doobries domain

The Apache Tocat team have announced the release of Tomcat 7.0.34. " This release contains a small number of bug fixes and improvements compared to version 7.0.33. The notable changes include Improvements to the AccessLogValve to better handle non-standard DST changes and to provide option for the current access log to have a standard name. Fix various JMX registration and deregistration issues. Update the Eclipse JDT compiler to 4.2.1 " The new release of Tomcat can be downloaded from the project's  download site . Full release notes can be dound in the  Changelog .

The Apache Tomcat team has announced 3 new security advisories for Apache Tomcat versions 6 and 7.  All three of these advisories are classified as important, meaning that users should upgrade to an appropriate version of Tomcat. The advisories are: CVE-2012-4534 Apache Tomcat denial of service CVE-2012-3546 Apache Tomcat Bypass of security constraints CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter CVE-2012-4534 Apache Tomcat denial of service " When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service. " Users are advised to upgrade to Tomcat version 7.0.28 or later (or 6.0.36 or later for Tomcat 6 users). CVE-2012-3546 Apache Tomcat Bypass of security constraints " When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to ...

The Apache Tomcat team have announced the release of Apache Tomcat version 7.0.33. This latest release can be downloaded from the project's download page at  http://tomcat.apache.org/download-70.cgi . This release does not contain any major security fixes, but incorporates nearly 40 bug fixes and performance improvements. The notable changes for this release are said to be: A fix to the AccessLogValve to address a bug that caused some entries to be made with incorrect time stamps. A re-written, smaller, faster HTTP header parser. Further performance improvements for Jasper, Tomcat's JSP engine. The changelog for this relese can be viewed at  http://tomcat.apache.org/tomcat-7.0-doc/changelog.html .

A recent  post  on the SAP NetWeaver Cloud Developer Center states that SAP NetWeaver Cloud is now Java EE 6 Web Profile Certified. NetWeaver Cloud Developer now adds to the growing list of Java EE application servers that are certified against the Java EE 6 Web Profile. NetWeaver Cloud Developer is currently released as a beta version of the software, but supports the following Java EE technologies. Servlet 3.0 JavaServer Pages (JSP) 2.2# Expression Language (EL) 2.2 Debugging Support for Other Languages (JSR-45) 1.0 Standard Tag Library for JavaServer Pages (JSTL) 1.2 JavaServer Faces (JSF) 2.0 Common Annotations for the Java Platform (JSR-250) 1.1 Enterprise JavaBeans (EJB) 3.1 Lite Java Transaction API (JTA) 1.1 Java Persistence API (JPA) 2.0 Bean Validation 1.0 Managed Beans 1.0 Interceptors 1.1 Context and Dependency Injection for the Java EE Platform 1.0 Dependency Injection for Java 1.0 Java Mail 1.4 At the moment, this is a beta release and therefore "...

Do you use Apache Log4J for logging?  If so, then you may be interested to hear that the Apache Logging team has released the 3rd beta of Apache Log4J 2 - the successor to the popular logging framework Log4J. Log4J2 is an upgrade to the original Log4J providing many improvements such as separating the API from the implementation, providing better performance and automatically reloading configuration files upon modification. The full list of improvements over Log4J can ben found here . For full information about Log4J 2, check out the project website at  http://logging.apache.org/log4j/2.x/

VisualVM, the "All-In-One Java Troubleshooting Tool" has been updated and released at version 1.3.5. This new release contains many  new features and enhancements and bug fixes . For those not familiar with VisualVM, it is " a visual tool integrating several commandline JDK tools and lightweight profiling capabilities. Designed for both production and development time use, it further enhances the capability of monitoring and performance analysis for the Java SE platform. " VisualVM is supported on Many different platforms that support JDK 6+.  A full list of supported platforms/JDKs can be found in the  release notes . VisualVM can be downloaded from the project's download site .

Thomas Risberg has announced that version 1.0 of the Spring Data JDBC Extensions project is now available providing Querydsl and advanced Oracle support. " The Spring Data JDBC Extensions project was created to provide additional support for vendor specific JDBC extensions as well as new approaches to working with JDBC like Querydsl. The bulk of the support consists of code ported from the SpringSource project "Advanced Pack for Oracle Database" that was available for support subscription customers. We are now making this code available to all Spring users and any new developments will be made in the Spring Data JDBC Extensions project. " The software can be downloaded from the project's  site. Further information on the Spring Data JDBC Extension can be found in the  Reference Documentation .

In a recent post on the  Aquarium , Reza Rahman asks for feedback on the upcoming Java EE 7 which is now in the Early Draft Review stage. Java EE 7 is defined under  JSR-342 , the project page for the specification can be found on Java.net In his  post , Reza states: "There are now a number of important open issues that the Java EE expert group would like to get broad community feeback on. These issues include what new JSRs to add to the Java EE Full/Web Profile as well as how to better align CDI with Java EE. Help shape the future and voice your opinion on these critical open issues by taking the short survey posted  here ." If you want to get involved in the future of Java EE, they why not start today by completing the survey.

An Apache Tomcat Denial of Service vulnerability has been identified in apache Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.27 The vulnerability is decribed as: " The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers. " Users are advised to upgrade to Apache Tomcat version 6.0.36 (or later) or 7.0.28 (or later).

The Apache Foundation has announced that Apache Tomcat 6.0.36 has been released and is available for immediate download. This is primarily a bug fix release, and it is recommended that all users of Tomcat 6 upgrade to this version. The software can be downloaded from:  http://tomcat.apache.org/ download-60.cgi The full changelog for the software can be found at:  http://tomcat.apache.org/ tomcat-6.0-doc/changelog.html

Yesterday I was trying to view a DVD on Ubuntu, but was getting an error stating that the DVD was encrypted, but there was no DVD decryption library available. It turns out that its easy to add the relevant decryption libraries as this  link  describes. From a terminal window, the steps to getting the relevant software installed to play a DVD are: $ sudo apt-get install ubuntu-restricted-extras $ sudo /usr/share/doc/libdvdread4/install-css.sh After executing those commands, you should be able to play DVDs correctly.

This post assumes that you're familiar with using Arquillian for testing Java applications. If you’re not familiar with Arquillian, then I suggest you check out the guides at  http://www.arquillian.org/  where you’ll learn how to write Java tests that can run on the server and are much easier to write and maintain. When writing an Arquillian test, you create a deployment as in the following code sample: @Deployment public static Archive<?> createTestArchive() { return ShrinkWrap.create(JavaArchive.class, "test.jar") .addClasses(RandomNumberBean.class); } It’s not uncommon to see a lot of calls to .addClasses() or .addPackages(). When working with third party libraries, this list of classes/packages added to the archive can grow and grow (and can be a bit of a trial and error process to get a complete list of dependencies). The ShrinkWrap Maven Resolver overcomes this issue by allowing you to specify Maven dependencies in the createTestArchive() method rat...

If you’ve not heard of OpenShift, it’s: "a free, cloud-based application platform for Java, Perl, PHP, Python, and Ruby applications." OpenShift uses git to publish files to your site, so the general approach is to make your application locally, commit files to git and then push them to OpenShift. In practice this works very well, but there are a couple of gotcha’s that I encountered – I’ll explain those later. OpenShift express supports Java (with full AS7 support), Ruby, PHP, Perl and Python apps. In this post, I’m going to show the steps needed to host WordPress at OpenShift Express. Installing the client tools So, the first stage in setting up on OpenShift is to install the OpenShift client tools. On Ubuntu, this is achieved with apt-get $ sudo apt-get install ruby $ sudo apt-get install rubygems $ sudo apt-get install rhc Creating a domain and an application After installing the OpenShift tools, the next stage is to create a domain name to host the applicati...

When you have got multiple versions of Java installed, you can choose which one you want to use by running the update-alternatives command. Running this command shows a list of installed Java JDKs and JREs allowing one to be selected as the default that is used when java needs to be executed. $ sudo update-alternatives --config javac If you prefer to use a gui instead of the command line, you can execute galternatives instead and define the default versions of software with the following dialog. $ sudo galternatives

If you use Eclipse on Ubuntu, you will probably have found that the version in the Ubuntu repositories doesn’t have all the plugins you’re used to, and will have installed Eclipse from a download at eclipse.org If this is the case, you can create a shortcut launcher to Eclipse using the gnome-desktop-item-edit application enabling Eclipse to be pinned to the Unity Dock. gnome-desktop-item-edit isn’t installed with a clean copy of Ubuntu however. To install run the following: $ sudo apt-get install gnome-panel After installation, you can create a new launcher by executing the following command: $ gnome-desktop-item-edit --create-new ~/.local/share/applications This will cause the following window to be displayed. Enter all the relevant details into the window (including selecting the icon) and press OK. This will create an Eclipse launcher. If you then navigate to this folder, you can drag and drop the Eclipse icon onto the Dock to create the pinned shortcut to Eclipse.

Quite often I see, or get asked why certain math functions don’t compile properly when all the necessary includes are correctly applied. For example: #include <stdio.h> #include <math.h> int main() { double value = 9.0; double ans = sqrt(value); char szBuffer[256]; sprintf(szBuffer,"%f",ans); printf("%s",szBuffer); return 0; } Compiling the above code with the command gcc main.c gives an error indicating that sqrt is undefined. $ gcc main.c /tmp/ccHazXRB.o: In function `main': main.c:(.text+0x48): undefined reference to `sqrt' collect2: ld returned 1 exit status The simple problem here is that the code isn’t linked against the math library so the math functions cannot be resolved. The correct way to compile is using the -lm option which instructs the linker to use the math library. $ gcc main.c -lm One thing to remember is the location of the -lm option. This usually has to be placed after the filename that is being c...

Last week I posted about not being able to use Enigmail in Thunderbird to read encrypted messages. My solution was to manually download the latest version of Enigmail and install locally. Good news today to make the task easier. The new version (enigmail 2:1.3.5-0ubuntu0.11.10.1) of Enigmail has been pushed out to the Ubuntu Software Centre and can be installed by updating with apt-get .

git status Show the working tree status, i.e. what have I changed and what have I added. git commit -a -m “my message” Commit all my changes and store with the message “my message”. git push origin Push all my commits back to the remote server. git tag List the tags in the current branch. git tag -a myTag -m “tag message” Create a tag called myTag and store with the message “tag message”. git show myTag  Show information about the tag myTag. git branch myBranch Create a branch called myBranch. git branch Display a list of all branches. git merge myBranch Merge the changes made on the current branch into myBranch. git checkout myBranch Switch code base to the branch myBranch.

I’ve just upgraded to Thunderbird 10 today on Ubuntu 11.10. Upon running Thunderbird I got the following error message stating that Enigmail had failed to start. Enigmail: Enigmime Service not available To permanently avoid this alert, either fix the problem or uninstall Enigmail. Click on the Help button for more details. The version of Enigmail that is downloaded and installed via the Ubuntu Software Centre is 1.3.4. It seems this version doesn’t work properly with Thunderbird 10. To fix the problem, remove the 1.3.4 plugin (choose “Tools | Addons”) and then install the new 1.3.5 version available from the Enigmail download site. Update: A new version of Enigmail has been pushed out to the Software Centre. See here for more details.

JBoss 7 is the latest Java EE application server to be released by Red Hat. Version 7 is certified against the Java EE 6 Web Profile and has been developed with productivity and speed in mind – the current version offering significant speed enhancements over previous versions. Not only is AS7 available as a download for developers, it is also an important aspect of Red Hat's OpenShift Platform-as-a-Service (PaaS) offering. JBoss AS 7 Configuration, Deployment and Administration explains how to use all the components that make up the application server covering (as you would expect from the title) configuration, management, deployment and administration. Many of these features are different in AS 7 from previous versions of JBoss AS so this book is in invaluable resource. The book is aimed at administrators, developers and testers, so whatever your role, chances are you will find something useful in the book. The book starts by showing how to download and install AS7. ...

Prime Technology  have announced the release of PrimeFaces 3.1 - " The Ultimate JSF Component Suite ". PrimeFaces contains over 100 JSF components and over 30 ui themes; a mobile optimized rendering engine and high performance push features which alltogether make Prime Faces one of the leading JSF 2 component suites. For a demonstration of the different components check out the Prime Faces  Showcase . Both the PrimeFaces libraries and source code can be downloaded from  here  - this also contains details of how to configure Prime Faces within a Maven build.

I just wanted to remind everyone of the free competition that is going on over at developinjava.com to win a free copy of JBoss AS 7 Configuration, Deployment and Administration by Francesco Marchioni. To enter, all you have to do is visit the competition and comment on the book. What are you waiting for?  Go and enter now and you could be the proud winner of a copy of the book.

When compiling small applications, its fairly easy just to compile using g++ from the command line. If you’re compiling anything more complex than a single file, its probably easier to use a Makefile. This example Makefile demonstrates how to compile an application that uses the GTKMM library. NAME=my-app CFLAGS=-g -Wall -o $(NAME) GTKFLAGS=`pkg-config --cflags --libs gtkmm-3.0` SRCS=main.cc myapp.cc CC=g++ # Do all all: main # Compile main: $(SRCS) $(CC) $(CFLAGS) $(SRCS) $(GTKFLAGS) # Clean clean: rm -f $(NAME) rm -f *.h~ rm -f *.cc~ rm -f Makefile~ rm -f *.glade~

A few days ago, we linked to a poll running on the eclipse.org site asking users to help decide the name for the 2013 Eclipse simultaneous release. Eclipse community members have voted and the most popular suggested name, with nearly half the votes at 48%, is K epler .

Apache Tomcat 7.0.25 has been released and is available for immediate download from  http://tomcat.apache.org/download-70.cgi Mark Thomas notes on the Tomcat mailing lists: "The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.25 This release includes numerous bug fixes and several new features compared to version 7.0.23. The notable new features include: * Align the Servlet 3.0 implementation with the changes defined in the first maintenance release (also known as Rev. A.). See the JCP documentation for a detailed list of changes. * Add support for connectors to automatically select a free port to bind to. This is useful when embedding and for testing. * Update to Commons Pool 1.5.7, Commons Daemon 1.0.8 and Eclipse JDT compiler 3.7.1. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html Note that this version has 4 zip binaries: a generic one and three bundled with Tomcat native...

Today SpringSource, the makers of the Spring Framework are hosting 2 webinars entitled: "Modern Enterprise Java Architectures with Spring 3.1". "In its 3.1 generation, the Spring Framework presents itself as a versatile open source platform for Java-based application architectures on any kind of deployment platform. This presentation covers the key feature set in Spring 3.1, from environment profiles and Java-based application configuration to declarative caching and Servlet 3.0 support. Spring 3.1's capabilities will be discussed in the context of current trends such as cloud computing and HTML 5, influencing the way enterprise Java applications will be built in 2012 and beyond." The webinars are to be held at 3pm UK time for European audiences and at 1pm EST for North American audiences. Full details of the webinars can be found at: European Webinar North American Webinar

A new Tomcat security issue has been reported that affects Tomcat versions 7.0.0 through 7.0.22, versions 6.0.0 through 6.0.33 and versions 5.5.0 through 5.5.34. According to the Tomcat mailing lists: "CVE-2012-0022 Apache Tomcat Denial of Service Severity: Important Description: Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values. Mitigation: Users of affected versions should apply one of the following mitigations: - Tomcat 7.0.x users should upgrade to 7.0.23 or later - Tomcat 6.0.x users should upgrade to 6.0.35 or later - Tomcat 5.5.x users s...

A new Tomcat security issue has been reported that affects Tomcat versions 7.0.0 through 7.0.21 and versions 6.0.30 through 6.0.33. According to the Tomcat mailing lists: "CVE-2011-3375 Apache Tomcat Information disclosure Severity: Important Description: For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request. The issue was resolved be ensuring that the request and response objects were recycled after being re-populated to generate the necessary access log...

A new community poll over on eclipse.org is asking readers to help decide the name of the 2013 annual release of Eclipse.  Each year the Eclipse Foundation releases a new version of Eclipse - this year it was Eclipse Indigo. The 2013 release of Eclipse must start with the letter "K", and the suggestions for the poll are: Karl Kratos Kepler Ketu Koronis Kuiper I know my favourite, what's yours?  Head on over to eclipse.org to cast your vote.  The poll will remain open until January 15.

Apache Commons Pool version 1.6 has been released.  In the release notification, Gary Gregory states: "The Apache Commons team is pleased to announce the release of version 1.6 of Commons Pool. Commons Pool provides a general purpose object pooling API, an implementation toolkit and some pool implementations. Version 1.6 adds generics to, and is binary compatible with, version 1.5.7. Source and binary distributions are available for download from the Apache Commons Pool download site: http://commons.apache.org/pool/download_pool.cgi Please verify signatures using the KEYS file available at the above location when downloading the release. For more information on Apache Commons Pool, visit the Pool home page: http://commons.apache.org/pool/ Feedback, suggestions for improvement or bug reports are welcome via the "Mailing Lists" and "Issue Tracking" links here: http://commons.apache.org/pool/project-info.html "

Yesterday, Mark Fisher announced the release of Spring Integration version 2.1 "Spring Integration provides an extension of the Spring programming model to support the well-known Enterprise Integration Patterns. It enables lightweight messaging within Spring-based applications and supports integration with external systems via declarative adapters. Those adapters provide a higher-level of abstraction over Spring's support for remoting, messaging, and scheduling. Spring Integration's primary goal is to provide a simple model for building enterprise integration solutions while maintaining the separation of concerns that is essential for producing maintainable, testable code." Spring Integration 2.1 includes many new features and hundreds of resolved issues including: RabbitMQ / AMQP support Support for VMWare vFabric GemFire Support for the Redis data structure server Support for MongoDB NoSQL server JSR-223 Scripting Support (S)FTP Outbound Gateways A com...

Packt Publishing have just agreed to send me a copy of JBoss AS 7 Configuration, Deployment and Administration by Francesco Marchioni. I'll be reviewing the book shortly and posting my review. This looks like an interesting book as it covers management and administration of JBoss AS 7, something not often found in books.

NetBeans IDE 7.1 has been released and is now available for download. Geertjan Wielenga states that NetBeans 7.1 "introduces support for JavaFX 2.0 by enabling the full compile/debug/profile development cycle for JavaFX 2.0 applications. The release also provides significant Swing GUI Builder enhancements, CSS3 support, and tools for visual debugging of Swing and JavaFX user interfaces. Additional highlights include Git support integrated into the IDE, new PHP debugging features, various JavaEE and Maven improvements, and more. " You can download NetBeans from it's download site as Java SE, Java EE, C/C++, PHP or everything bundles. You can read the Oracle Press Releases here .

In a web application, it can be useful to get the logged on user's name and display it within a web page, for example as a link to allow the user to edit their profile.  In a Spring Web application the username can easily be obtained in a controller and passed via a map to the user interface. To get the username in a controller class, we would use the SecurityContextHolder.getContext().getAuthentication().getPrincipal() method to get hold of the principal. We can then call the .getUsername() method to get the username of the currently logged on user. @Controller public class PageController {   @RequestMapping(method = RequestMethod.GET)   public ModelAndView handleRequest() {     User user = (User) SecurityContextHolder.getContext()         .getAuthentication().getPrincipal();     Map<String, Object> userModel = new HashMap<String, Object>();     userModel.put("username", user.getUsername());     return new ModelAndView("page", "model...