December 23, 2013
- Hibernate ORM documentation
JBoss Community Wiki
Hardening access to network services with iptables
From December 19th, customers will be able to get any eBook or Video from Packt for just $5. This sale covers every title in the 1700+ range and customers can grab as many as they like until January 3rd 2014 – more information is available at http://bit.ly/1jdCr2W.
December 21, 2013
Guide to the Secure Configuration of Red Hat Enterprise Linux 5
December 11, 2013
Today I upgraded to JBoss EAP 6.2.0, but ran into some trouble with the keystore I have. I have one for the SSL connector and one for the JBoss Vault.
To be able keep you old JBoss Vault keystore that is stored with the jks format you need to add the KEYSTORE_TYPE vault option.
December 10, 2013
I have a Broadcom Wireless Network Adapter and I had all sort of problem with the standard driver, Broadcom STA Wireless driver or wl that the module is called.
To identify which Broadcom chipset you have. Run:
To identify which modules (driver) you are using (running):
I had the STA or wl module running. To remove all possible Broadcom modules.
And to really remove the default STA or wl module, also remove the debian package. After the purge, that remove configuration files as well, I double run apt-get with remove autoremove, which will remove unused package and finally I run clean, to clean the apt-get cache. All for precaution.
Now you must test which driver/module that suites you best. I started with the b43 driver/module.
To load the new module/driver.
Now test you installation, if successful reboot and double check, that everything is working correctly..
Other possible driver are b43legacy package firmware-b43legacy-installer and LP-PHY package firmware-b43-lpphy-installer.
For more hardware commands, please read http://magnus-k-karlsson.blogspot.se/2013/01/how-to-install-atheros-ar8161-ethernet.html
December 7, 2013
For many people the first thing they have done after installing Ubuntu, was to add the Medibuntu repository. But now it is dead. See announcement Here.
But what is the impact? Not much. Ubuntu already offers most of the things that existed in Medibuntu and this only natural progress of the growth of Ubuntu.
December 5, 2013
The simplest way to manage network settings is to use the system-config-network tool or the non-graphical variant system-config-network-tui
To start, stop, status all our network devices
Other useful tools are:
|ifconfig||Display our network settings.|
|ping||Used for check network connectivity|
|route -n||Display routing and Gateway|
|traceroute||Display network routing to a host.|
|netstat -nr||Display open ports.|
Main network configuration file is /etc/sysconfig/network-scripts/ifcfg-<name>.
Local routing for e.g. localhost, but also for static routing.
Main routing configuration file. Any changes will be overwritten, unless disabled in above sysconfig network-scripts with PEERDNS=no.
- network-scripts: /usr/share/doc/initscripts-<version>/sysconfig.txt
November 27, 2013
RHEL 6 ships with a convenient network mounter service, the automounter.
To check if the automounter is running.
To use it, simply cd into the /net folder followed by nfs hostname.
The remote network share will be unmounted automatically when unused for a configurable timeout.
LVM (Logical Volume Manager) is a flexible way to handle disk space, since you can increase and decrease file systems, that is not possible to the same extent as in MBR (Master Boot Record) partitioning format.
NOTE: "It is generally recommended that you create a single partition that covers the whole disk to label as an LVM physical volume" [https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Logical_Volume_Manager_Administration/LVM_components.html#multiple_partitions]
The LVM is build up on three cornerstone.
- Physical Volume, PV
- Volume Group, VG
- Logical Volume, LV
Create a new partition with type 0x8E Linux LVM.
The Most Imported Commands
Create Physical Volume (PV), Volumme Group (VG) and Logical Volume (LV)
First lets create a new physical volume on the prerequisite partition.
Create volume group vg_test that span entire physical volume /dev/sda3
Create logical volumne with size 500 MB, named lv_test in volume group vg_test.
The lvcreate will now create a device block file in /dev/vgName/lvName that we now can create a filesystem on and mount.
Extends Logical Volume (LV)
Extend the logical volume lv_test with plus 500 MB.
Now you need to grow the file system.
Verify/test the new size of /data.
Reduce Logical Volume (LV)
When reducing a file system, you need to unmount it first.# umount /data
Then reduce the actual filesystem.
After the actual file system is reduced, we can now shrink the logical volume.
Finally test/verify, by remounting and check disk space
Extends Volume Group (VG)
First create a new physical volume.
Now lets extends existing volume group 'vg_test' with our new physical volume.
And last test/verify.
Reduce Volume Group (VG)
Remove existing volume group 'vg_test' with physical volume /dev/sda4.
- lvm(8): lvm - LVM2 tools
- pvcreate(8): pvcreate - initialize a disk or partition for use by LVM
- vgcreate(8): vgcreate - create a volume group
- lvcreate(8): lvcreate - create a logical volume in an existing volume group
- vgextend(8): vgextend - add physical volumes to a volume group
- vgreduce(8): vgreduce - reduce a volume group
- lvextend(8): lvextend - extend the size of a logical volume
- lvreduce(8): lvreduce - reduce the size of a logical volume
- resize2fs(8): resize2fs - ext2/ext3/ext4 file system resizer
LUKS (Linux Unified Key Setup) is a standard for hard disk encryption. LUKS can encrypt both partition and LVM volumes. Here I will encrypt a partition.
Creata a new partition with fdisk.
Enrypt a Partition
First we need to encrypt the partition.
Next step is to unlock the partition via luksOpen <blockDeviceFile> <luksname>. The cryptsetup will after create a new mapped blocked device file under /dev/mapper/<luksname>.
Finally we format now the unencrypted partition we a file system and mount it.
Persistently Mount Encrypted Partition
To make the mounting persisted we normally add the block device file in /etc/fstab, but with encrypted storage we also need to add the encrypted partition to the list of devices to be unlocked during system startup. That is done by adding the luksname and block device file to the /etc/crypttab.
After that extra step, normally edit /etc/fstab.
Automatically Mount Encrypted Partition
To automatically unlock a encrypted partition we need to store the password on disk, has obvious security problems, but if wanted to the following.
Now edit /etc/crypttab and add password file.
Reboot and verify, that no password is needed and that encrypted partition is mounted.
Remove Encrypted Partition
- Remove mapped block device file from /etc/fstab.
- Remove luksName from /etc/crypttab.
- unmount the mapped block device: umount /dev/mapper/luksname.
- Lock encrypted partition: cryptsetup luksClose luksname.
- cryptsetup(8): cryptsetup - setup cryptographic volumes for dm-crypt (including LUKS extension)
- crypttab(5): /etc/crypttab - encrypted block device table
- fstab(5): /etc/fstab - static information about the filesystems
November 26, 2013
The swap space is used by the OS to handle overflow for parts of the RAM that are currently not being used.
The recommended size of the swap space is depending on how much RAM you have.
- < 2GB RAM, use 2 * RAM
- >= 2GB RAM, use RAM + 2GB
How to Create a New Swap Partition
After reboot we need to format the new swap partition.
Next step is to activating it.
To verify/list current swap spaces.
To make this new swap space persistent, we need to add this new swap space to /etc/fstab.
Reboot and verify that new swap space is active.
How to Remove a Swap Partition
First deactive it.
Verify it is no longer active.
IF YOU HAVE ADDED IT TO /etc/fstab, DO NOT FORGET TO REMOVE IT FROM THERE AS WELL!
Most Linux distrobution, which is also the case with RHEL 6, uses the MBR (Master Boot Record) partitioning format. The MBR is designed to hold up to maximum 4 primary partition. If more is needed, you must use one primary as extended partition. And do not forget to let the extended partition use all remaining disk space. After creating an extended partition, you can create logical partition on the extended partiti
In a desktop RHEL, there is the graphical tool for managing our partition - palimpsest.
A never GUI tool that is maybe better is parted. The good thing with this tool is that it also can resize and copy partitions.
At the command line, you have the fdisk tool. When using the fdisk tool always use the following options:
- -c Switch off DOS-compatible mode.
- -u When listing partition tables, give sizes in sectors instead of cylinders.
Lets get started with fdisk and create a new primary partition.
After reboot you can check your new primary partition.
Now lets create an ext4 file system on the new primary partition.
And mount it.
If you want RHEL to automatically mount your new partition at boot, you need to add that to /etc/fstab. And the recommended way to identify the partition is with it's UUID.
And finally save and reboot.
November 25, 2013
1. Before inserting the USB, check which disks you already have.
2. Create a new directory under /mnt to which you will mount your USB.
3. Now insert the USB and mount it.
4. Now you are ready to read and write to your USB.
5. To unmount.
In Linux a storage device is represented by a device file in /dev/.
The three letter naming convention for storage devices in Linux are:
- s - storage
- d - disc (such as SCSI, USB, SATA), cd - cd or dvd
- litteral order character, starting with a, then b, c, etc
Example: /dev/sda (SCSI, USB, SATA), /dev/sdb (SCSI, USB, SATA), /dev/scd (CD/DVD)
These device files represent the whole drive. Each drive is partitioned into partition. The first partition receives order number one, the next one two, etc
When a new storage device is added it will receive the last character order literal, here it is b (/dev/sdb). Another way to find out the device file is to tail the dmesg log file.
Here we see that the USB was allocated device name sdb. But when you mount you mount to a partition that contains a file system. And in general, most USB only have one partition, hence sdb1.
November 24, 2013
The motive for using public/private key authentication are:
- Firstly for convinience, you no longer need to enter password (unless you encrypt your keys with password protected).
- Secondly, ones setup, you can remove password protection, which is a big cracking hole.
The remote user needs to exist on the remote server. If it does not. Create it. And at least LOGIN ONES, so that it's home directory is created. Otherwise you can eagerly created the home directory when you add the user.
Here I will use the existing user root, for simplicity.
Generate public and private keys, with NO password protection. I will here use the RSA algorithm and key length 2048 bits.
Next make sure that the ssh key directory and private key has proper file permission
The last step is to copy the client public key to the server. You can either do that manually, or with the ssh-copy-id tool. Here I will use the tool.
If you were setting up public/private key authentication for a different user, please replace root in above command with you user.
On the server side, open /etc/ssh/sshd_config and enable public/private key authentication
Then restart the ssh daemon service.
And finally verify that the keys directory and files have the proper file permission and SELinux type for your user.
Finally you need to test, to verify the installation. On the client machine switch to the user you had setup for and
Switching UserTo switch to a different user, e.g. student, run To switch to root
Most Linux distribution can be ran in 5 different runlevels. Runlevel 0 and 6 are special, which you can see below.
- 0 - Shutdown
- 1 - Single user mode, without network
- 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
- 3 - Full multiuser mode, with network.
- 4 - Unused
- 5 - X11, graphical mode with network
- 6 - Reboot
The default runlevel is set in /etc/inittab.
How to Switch Runlevels
You can switch the runlevel with init, e.g. init 3. But from the graphical mode, there is also a keyboard shortcut.
ctrl + alt + F1 - for init 1, ctrl + alt + F2 - for init 2, etc.
November 23, 2013
Working with remote file system under Linux is not hard. Below I will show how to use the two most common remote file system used:
- NFS - Network File System
- CIFS - Common Internet File System
NFSShow the NFS server’s export list. Mount. Note that the directory /remote must exist before mount, if not create it with mkdir /remotenfs. Unmount file systems
CIFS is the underlying remote file protocol used for samba server and which is the most common file server when having a mixed client environment with Windows and Linux.Install client library Show the CIFS server’s sharenames. Mount. Note that the directory /remote must exist before mount, if not create it with mkdir /remotecifs. Unmount file systems
Most Linux server runs without a graphical interface and the most sure installed editor for file is the vi editor. But getting used with vi can be a little challenging. Below I will show you the most common vi commands.
|Close without saving||:q!|
|Write and close||:wq|
|Copy line and paste line||yy + p|
|Delete line and paste line||dd + P (capital)|
|Browse to next work||w|
|Browse to previous work||b|
|Go to first line||1G|
|Go to last line||G|
The simplest file permission in Linux are the r (read), w (write), x (executable). These file permission yields for u (user), g (group) and o (other). They can be set both:
- Symbolically: +-r, +-w, +-x
- Numerically: r=4, w=2, x=1
There are three special permission: setuid, setgid and sticky. They can be both applied to files and directories, but then have different meanings.
|setuid||Only meaning for executable file: The executable file be be run as the file owner, not as the user that executes it.
|setgid||Only meaning for executable file: The executable file be be run as the file group, not as the user that executes it.||All newly created file in directory, will inherit the parent directory group permission.|
|sticky||No effect.||All files created with a user that have write permission for a specific file can only remove that file, except for root.
To set the special permission:
- Symbolically: setuid=u+s, setgid=g+s, sticky=o+t
- Numerically: setuid=4, setgid=2, sticky=1
October 17, 2013
Before and after Oracle was buying Sun, the development of the Java language slowed down. But now Oracle is picking up speed. The Java Enterprise Edition 6 was released in December 2009 but now this summer, EE 7 was released. Not bad. So if you want to get up to speed with the new feature in EE7 and read ebooks the Packt Publishing is having a 50% sales on all its ebooks, so feel free to check it out on http://bit.ly/1bqvB29 and use the discount code COL50.
October 3, 2013
The Java Enterprise Edition has changed a lot from previously making heavy usage of XML configuration and now using Annotation instead, which leaves XML files almost empty compared to older EE version. But all these changes is also a headache to developers that must keep track of the different version in the different EE version. A good summary site for that is
and for JPA
And another good reference site for JPA is
At work I usually work at the server side which means in most cases for Java project, working with some sort of Linux distro. One popular Linux distro for server are Red Hat Enterprise Linux, RHEL. But using RHEL is not meant for using at the client side. And the closest thing to RHEL at the client is Fedora (both supported by Red Hat).
It's been a while since I used Fedora and a lot have happened. And for you guys out there that are starting to use Fedora or any other Linux distro that are using GNOME, I can warmly recommend this easy to use site:
On this site you can easily install and configure GNOME 3 tweak, such as my favorite Dash to Dock - https://extensions.gnome.org/extension/307/dash-to-dock/. Which is my first GNOME tweak I installed after installing Fedora 19.
In the last day I had the pleasure to read a beginners book for Apache Wicket 6 - Instant Apache Wicket 6 http://bit.ly/15w4LEI. The book is good, it takes the reader through the most imported steps to get started with Apache Wicket. Such as creating a new project, how to use the fast jetty web server to view your wicket pages and maybe the most imported thing. How to debug a wicket application with Eclipse IDE. So if you are looking for a beginners book for Apache Wicket 6 I can recommend this book.
But with all beginners book you should always be a little careful when completely copying beginners example code into your production code. Such an example in this book is the login example. Creating safe login code is actually a little tricky and requires extra care. Things that you must take into consideration when creating login code are:
- Login pages must be completely stateless, which means ones submitted from the client, they must be totally forgotten. You do not want sensitive data, such password, be accessible when clicking browse back. Or be kept in server session cache. Apache Wicket is out-of-box almost always stateful.
- Paying extra care of session management is always imported. Use cookie to store client session id and not URL, which are cached in web server log, proxy log, client web browser history, etc.
- Always set session timeout.
- Make cookie not accessible for other sites client script, which you hinder by using http only flag.
- And of course always use SSL, even for login pages.
Above is just a handful of things that you should pay attention to when developing security code.
I'm a great Wicket fan and wicket have a lot of ready to use graphical component, such DatePicket, Paginated List, Sortable List, Multiple File Upload, etc. You can see a lot of them in action on http://www.wicket-library.com/wicket-examples/index.html.
Also if you need more Wicket component, look at the different wicketstuff project. To get an overview on them all search maven central repo at http://search.maven.org/#search|ga|1|org.wicketstuff.
August 22, 2013
Here I will describe how to configure a MySQL 5 DataSource for JBoss EAP 6.
Install MySQL JDBC Driver as JBoss EAP 6 Module
Create a new directory under modules and a new module.xml file.
Download the MySQL JDBC driver and put it in the same catalog as module.xml. If necessary correct resource path below, with the downloaded jdbc driver file name.
If this is a server installation make sure that the new directories and files get the right permission.
Configure JBoss EAP 6 DataSource
Here we will use JBoss EAP 6 in standalone mode, but if you like to use the domain mode, the configuration is the same. Open $JBOSS_HOME/standalone/configuration/standalone.xml.
August 21, 2013
In this blog I will show you how to configure a simple JAAS login module, that holds username, passwords and roles in properties file. The login module for this job is org.jboss.security.auth.spi.UsersRolesLoginModule.
Finding the correct source code and documentation for the JBoss EAP 6 login modules, can be a bit tricky and the reason for that, is that the concrete implementation for them are hosted in the sister project Picketbox. For example the exact version that is shipped with JBoss EAP 6.1.0 is 4.0.17.Final-redhat-1. And the jar is located under $JBOSS_HOME/modules/system/layers/base/org/picketbox/main/.
The UsersRolesLoginModule has more to offer than I will show you here, and that is to store the password scrambled and not in clear text. But since the UsersRolesLoginModule is merely for test purpose, I will leave that out here.
I will use JBoss EAP 6 in standalone mode, which means that the JBoss configuration file is $JBOSS_HOME/standalone/configuration/standalone.xml. Open it and add the below JAAS security-domain.
Create Users and Assing Roles
Creating users and theirs associated roles are easy since them are located in clear plain text files located under $JBOSS_HOME/standalone/configuration/. Here I will only create one user and one role, but you can create as many as you please.
The easiest way to test the security, is to either take an existing war project or create a new zip file add a welcome file (index.html), web.xml and jboss-web.xml. Either way the relevant configuration for the web.xml is below.
And the relevant portion in jboss-web.xml.
August 20, 2013
In this blog I will show you how to change, the default persistence mechanism in Apache ActiveMQ 5.8.0 from KahaDB to instead use a RDBMS. And here I will use MySQL 5, but ActiveMQ supports most of the major vendor of RDBMS.
Install MySQL JDBC Driver
Download driver from maven central repo:
Copy to $ACTIVEMQ_HOME/lib/optional/.
Create ActiveMQ database
Log into mysql and create ActiveMQ database.
Configure MySQL as persistence storage
Open the ActiveMQ configuration, $ACTIVEMQ_HOME/conf/activemq.xml, and add mysql datasource, comment/remove the default KahaDB and finally add the RDBMS persistence adapter.
Now we are ready to test the installation. Restart activemq and check the activemq log for errors, $ACTIVEMQ_HOME/data/activemq.log.
You can also open the activemq web console, to verify that things are working:
Now lets really test the installation from the activemq web console you can send message. From the web console click Send and choose to send a text message to a new queue.
Afterwards we can check that the message is sent to the queue, by clicking on Queue and our new queue foo.bar. And there see your text message.
You could also verify that the message is really persistent in MySQL by querying your database.
August 18, 2013
In this blog I will show you how to setup ActiveMQ resource adapter in JBoss EAP 6 and then test different redelivery policies.
Before we begin, we need to download the latest Apache ActiveMQ binaries and unzip it. To start, stop and check status we use the activemq script located in the bin folder.
After started the ActiveMQ, we can test the installation by open a web browser and open http://localhost:8161/admin/. The default username is admin and default password is admin.
Now we need to configure JBoss. In this blog we will use JBoss EAP 6.1.0. Download it and unzip it.
The next thing we need to do is to download the Apache ActiveMQ resource adapter. You can find it from maven central repo – http://search.maven.org/remotecontent?filepath=org/apache/activemq/activemq-rar/5.8.0/activemq-rar-5.8.0.rar.
JBoss EAP 6 can be run in two different modes – standalone and domain mode. In this blog we will be using standalone mode, but if you need to run JBoss in domain the below configuration is basically the same.
Now deploy the resource adapter to $JBOSS_HOME/standalone/deployment
Now we are ready to configure JBoss. Open $JBOSS_HOME/standalone/configuration/standalone.xml
The last thing we also need is to configure mdb support for the standalone configuration.
Now we are to test the installation. We do that by creating a simple MDB, that prints out incoming JMS messages and then rollbacks the MDB transaction.
As test client we can send jms message from the ActiveMQ web console
Below follows different test results for different redelivery configuration
InitialRedeliveryDelay=1000 MaximumRedeliveries=5 RedeliveryUseExponentialBackOff=false RedeliveryBackOffMultiplier=5 18:57:51,140 INFO [stdout] (default-threads - 2) mdb recieved, redelivered=false 18:57:52,220 INFO [stdout] (default-threads - 3) mdb recieved, redelivered=true 18:57:53,256 INFO [stdout] (default-threads - 4) mdb recieved, redelivered=true 18:57:54,296 INFO [stdout] (default-threads - 5) mdb recieved, redelivered=true 18:57:55,334 INFO [stdout] (default-threads - 6) mdb recieved, redelivered=true 18:57:56,365 INFO [stdout] (default-threads - 7) mdb recieved, redelivered=true ----------------------------------------------------------------------------------------------- InitialRedeliveryDelay=1000 MaximumRedeliveries=5 RedeliveryUseExponentialBackOff=true RedeliveryBackOffMultiplier=5 19:55:21,453 INFO [stdout] (default-threads - 2) mdb recieved, redelivered=false 19:55:26,495 INFO [stdout] (default-threads - 3) mdb recieved, redelivered=true 19:55:51,503 INFO [stdout] (default-threads - 4) mdb recieved, redelivered=true 19:57:56,510 INFO [stdout] (default-threads - 5) mdb recieved, redelivered=true 20:08:21,516 INFO [stdout] (default-threads - 6) mdb recieved, redelivered=true 21:00:26,523 INFO [stdout] (default-threads - 7) mdb recieved, redelivered=true delta1 = 5s (calculated value 1*5) delta2 = 25s (calculated value 5*5) delta3 = 125s (calculated value 25*5) delta4 = 625s (calculated value 125*5) delta5 = 3125s (calculated value 625*5) ----------------------------------------------------------------------------------------------- InitialRedeliveryDelay=2000 MaximumRedeliveries=5 RedeliveryUseExponentialBackOff=true RedeliveryBackOffMultiplier=5 22:28:52,542 INFO [stdout] (default-threads - 2) mdb recieved, redelivered=false 22:29:02,598 INFO [stdout] (default-threads - 3) mdb recieved, redelivered=true 22:29:52,604 INFO [stdout] (default-threads - 4) mdb recieved, redelivered=true 22:34:02,609 INFO [stdout] (default-threads - 5) mdb recieved, redelivered=true delta1 = 10s (calculated value 2*5) delta2 = 50s (calculated value 10*5) delta3 = 250s (calculated value 50*5) -----------------------------------------------------------------------------------------------
July 10, 2013
In the latest Ubuntu 13.04, the Ubuntu team has upgraded the MTP support, so you now can connect you mobile phone with Ubuntu. But if you are looking for a more stable version of Ubuntu, I recommend that you use a LTS (Long Term Support) version. Which currently is version 12.04.
But when using 12.04, it lack the Android 4 support. But that can be fixed with following the instruction found here http://www.webupd8.org/2013/01/upgrade-to-gvfs-with-mtp-support-in.html.
June 13, 2013
Configure High-Availability Clustering using TCP Unicast with JBoss EAP 6, HTTPD, mod_cluster on RHEL 6
In my previous blogs I have written about HA in JBoss EAP 6 with Apache Webserver (httpd) and that is all done with UDP multicast. In this blog I will show you how to do it with TCP unicast.
In this example we are going to run all JBoss EAP server on the same machine and we are using standalone mode for simplicity reason. But the same apply if you want to run domain mode.
First configure JGroups to use TCP unicast.
Secondly we need to configure modcluster subsystem in JBoss EAP 6 and set advertise="false" and proxy-list="127.0.0.1:80".
Now lets restart Apache Webserver (httpd) and start two JBoss server. And last you must deploy a clusterable application.
June 12, 2013
Add Server to ServerGroup
Remove Server from ServerGroup
Manage Server on ServerGroup
June 8, 2013
Hostname is usually set when installing the machine, but sometime you need to change it.
To print current set hostname
To temporarily change the hostname.
$ hostname server99.example.com
To permanently change the hostname, edit the /etc/sysconfig/network and set the HOSTNAME property.
After saving the configuration, you will need to reboot your machine.
On test laptops you are not always interesting in having all security enabled, e.g. when developing or testing a applications. And that is true for SELinux.
To see if SELinux is active
To temporarily disable SELinux - 1 (enable) or 0 (disable).
To permanently disable SELinux, edit /etc/selinux/config and set SELINUX=disabled.
After saving you need to reboot your machine.
This solution only works for JBoss EAP 6.0.1 and higher
JBoss ships with a own logging framework and which is used via the org.jboss.logging.Logger class. I myself tend to like to use standardized solution, which is for me - log4j.
Log4j ships with some Appenders, but one especially useful for a Linux environment is SyslogAppender. Here I will show you how to setup log4j org.apache.log4j.net.SyslogAppender with JBoss EAP 6.0.1.
Log4j already is shipped with JBoss, so binaries are required for installation. The configuration is either done in standalone.xml or domain.xml.
In the above configuration I'm using a local rsyslog server listening on UDP port 514. The log4j does not have a Syslog Appender that supports TCP. To test this configuration I'm using RHEL 6 and in a default installed RHEL an UDP listener is not default configured. To activate it, open /etc/rsyslog.conf and uncomment the below.
Now restart rsyslog with:
Now start JBoss and watch logging messages in the default log rsyslog message file.
After verified the Syslog Appender, you probably want to separate JBoss logging to a separate file. How to configure that is out of the scoop for this blog, but a simplistic configuration in /etc/rsyslog.conf is:
After modification, restart rsyslog and rsyslog will automatically create the new log file.
June 7, 2013
When installing RHEL 6 with Desktop, you might not get all of the administration tool installed from the beginning. A common tool that is often forgotten is the Printing Configuration tool. To install do the following:
After you can open the printer configuration from System -> Administration -> Printing.
June 3, 2013
You can get a complete list of all Apache Wicket books here http://wicket.apache.org/learn/books/.
And if you want another book I would recommend Wicket in Action.
Another good starting point is to run the components examples (http://www.wicket-library.com/wicket-examples/index.html) on the Apache Wicket page and read the Reference Wiki pages - https://cwiki.apache.org/WICKET/reference-library.html.
The next step if you have not already done that is to start writing codes. When doing so it is good to knew that there is a very good mailing list group for Apache Wicket, which I recommend to search in, if you get stuck - http://wicket.apache.org/help/.
May 21, 2013
So how do we achieve that with JBoss 7 and EAP 6? The shipped solution is JBoss Vault. Here follows a link of using it - https://community.jboss.org/wiki/JBossAS7SecuringPasswords. A note of the example, that you might want to consider:
- The key length of 1024 bytes is quite weak, consider using a longer key.
- You probably want to increase the default validity period, with the -validity flag.
"The default implementation of the vault utlizes a Java KeyStore. Its configuration uses Password Based Encryption, which is security by obscurity. This is not 100% security. It only gets away from the problem of clear text passwords in configuration files. There is always a weak link. (As mentallurg suggests in the comments, the keystore password is the weakest link)."
"Ideally, 3rd party ISV robust implementations of Vaults should provide the necessary security."
And maybe the most obvious question is how to make it stronger. And Red Hat answer that also on the same page. Store the keystore on an external USB device which you mount on bootup and then remove it. Or use a stronger third party solution.
- Open Preferences dialog, by clicking Edit -> Preference. See picture 1.
- In first tab select the lowest option Show only folders
- In the second tab select Always open in browser windows. See picture 2.
If you want more extensions to Nautilius, check out the Nautilius extensions page - https://live.gnome.org/Nautilus/Extending.
May 16, 2013
When writing simple web application you might not want to bother to use some web framework and simply use simple JSP and Servlet. This has been the case for me recently, but there is of course pitfalls with that as everything else in life. And one of those is to handle character encoding.
In you JSP be sure you use the below encoding settings:
These encoding settings are important if you are planning to pass get parameters in the URL and those parameters might contain character not covered in ISO-8859-1 character table. You should here be aware of how the HTTP work, that it is stateless by design, which means that the server has no way of knowing how to interpret the url-encoded GET parameters, so it assumes ISO-8859-1.
The next gotcha is when I JSP call a Servlet. Here again the server has no way of knowing how to interpret the url-encoded GET parameters, therefore you must explicitly tell the server how to url encode the passed parameters. That is done via the methods.
If you are planning to send direct HTML response from the Servlet, do not forget to set the response content type.
May 14, 2013
The following packages have unmet dependencies:
maven : Depends: libwagon2-java (>= 2.2-2) but it is not going to be installed
I searched the official Ubuntu bug report site, https://bugs.launchpad.net/ubuntu/ and found the solution.
March 16, 2013
To begin with whenever you are searching for information about Ubuntu always start with a recognized site and a recognized site is http://askubuntu.com.
After that said now install IE. To begin with you need to install a platform to run you IE and the successor for Wine is PlayOnLinux (PlayOnLinux website). You install it by using Ubuntu Software Center.
Before installing make sure you have a working Internet Connection.
After successfully installed PlayOnLinux start it and you can install IE by clicking on the Install button from the toolbar and then search for 'Internet Explorer'.
February 28, 2013
The most popular system language for an operating system is English when working as a system developer, but when it comes to writing document you probably need a local language spelling package. And in me previous blog I have written how to install swedish spelling package for LibreOffice, but with Ubuntu 12.10 there is a better way. Install the spelling checking package as debian package.
Afer installation you need to restart LibreOffice. Then you need to make LibreOffice aware of the the new spelling package. You do that by open Tools -> Options... -> Language Settings -> Writing Aids
Now you can change spelling checking for text or the complete document via Tools -> Language
February 24, 2013
To get more information about certified hardware for Ubuntu, please look at the Ubuntu homepage:
Component catalog: http://www.ubuntu.com/certification/catalog/
Certified hardware: http://www.ubuntu.com/certification/
February 19, 2013
- Open a new tab and enter about:config.
- Enter in the search field browser.tabs.warnOnCloseOther.
- Now double click on the browser.tabs.warnOnCloseOther row to turn its value to false.
January 30, 2013
Oracle has announced that the end of life (EOL) of Java SE 6 has been set to February 2013. Which means that if you have not already upgraded to Java SE 7, now is the time. You can read more about the Oracle Java SE Support Roadmap here.
And for you folks that think that Java SE 7 is a new thing, well, I'm afraid that you are poorly updated. The Java SE 7 was released in February 2011.
January 19, 2013
If you have graphical interface for Ubuntu, you probably want to run synaptic, but sometime you don't and then it is good to know you Debian packages commands.
Update local cache of available packages
Search after package
Find out if a package is installed
To install package
Get information about installed packaged