Effective Java Simplified

Thursday, March 20

Configuring apache mod security -Mod Security rules configuration

Below are the detailed around Mod Security configuration on apache server. Please let me know If you need any further details on that .

1. Add below configuration in httpd.conf file

LoadModule security2_module modules/mod_security2.so

LoadModule unique_id_module modules/mod_unique_id.so

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

Include /etc/httpd/modsecurity_crs/*.conf

SecAuditEngine On

#SecFilterScanPOST On

SecAuditLog logs/audit_log

2. mod_security2.so and mod_unique_id.so are modules that needs to be placed in apache modules folder

/etc/httpd/modsecurity_crs is the place where rules files exist .

We have placed below rule file at this location

Mod_security_rules.conf

--------------------------------------------------------------------------------------------------------------

SecDefaultAction "phase:1,phase:2,auditlog,logdata:'%{MATCHED_VAR_NAME}=%{MATCHED_VAR}',deny,redirect:/errorpage.html"

SecRule ARGS_NAMES "!^(post-name_)+$" "id:'1000010'"

SecRule ARGS:post-name "!^[a-zA-Z0-9_]{0,4096}$" "id:'1000237'"

-----------------------------------------------------------------------------------------

This configuration will allow only post-name attribute with alphanumeric and _ characters allowed in the value . Every other request parameter will be rejected and user will be redirected to errorpage.html

Logs captured by mod security can be viewed in logs/audit_log file.

3. I have created simple Form with GET and POST request on apache server

<html>

<body>

<h1>GET!! Test Apache Redirection</h1>

<form name='f1' method="GET" action="/getService">

Enter Your Name : <input type="text" name="name" value=""/>

<input type="submit" id="Go" value="GET Submit"/>

</form>

<h1>POST !! Test Apache Redirection</h1>

<form name='f2' method="POST" action="/postService">

Enter Your Name : <input type="text" name="post-name" value=""/>

<input type="submit" id="submit" value="Post Submit"/>

</form>

</body>

</html>

4. So in above form through GET request we are submitting form with request attribute name and through post request attribute is post-name.

post-name will pass and name will fail as name is not configured as allowed parameter in mod security rules configuration file.

Wednesday, March 19

Grizzly jax-ws file upload service and client

Server Side code :

Below file start the Grizzly server and register the uploadService class as jax-ws web service

package com.sap;

import com.sun.grizzly.http.embed.GrizzlyWebServer;

import java.io.IOException;

import javax.xml.ws.Endpoint;
import javax.xml.ws.spi.http.HttpContext;

import org.jvnet.jax_ws_commons.transport.grizzly_httpspi.GrizzlyHttpContextFactory;

public class JaxwsMain {

/**
* @param args
*/
public static void main(String[] args) {

String contextPath = "/ws";
String path = "/test";
int port = 8081;

String address = "http://localhost:"+port+contextPath+path;

GrizzlyWebServer server = new GrizzlyWebServer(port);
HttpContext context = GrizzlyHttpContextFactory.createHttpContext(server, contextPath, path);

Endpoint endpoint = Endpoint.create(new UploadService());
//endpoint.create(new UploadService());
endpoint.publish(context);

try {
server.start();

System.out.println(12121);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}




}

}

below is uploadService class that basically upload the file

package com.sap;

import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;

import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import javax.xml.ws.WebServiceException;

@WebService
public class UploadService {
/* @WebMethod
public int up(@WebParam(name="value1") int value1, @WebParam(name="value2") int value2) {
return value1 + value2;
}
*/
@WebMethod
public void upload(String fileName, byte[] imageBytes) {

String filePath = "D:/desktops/12march2014/uploads/" + fileName;

try {
FileOutputStream fos = new FileOutputStream(filePath);
BufferedOutputStream outputStream = new BufferedOutputStream(fos);
outputStream.write(imageBytes);
outputStream.close();

System.out.println("Received file: " + filePath);

} catch (IOException ex) {
System.err.println(ex);
throw new WebServiceException(ex);
}
}


}

run JaxwsMain Java class as java application . That will register the uploadService on Grizzly server\

use wsimport jax-ws utility from command line to generate the Client artifacts in Client project

This will create below files

ObjectFactory.java
package-info.java
Upload.java
UploadResponse.java
UploadService.java
UploadServiceService.java

below the Client code file that will invoke the upload service

Execute this File and pass the file to be uploaded

package com.sa;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Scanner;
import java.util.logging.FileHandler;

import javax.xml.ws.WebServiceRef;
import javax.xml.ws.soap.MTOMFeature;

public class JaxwsClient {

/**
* @param args
*/
public static void main(String[] args) {
JaxwsClient client =new JaxwsClient();
client.doTest(args);

}

public void doTest(String[] args) {

UploadServiceService service = new UploadServiceService();
UploadService port = service.getPort(UploadService.class, new MTOMFeature(10240));

String fileName = "tpd-alert-1.2.0.zip";
String filePath = "D:/desktops/12march2014/" + fileName;
File file = new File(filePath);

if (args.length >0 && null != args[0]) {
file = new File(args[0]);
} else {

System.out.println("Enter full path of file..");

String path;

Scanner scanIn = new Scanner(System.in);
path = scanIn.nextLine();

file = new File(path);

}

try {
filePath=file.getPath();
FileInputStream fis = new FileInputStream(file);
BufferedInputStream inputStream = new BufferedInputStream(fis);
byte[] imageBytes = new byte[(int) file.length()];
inputStream.read(imageBytes);

port.upload(file.getName(), imageBytes);
inputStream.close();
System.out.println("File uploaded: " + filePath);
} catch (IOException ex) {
System.err.println(ex);
}}

}

Done!!!

Composition versus aggregation Java Code example

Aggregation

Read comments in Test class to understand the scenario / Code flow

package com.sam;

class Car {
    Engine engine;

    public Car() {

        engine = Engine.getEngineInstance();

    }

    Engine getEngine() {
        return this.engine;
    }

}

class Engine {

    private Engine() {

    }

    public static Engine getEngineInstance() {

        return new Engine();
    }

    public void performAction(String str ) {

        System.out.println("Performed.."+str);
    }
}

public class Test {

    public static void main(String args[]) {

        Engine engine = Engine.getEngineInstance(); // can ncreate Engine instance ,
        // Engine can exist on its own ,
        // It can exist even without car instance

        engine.performAction("With Out Car Instance");

        Car car = new Car(); // Car class has dependency on ENgine class to perform Action
                             // But Engine Class instance can be created and used even without
                             // creating Car class instance

        car.getEngine().performAction("With Car Instance");

    }
}

composition

Read comments in Test class to understand the scenario / Code flow

package com.sam;
class Car {
    Engine engine;

    public Car() {

        engine = new Engine();

    }

    Engine getEngine() {
        return this.engine;
    }

    class Engine {

        private Engine() {

        }

        public Engine getEngineInstance() {

            return new Engine();
        }

        public void performAction(String str) {

            System.out.println("Performed.." + str);
        }
    }

}

public class Test {

    public static void main(String args[]) {

        Engine engine = Engine.getEngineInstance(); // compilation error / can not create Engine instance ,
        // Engine can not exist on its own ,
        // It can exist only with car instance

        engine.performAction("With Out Car Instance");

        Car car = new Car(); // Car class has dependency on ENgine class to perform Action
                             // SO Engine Class instance can be created only with
                             // Car class instance

        car.getEngine().performAction("With Car Instance");

    }
}

Monday, March 17

File upload Jersey Grizzly example

1. Below class is required to startup the grizzly embedded container

package com.example;

import org.glassfish.grizzly.http.server.HttpServer;
importorg.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory;
import org.glassfish.jersey.server.ResourceConfig;

import java.io.IOException;
import java.net.URI;

/**
* Main class.
*
*/
public class Main {
    // Base URI the Grizzly HTTP server will listen on
    public static final String BASE_URI = "http://localhost:8080/myapp/";

    /**
     * Starts Grizzly HTTP server exposing JAX-RS resources defined in this application.
     * @return Grizzly HTTP server.
     */
    public static HttpServer startServer() {
        // create a resource config that scans for JAX-RS resources and providers
        // in com.example package
        final ResourceConfig rc = new ResourceConfig().packages("com.example");

        // create and start a new instance of grizzly http server
        // exposing the Jersey application at BASE_URI
        return GrizzlyHttpServerFactory.createHttpServer(URI.create(BASE_URI), rc);
    }

    /**
     * Main method.
     * @param args
     * @throws IOException
     */
    public static void main(String[] args) throws IOException {
        final HttpServer server = startServer();
        System.out.println(String.format("Jersey app started with WADL available at "
                + "%sapplication.wadl\nHit enter to stop it...", BASE_URI));
        System.in.read();
        server.stop();
    }
}

As highlighted in above code this Main class will register all the web service classes lying under com.example package . SO Let us create our upload service in example package

import com.sun.jersey.multipart.FormDataParam;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;

import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

    @Path("/files")
    public class JerseyFileUpload {

        @POST
        @Path("/upload/{filename}")
        @Consumes(MediaType.MULTIPART_FORM_DATA)
        @Produces(MediaType.TEXT_PLAIN)
        public Response uploadFile(
            @FormDataParam("file") InputStream uploadedInputStream ,@PathParam("filename") String fileName) {

            System.out.println("fileName"+fileName);
           // String uploadedFileLocation = "c://uploadedFiles/" + "fileDetail.getFileName()";
            String uploadedFileLocation = "D:/desktops/12march2014/uploads/"+fileName;
            // save it
            saveToFile(uploadedInputStream, uploadedFileLocation);

            String output = "File uploaded via Jersey based RESTFul Webservice to: " + uploadedFileLocation;

            return Response.status(200).entity(output).build();

        }

        // save uploaded file to new location
        private void saveToFile(InputStream uploadedInputStream,
            String uploadedFileLocation) {

            try {
                OutputStream out = null;
                int read = 0;
                byte[] bytes = new byte[1024];

                out = new FileOutputStream(new File(uploadedFileLocation));
                while ((read = uploadedInputStream.read(bytes)) != -1) {
                    out.write(bytes, 0, read);
                }
                out.flush();
                out.close();
            } catch (IOException e) {

                e.printStackTrace();
            }

        }

    }

That was server side Code. Execute the Main.java class as java application. It will start up the Grizzly server and JerseyUpload service will be up and running.

-->

Now Lets write Client Code to call this service :

package com.sapient;

import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Scanner;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.mime.MultipartEntity;
import org.apache.http.entity.mime.content.FileBody;
import org.apache.http.entity.mime.content.StringBody;
import org.apache.http.impl.client.DefaultHttpClient;

public class JerseyClient {

    /**
     * @param args
     */
    public static void main(String[] args) {
        File file = new File("C:/Users/mkum63/Downloads/spring-framework-2.5-with-dependencies.zip");

        if (args.length >0 && null != args[0]) {
            file = new File(args[0]);
        } else {

            System.out.println("Enter full path of file..");

            String path;

            Scanner scanIn = new Scanner(System.in);
            path = scanIn.nextLine();

            file = new File(path);

        }
        HttpClient httpclient = new DefaultHttpClient();
        HttpPost httppost =
                new HttpPost("http://localhost:8080/myapp/files/upload/" + file.getName());
        FileBody fileContent = new FileBody(file);
        try {
            StringBody comment = new StringBody("Filename: " + file.getName());
        } catch (UnsupportedEncodingException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        MultipartEntity reqEntity = new MultipartEntity();
        reqEntity.addPart("file", fileContent);
        httppost.setEntity(reqEntity);
        HttpResponse response = null;
        try {
            response = httpclient.execute(httppost);
            System.out.println(response.getStatusLine().getStatusCode() == 200 ? "successful" : "Failed");
            // System.out.println(response.getStatusLine().getStatusCode());
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        HttpEntity resEntity = response.getEntity();

    }

}

This is the client .Execute this class as java application and supply the full path of the file to be uploaded.

You can keep your server files and client files on different machines.

Monday, March 3

Reading Content from a PDF file

How to extract content from a PDF file in java

Here I am extreacting last 200 characters of a PDF file.

import java.io.File;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.util.PDFTextStripper;

public class PDFReader {

/**
* @param args
*/
public static void main(String[] args) {

{
try
{
PDDocument pddDocument=PDDocument.load(new File("C:/Users/mkum63/Desktop/vit-strategic-growth-inst-sp.pdf"));
System.out.println(pddDocument.getNumberOfPages());
PDFTextStripper textStripper=new PDFTextStripper();
String text=textStripper.getText(pddDocument);
//System.out.println(textStripper.getEndPage());
System.out.println(text.subSequence(text.length()-200, text.length()));
pddDocument.close();
}
catch(Exception ex)
{
ex.printStackTrace();
}
}
}

}

Jar files required :

commons-logging-api-1.1.1
fontbox-1.2.1
pdfbox-1.3.1

Pages