Java class files and jar/war archives.  It can be as simple as your development team no longer having the 2 year old version of the code deployed in production.

We’ll go over a couple of ways to decompile Java classes on an Ubuntu desktop.

Continue reading “Ubuntu: Decompiling Java classes on Ubuntu using Eclipse and JD-GUI”

Syslog: Sending Java SLF4J/Logback to Syslog

logback-logoSLF4J, the Simple Logging Facade for Java, is a popular front for various logging backends, one of the being Logback.  With the advent of containerization, using syslog to send data to remote logging infrastructure has become a popular transport method.

Enable Syslog Input

The first step is to enable the receipt of syslog messages.  This could be any server listening for syslog messages. You can follow my previous article on configuring an Ubuntu server to receive RFC5424 compatible messages or you can configure a syslog input in Logstash.

Continue reading “Syslog: Sending Java SLF4J/Logback to Syslog”

Syslog: Sending Java log4j2 to rsyslog on Ubuntu

log4j-logoLogging has always been a critical part of application development.  But the rise of OS virtualization, applications containers, and cloud-scale logging solutions has turned logging into something bigger that managing local debug files.

Modern applications and services are now expected to feed log aggregation and analysis stacks (ELK, Graylog, Loggly, Splunk, etc).  This can be done a multitude of ways, in this post I want to focus on modifying log4j2 so that it sends directly to an rsyslog server.

Even though we focus on sending to an Ubuntu ryslog server in this post, this could be any entity listening for syslog traffic, such as Logstash.

Continue reading “Syslog: Sending Java log4j2 to rsyslog on Ubuntu”

Documentum: Separating dfc.properties from your WAR

LogoDocumentumIn the world of microservices and containers, it is often desirable to keep settings such as those found in dfc.properties outside of the jar or war so that the deployment binary is the same no matter which environment it is deployed into.

The settings in dfc.properties can be externalized by specifying the location of dfc.properties in a JVM system property such as:

-Ddfc.properties.file=/tmp/dfc.properties