Monday, June 1, 2015

Highlighting Checkstyle Links using Maven and IntelliJ IDEA

Although IntelliJ IDEA has en excellent Maven integration, it doesn not recognize file references or file links in the output of Maven commands. One such generator of file links is checkstyle which generates an output like this:


 Now our live would be a lot easier, if we could just click on the message to fix the issue. Luckily, with a litte hack, this is possible: IntelliJ provides a possibility to define custom output filters for "External Tools". Therefore navigate to "Preferences > Tools > External Tools". Add a new one with "mvn" as command and "validate" or whatever triggers checkstyle as parameter.

 
Then click on "Output Filters" and a a Filter with an arbitrary name and "$FILE_PATH$:$LINE$(:$COLUMN$)?.*" as Regular Expression.


If you now choose "Tools -> External Tools -> Checkstyle" Maven will run again producing a nicely linked output:



Wednesday, May 20, 2015

Fixing Logjam for Pound

The recently discovered problem "Logjam" in TLS (or the Diffie Hellman algorithm to be exact) is also present in pound by Apsis. Especially if you're using a pre-build binary via apt-get or rpm, as the DH parameters are built into the pound binary itself.

So, to block the support of DH Export, it is enough to change or specify a "Ciphers" setting:

ListenHTTPS
    ...

    ...
    Ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"

End


However, to be absolutely on the safe side, I'd recommend to compile your own binary with 2048 bit long DH params (the default ones are "just" 1024 bit anyway).




Luckily the steps are quite simple and straight forward:
  1. wget http://www.apsis.ch/pound/Pound-2.7.tgz
  2. tar -xzf Pound-2.7.tgz
  3. cd Pound-2.7
  4. ./configure --with-dh=2048 --prefix= --exec_prefix=/usr
  5. make
  6. make install
This will look for pound.cfg in /etc/pound.cfg (Debian uses /etc/pound/pound.cfg) and install pound in /usr/sbin - just like the Debian/Ubuntu package does - so you can keep / reuse their init.d script.

Also consider adding "Disable SSLv3" (just above Ciphers) to disable SSL3 which is considered insecure.

Using all this will give you a solid A- on https://www.ssllabs.com/ssltest/analyze.html

Tuesday, April 21, 2015

Using Rhino with Java 8

Java brings Nashorn as new JavaScript implementation for JSR 223 (javax.scripting). While this is certainly great news (Nashorn is way faster than Rhino by directly generating Java code), it comes with some challenges: Nashorn is not 100% compatible with Rhino.

Rhino had some extensions and more or less other interpretations on how to combine the Java world with JavaScript. Therefore you cannot simply replace Rhino by Nashorn. One case (which ruined our day) is that you cannot call static methods on instances. Therefore we had to get Rhino up and running in Java 8 until we have our scripts re-written.

Although there is an extensive documentation available in java.net, it is a bit confusing (some URLs are wrong, some steps are missing). So here are the steps which worked for us:

  1. Download Rhino: https://github.com/downloads/mozilla/rhino/rhino1_7R4.zip 
  2. Download JSR-223: svn checkout svn checkout https://svn.java.net/svn/scripting~svn
    Yes that is a ~ in the URL!
  3. cd scripting~svn/trunk/engines/javascript/lib
  4. Copy the js.jar from rhino1_7R4.zip into this directory (replace the existing js.jar)
  5. cd ../make
  6. ant clean all
  7. Copy ../build/js-engine.jar AND js.jar (of Rhino) into your classpath
  8. Now change:

    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngine engine = manager.getEngineByName("js");


    to:

    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngine engine = manager.getEngineByName("rhino");

That's all you need to backport Rhino to Java 8.

Monday, February 2, 2015

A better MessageFormat for Java

The MessageFormat class is widely used by Java, especially when it comes to internationalisation. At first sight, using it is simple and straight forward. Define a pattern like "There are {0} files on {1}", either in Java - or better in a in a .properties file. Create a new instance of MessageFormat and supply arguments for the two parameters when calling the format method. This create a formatted string like "There are 100 files on /dev/sda".

Couldn't be easier, right? Yep, but there's still room for improvement. One such improvement is replacing parameter indices with names. "There are ${numberOfFiles} on ${disk}", provides way more context to the poor soul having to translate a properties files.

Another improvement are optional sections. Imagine you have to represent a person as string. It can have a salutation, a firstname and a lastname. Depending on what a user entered, the salutation and or the firstname might be empty. Valid combinations could be "Mr. John Foo", "John Foo", "Mr. Foo". Using a pattern like "[${salutation} ][${firstname} ]${lastname}" is enough to create this output if optional patterns are supported. That idea is, that blocks in angular brackets are only output if at least one enclosed parameter is replaced with a non-null value.

All this is implemented by the Formatter class provided by Sirius. Using it is quite simple. For internationalisation, use NLS.fmtr("Property.key").set("paramName", value).format(). Note that Sirius automatically loads all properties files and makes them available using the NLS class. To use the smart formatting capabilities a formatter can be directly instantiated like this: Formatter.create("${foo}[ ${bar}]").set("foo", foo).set("bar", bar).smartFormat().