RSS

Category Archives: web

How to make the java runtime to trust the certificate present by the host


URL -https://my-site.com/test

Let’s start with simple example. If you invoke above URL through your simple java application you will simply get the SSLHandshakeException because it is exposed as https endpoint and the java runtime is not going to trust the certificate that present through the URL call. So before you invoke the service you have to present the certificate to your java runtime to trust the certificate. Then when ever you call the URL it will trust the certificate. You can do this in two different ways as follows.

  1. Download and import the certificate to your java runtime certificate store.
  2. Write the code in your program to trust the certificate provided by the host.

1. Download and import the certificate to your java runtime certificate store.

First of all you have to download the certificate from the host. In order to do that you can simply go to the URL through the browser and then download the certificate to your local machine as .cer file.

In Chrome browser you can simply go to the certificate as follows and drag and drop to the local folder. I choose the https://google.com as a example.

1

2

So once you have downloaded the certificate  you should be able to use the keytool to import the certificate.

keytool -import -alias google -keystore ${PATH_TO_JDK}/jre/lib/security/cacerts -file ${PATH_TO_CERT_FILE}

You have to provide the keystore password as “changeit” unless you have customized it.

ex/

keytool -import -alias google -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home/jre/lib/security/cacerts -file /Users/dmalalan/Documents/www.google.com.cer

3

screen-shot-2017-01-14-at-11-48-44-am

2. Write the code in your program to trust the certificate provided by the host

You need to use the following code sample before you invoke the URL. This is just allow the runtime to trust all the certificates presented by the host but you need to be careful with this approach because host can present the bogus certificates.

screen-shot-2017-01-14-at-11-55-53-am

References : sample code & sample instructions

Advertisements
 
Leave a comment

Posted by on January 14, 2017 in java, Other, web

 

Tags: , , ,

JSP, Servlet, Scope variables and Init Parameters


If you are getting involved in Java EE development you have to have good knowledge about the JSP and Servlets. Servlets are server side components that provide a powerful mechanism for developing server side programs. JavaServer Pages (JSP) is a technology that helps software developers create dynamically generated web pages based on HTML, XML, or other document types.

First look at how request and response handle in servlet container. Servlet container create one instance from each servlet but its going to serve for multiple threads. See the following diagram. You can see HTTP Request comes to the container and it will create the HTTPServletRequest, HTTPServletResponse objects. Finally put those two objects in new thread and let the thread to access the instance of specified servlet.

Servlet Conatiner

According to the above process you can see we have to be careful of the thread safety of instance variable in servlet. Because each and every thread is gong to access the single Servlet instance. If you have some instance variable in the servlet which is going to modify with in the thread you have to make it thread safe.

Look at the Servlet life cycle

init() – this method is going to run only one time
service() – this method is going to run each time the request comes to the servlet. And it will identify either doGet or doPost to execute according to the request.

Servlet Life Cycle

JSP life cycle is same as Servlet, only additional thing is its going to translate to the servlet. Ultimately its acts as Servlet. JSP you can override two methods which is jspInit() and jspDestroy(). But you cannot override the jspService() method.

Lets talk about Scope variables.

1. Application Context  – In other words we can say this is servletContext. You can use servletContext to store the global data which is going to share through out the application. This is not thread safe. You can easily access this context as follows.

request.getServletContext();
request.getServletContext().setAttribute("attribute_name","value");

2. Session Context – Session management is handling by the servlet container and you can store the user specific data on session. This object is not thread safe.

request.getSession(); //going to create the session if session is not exist.
request.getSession(false); // Not going to create the session.

3. Request Attributes – You can use this scope to carry the data in server side from one resource to another. As an example while you are doing the request forwarding. This is thread safe because one request is handle by one thread.

request.setAttribute("attribute_name","value");
request.getAttribute("attribute_name"); // return the Object you have to cast it

Config Parameters

We have two different types of init parameters. One is available for the whole application and the other one is only for specific servlet. These parameters are deployment time constants. That means once the application is deployed you cannot change it. These parameters are going to declare in web.xml

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <servlet>
    <servlet-name>springmvc</servlet-name>
    <servlet-class>
            org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/config/springmvc-config.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>springmvc</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>
  <context-param>
  	<param-name>ApplicationName</param-name>
  	<param-value>ApplicationName</param-value>
  </context-param>
</web-app>

1. Global init parameter 

getServletContext().getInitParameter("ApplicationName");

2. Specified int parameter

getServletConfig().getInitParameter("contextConfigLocation");
 
Leave a comment

Posted by on October 10, 2014 in java, web

 

Tags: , , , ,

 
%d bloggers like this: