Monday, June 1, 2015

Highlighting Checkstyle Links using Maven and IntelliJ IDEA

Although IntelliJ IDEA has en excellent Maven integration, it doesn not recognize file references or file links in the output of Maven commands. One such generator of file links is checkstyle which generates an output like this:

 Now our live would be a lot easier, if we could just click on the message to fix the issue. Luckily, with a litte hack, this is possible: IntelliJ provides a possibility to define custom output filters for "External Tools". Therefore navigate to "Preferences > Tools > External Tools". Add a new one with "mvn" as command and "validate" or whatever triggers checkstyle as parameter.

Then click on "Output Filters" and a a Filter with an arbitrary name and "$FILE_PATH$:$LINE$(:$COLUMN$)?.*" as Regular Expression.

If you now choose "Tools -> External Tools -> Checkstyle" Maven will run again producing a nicely linked output:

Wednesday, May 20, 2015

Fixing Logjam for Pound

The recently discovered problem "Logjam" in TLS (or the Diffie Hellman algorithm to be exact) is also present in pound by Apsis. Especially if you're using a pre-build binary via apt-get or rpm, as the DH parameters are built into the pound binary itself.

So, to block the support of DH Export, it is enough to change or specify a "Ciphers" setting:




However, to be absolutely on the safe side, I'd recommend to compile your own binary with 2048 bit long DH params (the default ones are "just" 1024 bit anyway).

Luckily the steps are quite simple and straight forward:
  1. wget
  2. tar -xzf Pound-2.7.tgz
  3. cd Pound-2.7
  4. ./configure --with-dh=2048 --prefix= --exec_prefix=/usr
  5. make
  6. make install
This will look for pound.cfg in /etc/pound.cfg (Debian uses /etc/pound/pound.cfg) and install pound in /usr/sbin - just like the Debian/Ubuntu package does - so you can keep / reuse their init.d script.

Also consider adding "Disable SSLv3" (just above Ciphers) to disable SSL3 which is considered insecure.

Using all this will give you a solid A- on

Tuesday, April 21, 2015

Using Rhino with Java 8

Java brings Nashorn as new JavaScript implementation for JSR 223 (javax.scripting). While this is certainly great news (Nashorn is way faster than Rhino by directly generating Java code), it comes with some challenges: Nashorn is not 100% compatible with Rhino.

Rhino had some extensions and more or less other interpretations on how to combine the Java world with JavaScript. Therefore you cannot simply replace Rhino by Nashorn. One case (which ruined our day) is that you cannot call static methods on instances. Therefore we had to get Rhino up and running in Java 8 until we have our scripts re-written.

Although there is an extensive documentation available in, it is a bit confusing (some URLs are wrong, some steps are missing). So here are the steps which worked for us:

  1. Download Rhino: 
  2. Download JSR-223: svn checkout svn checkout
    Yes that is a ~ in the URL!
  3. cd scripting~svn/trunk/engines/javascript/lib
  4. Copy the js.jar from into this directory (replace the existing js.jar)
  5. cd ../make
  6. ant clean all
  7. Copy ../build/js-engine.jar AND js.jar (of Rhino) into your classpath
  8. Now change:

    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngine engine = manager.getEngineByName("js");


    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngine engine = manager.getEngineByName("rhino");

That's all you need to backport Rhino to Java 8.

Monday, February 2, 2015

A better MessageFormat for Java

The MessageFormat class is widely used by Java, especially when it comes to internationalisation. At first sight, using it is simple and straight forward. Define a pattern like "There are {0} files on {1}", either in Java - or better in a in a .properties file. Create a new instance of MessageFormat and supply arguments for the two parameters when calling the format method. This create a formatted string like "There are 100 files on /dev/sda".

Couldn't be easier, right? Yep, but there's still room for improvement. One such improvement is replacing parameter indices with names. "There are ${numberOfFiles} on ${disk}", provides way more context to the poor soul having to translate a properties files.

Another improvement are optional sections. Imagine you have to represent a person as string. It can have a salutation, a firstname and a lastname. Depending on what a user entered, the salutation and or the firstname might be empty. Valid combinations could be "Mr. John Foo", "John Foo", "Mr. Foo". Using a pattern like "[${salutation} ][${firstname} ]${lastname}" is enough to create this output if optional patterns are supported. That idea is, that blocks in angular brackets are only output if at least one enclosed parameter is replaced with a non-null value.

All this is implemented by the Formatter class provided by Sirius. Using it is quite simple. For internationalisation, use NLS.fmtr("Property.key").set("paramName", value).format(). Note that Sirius automatically loads all properties files and makes them available using the NLS class. To use the smart formatting capabilities a formatter can be directly instantiated like this: Formatter.create("${foo}[ ${bar}]").set("foo", foo).set("bar", bar).smartFormat().

Thursday, June 12, 2014

JavaMail can be evil (and force you to restart your app server)

JavaMail always had an interesting approach when it comes to its configuration. Basically you have to fill an untyped map or Properties structure and hope for the correct interpretation. Countless tutorials on the net show the minimal properties required to make it work (send / receive mails).

However, as we painfully just learned, there are some lesser known properties you should probably take care of, which is timeout settings for socket IO. By default, JavaMail uses an infinite timeout for all socket operations (connect, IO, ...)!

Now suppose you have a cluster of SMTP servers which handle outgoing mail, accessed via a DNS round robin. If one of those servers fail, which happens to be the one JavaMail wanted to connect to, your mail sending thread will hang - forever! This is exactly what happened to us and we needed to perform some real nasty magic to avoid tragedy.

Therefore, we now set timeouts for all operations:

  String MAIL_SMTP_CONNECTIONTIMEOUT ="mail.smtp.connectiontimeout";
  String MAIL_SMTP_TIMEOUT = "mail.smtp.timeout";
  String MAIL_SMTP_WRITETIMEOUT = "mail.smtp.writetimeout";

  String MAIL_SOCKET_TIMEOUT = "60000";

  // Set a fixed timeout of 60s for all operations - 
  // the default timeout is "infinite"

Also, if you plan to access DNS round robin based services (like amazon S3) or in our case a mail cluster, don't forget to also configure the DNS cache tiemout of Java (which is also infinite by default):

 // Only cache DNS lookups for 10 seconds"networkaddress.cache.ttl","10");

And while we're at it, for us it turned out to be a good idea to set all encodings to UTF-8 (independent of the underlying OS) to provide a stable environment:

 System.setProperty("mail.mime.charset",; don't want to care about stuff like this at all? Feel free to use our open source Java library SIRIUS, which takes care of all that by providing a neat fluet API for sending mails:
Sources on GitHub

An example usage can be found in the cluster manager:

    private MailService ms;

    private void alertClusterFailure() {

          .useMailTemplate("system-alert", ctx)

Thursday, February 20, 2014

Multithreaded Java - Screencast on the synchronized keyword

synchronized is quite well known in the Java community. Due to its early implementation which had a significant runtime overhead, it has quite a bad image. In modern JVMs this isn't the case anymore - still there's something to look out for.

Watch the screencast to learn more:

Multithreaded Java - Screencast on the volatile keyword

volatile is probably one of the least known keywords in Java. Still it serves an important purpose - an not knowing about it might ruin your day....

Watch this screencast to learn more: