1. what are the tools available receiving tickets or incidents?
2. what are tools available to interact with server system?
3. what is the difference between weblogic and websphere?
4. what is the difference between websphere5.x,6.x?and what are extra features added in 6.x?
Thursday, December 25, 2008
Wednesday, December 24, 2008
Managing self-signed certificates (Sun Solaris)
In a development environment you may have to interact with self-signed certificates, which are used to secure the services you offer. To communicate with a secured service that presents a self-signed certificate, a client imports the certificate into a local truststore or certificate database. When I import a certificate, usually have to refer to the relevant man pages .... but I've done it enough times that jay decided to create a utility to automate the process. Here's a java CertificateManager netbeans project that can be used to import a self-signed certificate from a remote host into a java keystore of your choice.
Usage: java -jar CertificateManager.jar -url https://{hostname}:{port} [-keystore {keystore}] [-pw {password}]
default keystore: ${java.home}/lib/security/cacerts
default pw: changeit
In order for the CertificateManager to accept self-signed certificates itself, I found the very useful SSLUtilities.java class.
If you work with sun ldap/ssl directory server configurations that use self-signed certificates, you will know that the certificates used by ldap are stored in the mozilla-style certificate database, commonly created at /var/ldap on a native ldap client. The certutil command is used to administer the ldap certificate database; you can add your java keystore certificate to the ldap certificate database as follows:
# Import remote self-signed certificate into local java keystore
java -jar ../tools/CertificateManager.jar -url ${url} -keystore ${ks} -pw ${pw}
# export certificate in rfc-form for import into certificate database
keytool -list -rfc -keystore ${ks} -storepass ${pw} > selfsigned.pem
# import into /var/ldap certificate database
/usr/sfw/bin/certutil -A -n "${alias}" -i selfsigned.pem -a -t CT -d /var/ldap
Usage: java -jar CertificateManager.jar -url https://{hostname}:{port} [-keystore {keystore}] [-pw {password}]
default keystore: ${java.home}/lib/security/cacerts
default pw: changeit
In order for the CertificateManager to accept self-signed certificates itself, I found the very useful SSLUtilities.java class.
If you work with sun ldap/ssl directory server configurations that use self-signed certificates, you will know that the certificates used by ldap are stored in the mozilla-style certificate database, commonly created at /var/ldap on a native ldap client. The certutil command is used to administer the ldap certificate database; you can add your java keystore certificate to the ldap certificate database as follows:
# Import remote self-signed certificate into local java keystore
java -jar ../tools/CertificateManager.jar -url ${url} -keystore ${ks} -pw ${pw}
# export certificate in rfc-form for import into certificate database
keytool -list -rfc -keystore ${ks} -storepass ${pw} > selfsigned.pem
# import into /var/ldap certificate database
/usr/sfw/bin/certutil -A -n "${alias}" -i selfsigned.pem -a -t CT -d /var/ldap
Monday, December 22, 2008
WebSphere Security, WebSphere and Firewalls
WebSphere Security
By default, WebSphere is installed with its built-in security features disabled. You can configure and control WAS without authentication - and so can anyone else with access to the administration console or host system. WebSphere Security is a complex topic; you must read the Infocenter, the Security Redbook, and all related documents carefully before enabling it. Here is an overview of the subject.
Once enabled, WAS Security encrypts some connections in cells using SSL and limits administrative access to defined username/password combinations authenticated against a defined registry. It can also be leveraged by applications for user access control and authentication, and internal security.
WebSphere is installed with a default ("dummy") set of SSL certificates and keys. Ideally, these should be replaced with a new set generated with IBM's ikeyman utility before enabling Security. The certificate sets have to be installed on each node in a cell and any Web servers that use the HTTP Plugin to communicate with the cell.
WebSphere can use either the local OS password file, an LDAP server, or a custom registry to retrieve authentication details. Sample code is provided for a file-based custom registry, but IBM doesn't recommend using it in a production deployment.
WAS ND can only use LDAP or a custom registry for authentication. All nodes in the cell have to be able to access the registry.
WebSphere doesn't support replicated LDAP servers (you can only specify a single LDAP server address). Any LDAP server you use has to have a transparent high-availability mechanism.
Once Security is enabled, a user name and password must also be given as arguments when using wsadmin or the command scripts. If you write shell scripts around them to run unattended, you'll have to embed the user name and password details in them. Obviously, this makes such information less secure (although user actions can be restricted to one of four defined roles).
WebSphere products install with global file read permissions. However, many of the files within them should be protected from general user access, including the configuration repository (config/), the SSL key files (etc/), and possibly the logs (logs/). This means changing the default file permissions manually.
If the HTTP Plugin configuration file is automatically generated, it will include the URI for the administration console. You do not want this to be accessible on a production Web server. Copy and edit the file to remove it, and include an ACL rule on your Web servers blocking all external access to /admin/*.
It's worth considering whether careful firewalling and IP access controls that limit connections to a small defined set of addresses can effectively control administrative access without having to enable WAS Security with its attendant overheads and complexities. This is particularly true if your application uses its own authentication system rather than relying on WebSphere to provide security.
Minimum Security RecommendationThe following configuration enables the minimum amount of WAS Security, mainly to protect the administration functions, without significant overhead. It may not be sufficient for production environments.
Using the file-based custom registry example, create a flat file containing defined users for the Administrator and Operator roles. Use the former for the Administration Console and the latter for scripts that control WAS. Copy the file to all nodes in the cell and make sure that only the user ID under which WAS runs has read access. If you have an existing resilient LDAP infrastructure, you may want to use that instead.
Enable WAS Global Security and configure the registry details for the chosen method.
Run WAS processes under a non-root account with limited access rights and privileges. (See the Infocenter topic "Running the application server with a non-root user ID." This can also be done for the WAS ND Deployment Manager.)
Limit access to the WAS configuration, application, and log files using normal Unix file permissions and ownerships.
WebSphere and Firewalls
WebSphere Application Server on a single node is reasonably simple to firewall; just make sure that the Web server can reach the application server HTTP and HTTPS ports, and the application server can reach any backend services such as databases. Ideally production application servers and Web servers should be on separate, dedicated network segments in demilitarised zones (DMZs).
In a distributed cell with the deployment manager firewalled from the application nodes (which is recommended), a number of ports must be opened up between the two. Regrettably, this includes the default administration console port (9090), since it's shared with the filetransfer application that the application servers use to pull data. Hence you may still need WebSphere Security to protect the console (e.g., in the event of the application servers being compromised).
In a distributed cell with the deployment manager firewalled from the application nodes (which is recommended), a number of ports must be opened up between the two. Regrettably, this includes the default administration console port (9090), since it's shared with the filetransfer application that the application servers use to pull data. Hence you may still need WebSphere Security to protect the console (e.g., in the event of the application servers being compromised).
Table 1 shows the TCP ports that must be opened between node agents and the DMgr for management and initial node federation, together with the default port numbers following a standard installation. You should confirm the port assignments by examining the serverindex.xml files in the WAS configuration repository, or the details for each server in the administration console. Additional ports may be required when WAS Security is enabled.
Saturday, December 20, 2008
Design concepts (Java Concepts)
What's the difference between abstraction and encapsulation?
A: Abstraction and encapsulation are two quite separate concepts in Java. Abstraction is a technique that is used to represent common functionality amongst a set of classes. An analogy is to look at a set of vehicles: Car, Truck and Bus have some common features that all road vehicles share. From a Java perspective, the mechanics of turning four wheels, an engine, could be handled in abstract form through a common superclass. Abstraction allows subclasses to share common code without duplication.
What is the difference between static and dynamic polymorphism?
A: The term static polymorphism is associated with overloaded methods because it gives the impression that a single named method will accept a number of different argument types. The System.out.println() method is an example that may take String or Object references, boolean and other primitive types as an argument. In fact, each overloaded method is separate and the compiler can see the difference between them. In this case, the argument types are fixed at compile time and are considered static. This has nothing to do with the Java keyword static.
Dynamic polymorphism is where a class overrides a superclass method or implements an interface. For example, any class may override the Object.toString() method and provide its own implementation, and this is known at compile time. However, for a simple Java program that instantiates a series of objects and calls their toString() method, the compiler does not consider the object references differently. Any differences in the objects' toString() implementations are only seen at runtime, so they are considered dynamic.
Is println overloading or overriding?
A: The PrintWriter println() method is an example of overloading because several methods in the class have the same name and return the same type. In this case, println(boolean), println(int) and println(String) all have the same basic method name, "println", and all return void. The only part of the method signature that varies is the type of the argument (including none), which is enough for the Java interpreter to identify the appropriate method to call at runtime.
Does the order of the operands in == matter?
A: With this sort of question it is often easiest to try it yourself and see. You will find that single boolean comparisons are equivalent whichever way round you have the values.
From a reader's point of view most people would put the "unknown" variable first because it is the subject of the comparison, but syntactically it does not matter.
if (a == 10) { }
What are keywords and reserved words?
A: Java keywords are standard English words that have a special meaning in the Java programming language. Keywords include class, interface, abstract, public, static and final, which are used to declare the type and nature of Java compilation units. The statements used to define variables and method bodies include keywords new, return, if, while and throws. These words are interpreted by the Java compiler and used to produce byte code that can be run as a program.
A: Abstraction and encapsulation are two quite separate concepts in Java. Abstraction is a technique that is used to represent common functionality amongst a set of classes. An analogy is to look at a set of vehicles: Car, Truck and Bus have some common features that all road vehicles share. From a Java perspective, the mechanics of turning four wheels, an engine, could be handled in abstract form through a common superclass. Abstraction allows subclasses to share common code without duplication.
What is the difference between static and dynamic polymorphism?
A: The term static polymorphism is associated with overloaded methods because it gives the impression that a single named method will accept a number of different argument types. The System.out.println() method is an example that may take String or Object references, boolean and other primitive types as an argument. In fact, each overloaded method is separate and the compiler can see the difference between them. In this case, the argument types are fixed at compile time and are considered static. This has nothing to do with the Java keyword static.
Dynamic polymorphism is where a class overrides a superclass method or implements an interface. For example, any class may override the Object.toString() method and provide its own implementation, and this is known at compile time. However, for a simple Java program that instantiates a series of objects and calls their toString() method, the compiler does not consider the object references differently. Any differences in the objects' toString() implementations are only seen at runtime, so they are considered dynamic.
Is println overloading or overriding?
A: The PrintWriter println() method is an example of overloading because several methods in the class have the same name and return the same type. In this case, println(boolean), println(int) and println(String) all have the same basic method name, "println", and all return void. The only part of the method signature that varies is the type of the argument (including none), which is enough for the Java interpreter to identify the appropriate method to call at runtime.
Does the order of the operands in == matter?
A: With this sort of question it is often easiest to try it yourself and see. You will find that single boolean comparisons are equivalent whichever way round you have the values.
From a reader's point of view most people would put the "unknown" variable first because it is the subject of the comparison, but syntactically it does not matter.
if (a == 10) { }
What are keywords and reserved words?
A: Java keywords are standard English words that have a special meaning in the Java programming language. Keywords include class, interface, abstract, public, static and final, which are used to declare the type and nature of Java compilation units. The statements used to define variables and method bodies include keywords new, return, if, while and throws. These words are interpreted by the Java compiler and used to produce byte code that can be run as a program.
Design patterns (Java Concepts)
What is a singleton?
A: A singleton class is one in which instantiation is restricted to ensure that only one instance is created for the current Java Virtual Machine. Singletons usually have a private default constructor, to prevent direct instantiation, and a static method to obtain a "new" reference to the single instance. On its first call, the static instance method creates the object using a private constructor and stores a static reference to it for all subsequent calls.
What happens to singletons when two JVMs are running?
A: There is only one instance of a true singleton in a single virtual machine. If two virtual machines are running, two separate and independent instances of a singleton exist. If the singleton in question is governing access to the same system resource, there may be conflicts between the two systems, which is why the singleton design pattern is not ideal in this scenario
How do I format my price correctly?
A: Whenever you need to represent quantities that have specific formatting and equivalence requirements, it is best to use the Quantity design pattern. For a Money type, you can associate a Currency with the amount and can deal with all rounding issues in one class. Your money and currency types can then use generic rendering methods to show the amount however you choose.
What is a factory method?
A: A factory method is typically used to obtain a new instance of a class, which may be one of several alternate implementations. The return type of a factory method is an interface or superclass type, which gives it the freedom to govern the actual class that is returned through polymorphism. This design pattern enables the factory to control and encapsulate the logic used to decide which instance to return.
How should I create an immutable class?
A: An immutable class is one whose field values cannot be altered after instantiation, so all variable values must be assigned in the constructor and may therefore be declared final. By definition an immutable class should not have any modifier methods, but you must also be careful that the constructor and accessor methods do not expose mutable field references.
A: A singleton class is one in which instantiation is restricted to ensure that only one instance is created for the current Java Virtual Machine. Singletons usually have a private default constructor, to prevent direct instantiation, and a static method to obtain a "new" reference to the single instance. On its first call, the static instance method creates the object using a private constructor and stores a static reference to it for all subsequent calls.
What happens to singletons when two JVMs are running?
A: There is only one instance of a true singleton in a single virtual machine. If two virtual machines are running, two separate and independent instances of a singleton exist. If the singleton in question is governing access to the same system resource, there may be conflicts between the two systems, which is why the singleton design pattern is not ideal in this scenario
How do I format my price correctly?
A: Whenever you need to represent quantities that have specific formatting and equivalence requirements, it is best to use the Quantity design pattern. For a Money type, you can associate a Currency with the amount and can deal with all rounding issues in one class. Your money and currency types can then use generic rendering methods to show the amount however you choose.
What is a factory method?
A: A factory method is typically used to obtain a new instance of a class, which may be one of several alternate implementations. The return type of a factory method is an interface or superclass type, which gives it the freedom to govern the actual class that is returned through polymorphism. This design pattern enables the factory to control and encapsulate the logic used to decide which instance to return.
How should I create an immutable class?
A: An immutable class is one whose field values cannot be altered after instantiation, so all variable values must be assigned in the constructor and may therefore be declared final. By definition an immutable class should not have any modifier methods, but you must also be careful that the constructor and accessor methods do not expose mutable field references.
Object design (Java Concepts)
Object design
What's the difference between a class and an object in Java?
A: A Java class is a definition or model of an object type. A class has a specific set of fields, methods and constructors with distinct argument types. Any object that fulfils a class definition directly or by inheritance has a set of properties and behaviour that is common to all instances of the class. In this sense, a class is like a set of things that are alike.
In Java concrete classes also provide a code implementation that can be instantiated to create an object reference. An instance of a class directly fulfils the its own definition, it also fulfils any superclass definitions too.
The Java Virtual Machine creates static references to classes when it runs a Java program. Classloaders make the public static fields and methods of classes available to the runtime system whether any instance exists or not. When a constructor is called, the class returns an instance of the object it represents.
What is an object in Java?
A: In Java the Object class is the ultimate superclass of every other object type. All objects are extended from the Object class, either directly or by inheritance through any number of parent classes. If a class does not explicitly extend any named class, it implicitly extends the Object class. An object with a small o is the word used to describe an instance of a Java class.
What is the difference between a method header and its signature?
A: A Java method header is the whole declaration statement for a method before its curly braces. The header includes the method's visibility modifier, return type, arguments and exceptions, as below.
public final String getDetails(final File file,
final String key) throws IOException
A Java method signature is the method name and parameters only. The order of the parameters is significant because they may distinguish overloaded methods by the same name.
getDetails(File, String)
Can I use the same variable name in two methods?
A: It is possible to use the same variable names for method local variables in two separate methods. However, all variables in a single method must have different names.
public class MethodLocalVariables {
void testOne() {
int test;
}
void testTwo() {
int test;
}
}
Can objects be used in place of arrays?
A: Yes, sometimes it is sensible to use an object to carry other object references instead of an array. For instance, you could issue an object as the return value of a method that must return multiple object references.
What's the difference between equals and ==?
A: The Java == operator is used to compare primitive values such as int, long and boolean for equality; whether the variables, values or expression on either side of the operator equate to the same value.
What's the difference between a class and an object in Java?
A: A Java class is a definition or model of an object type. A class has a specific set of fields, methods and constructors with distinct argument types. Any object that fulfils a class definition directly or by inheritance has a set of properties and behaviour that is common to all instances of the class. In this sense, a class is like a set of things that are alike.
In Java concrete classes also provide a code implementation that can be instantiated to create an object reference. An instance of a class directly fulfils the its own definition, it also fulfils any superclass definitions too.
The Java Virtual Machine creates static references to classes when it runs a Java program. Classloaders make the public static fields and methods of classes available to the runtime system whether any instance exists or not. When a constructor is called, the class returns an instance of the object it represents.
What is an object in Java?
A: In Java the Object class is the ultimate superclass of every other object type. All objects are extended from the Object class, either directly or by inheritance through any number of parent classes. If a class does not explicitly extend any named class, it implicitly extends the Object class. An object with a small o is the word used to describe an instance of a Java class.
What is the difference between a method header and its signature?
A: A Java method header is the whole declaration statement for a method before its curly braces. The header includes the method's visibility modifier, return type, arguments and exceptions, as below.
public final String getDetails(final File file,
final String key) throws IOException
A Java method signature is the method name and parameters only. The order of the parameters is significant because they may distinguish overloaded methods by the same name.
getDetails(File, String)
Can I use the same variable name in two methods?
A: It is possible to use the same variable names for method local variables in two separate methods. However, all variables in a single method must have different names.
public class MethodLocalVariables {
void testOne() {
int test;
}
void testTwo() {
int test;
}
}
Can objects be used in place of arrays?
A: Yes, sometimes it is sensible to use an object to carry other object references instead of an array. For instance, you could issue an object as the return value of a method that must return multiple object references.
What's the difference between equals and ==?
A: The Java == operator is used to compare primitive values such as int, long and boolean for equality; whether the variables, values or expression on either side of the operator equate to the same value.
Language features (Java Concepts)
Language features
Is Java a fully object oriented language?
A: Java is an object oriented language, but there is no standard that defines a "fully" object oriented language, it is a matter of definition and opinion
What are Java types are available?
A: There are two main divisions of data types in Java: object and primitive types. Object types are declared according to their class.
Object object = new Object();
Objects can also be cast to a more general superclass or interface type. This is known as polymorphism, which means the object behaves like, and can be treated as, an instance of the more general type.
// Type cast
Object object = new StringBuffer("Example");
// Interface
Comparable object = new File("c:\Example.txt");
What's the difference between the Java versions?
A: The major release versions of the Sun Java Software Development Kit (SDK, also known as the JDK) include significant API changes that provide extra programming features built upon the core Java software platform. That means that the basic features of the Java language do not change from one release to the next, so most existing programs will run successfully when compiled with the new SDK.
Some core packages may gain additional features in new Java releases, but it is very rare for established API features to be removed, which would break backwards compatibility. Superseded or problematic API methods are usually marked deprecated before they are removed altogether, to give programmers the chance to upgrade their code to the new standard. Deprecated classes and methods can still be used to develop and run Java programs, but the compiler will issue warnings.
What is the return type in Java?
A: All Java methods must declare a return type, which may be an object reference, primitive value or void. The void return declaration means that no value is returned, control is simply returned to the calling class. Methods with non-void return types must ensure that the appropriate object reference or primitive value is returned when the method completes. The method return value is like a message and often represents a property of the object, the product of a calculation or algorithm or a text output for instance.
What's the difference between checked and un-checked exceptions?
A: A Java checked exception represents a problematic case that can be anticipated when one instantiates an object or calls a method. A typical example is when you attempt to create a file or open a URL connection, which may fail for many reasons. Checked exceptions must be declared in the throws statement of a method header, and any class that calls the method must ensure that it handles all checked exceptions that may occur.
What is dynamic method dispatch?
A: Dynamic method dispatch is the process the Java runtime system uses to determine which method implementation to call in an inheritance hierarchy. For example, the Object class has a toString() method that all subclasses inherit, but the String class overrides this method to return its string content. If a String or other object type is assigned to an Object reference using application logic, the Java compiler cannot know in advance where a call to the toString() method will be resolved, it must be determined dynamically at runtime.
Memory allocation (Java Concepts)
How do I find the size of an object in Java?
A: There is no direct management of the storage size of code that is held in memory by the Java Virtual Machine (JVM). The virtual machine manages the allocation and de-allocation of storage through an integral garbage collection system. The JVM keeps track of all object references and periodically disposes of de-referenced objects to free memory.
It is possible to check the overall memory use of a Java application with methods in the java.lang.Runtime class. The freeMemory() method returns the spare memory available to the runtime system, the totalMemory() method reports the total memory allocated to the virtual machine.
What part of memory is used for interfaces and abstract classes?
A: Interfaces and abstract classes are part of the application programming interface for the Java language, but are never instantiated in their own right when a Java program is run. Only objects are instantiated in the Java Runtime Environment (JRE) and held in a division of the program's memory allocation called the heap. Stack memory holds primitive values and the memory addresses of objects on the heap.
A: There is no direct management of the storage size of code that is held in memory by the Java Virtual Machine (JVM). The virtual machine manages the allocation and de-allocation of storage through an integral garbage collection system. The JVM keeps track of all object references and periodically disposes of de-referenced objects to free memory.
It is possible to check the overall memory use of a Java application with methods in the java.lang.Runtime class. The freeMemory() method returns the spare memory available to the runtime system, the totalMemory() method reports the total memory allocated to the virtual machine.
What part of memory is used for interfaces and abstract classes?
A: Interfaces and abstract classes are part of the application programming interface for the Java language, but are never instantiated in their own right when a Java program is run. Only objects are instantiated in the Java Runtime Environment (JRE) and held in a division of the program's memory allocation called the heap. Stack memory holds primitive values and the memory addresses of objects on the heap.
Subscribe to:
Posts (Atom)
