Wednesday, November 25, 2009

Inkscape 0.47 is HERE!!!

OMFGRTFBBQ!!! Inkscape 0.47 is here! This is hands down the best tool for SVG work, period! You can read the release notes here.

Biggest item on my list is the Spiro tool. This has to be the coolest tool ever. Instead of storing the object as a set of bezier curves, it is stored as a set of points with curves where needed. Trying to get perfect curves are no longer a pain in the BBQ. Just change the arrangement of control points and the curves form automagically. Perfect raindrops, vines, and more await you.

The Knot tool looks to hold a lot of promise. I hadn't seen the knot tool in the trunk code so it's appearance is new to me. The hatches tool looks very cool but I'm not sure where I'll be able to use it. The ruler effect is one that I have used often in the trunk code. It does what it says, offers the ability to draw a ruler on a path. It is very useful if you need to add scale to a project.

I can't wait to get my hands on the new release. I know what I'm doing this Thanksgiving weekend!

Um...Being with my family and thankful for the wonderful life I have (uh, yeah that sounds like it...) Just kidding I love you all family.

Friday, November 20, 2009

LoginContext of ACC or more?

Many of the questions I see on Google are about how to setup a LoginContext and then use that context to login to the Glassfish server. First off, the server already creates a LoginContext for you, you do not need to make another one unless you have some real serious demands. Second, when you do make a new LoginContext you are making it outside of the Glassfish server.

JAAS uses a set of local files to determine which Java Objects (modules) to execute in order to make a login. Those configuration files also specify which of those modules are required to send back a "GO" to equal a full login. This is called a stacked login. You could have an application that requires not only a username and password, but also a smart card inserted. If either or both of them return a "NO-GO" then you are denied access.

The thing about JAAS is servers are not the only ones that can use it. You could make your normal Java 2 SE program use JAAS to authenticate smart cards or even a flat file that holds encrypted passwords stored on the local machine. Because anyone could have any given set of configuration files setup on their machine, when you use Glassfish to secure EJBs understand that Glassfish considers the server's configuration files to be the final say in the matter of logging on to access the EJB.

When you create your own LoginContext in your client application, JAAS has to consult the local configuration files. Since a JVM outside of the Glassfish JVM is running your client application, these JAAS configuration files have no say in authenticating your client to Glassfish.

Enter the ClientPasswordLoginModule. This module is a pretty neat little module. It takes in a client username and password and stores it. If you try to go somewhere that requires you to login, this module will take the information that it collected and pass it on to the module asking for login information.

Here is where some people get confused. They assume that the local JAAS needs to use the same module as the Glassfish module. No. Becuase there is no way the Glassfish server can be sure that your local result would be the same result with the Glassfish configuration. If our Application Client used a jdbcModule in the local JAAS configuration, we could (in theory) use a local MySQL to say (Oh yeah, he's who he says he is.) Instead, we have to pass username/password information on to the Glassfish server and the Glassfish server runs it through its jdbcModule, not our local jdbcModule. ClientPasswordLoginModule simply passes that information on to whoever asks for it.

You may also have heard of a ClientCertificateLoginModule, this allows a client to send a X509 certificate to login to a system. Usually your appclient is setup to use both ClientPasswordLoginModule and ClientCertificateLoginModule. The ClientCertificateLoginModule doesn't really do much if you haven't signed the application. If you have, this module makes sure that only the application that was signed is being used to access the resources. This keeps rouge applications from accessing your data. If you want IIMOP over SSL that's a whole other thing.

Remember, when you create a LoginContext inside you Java Client Application it will read in the local JAAS configurations. Those configurations should be setup to pass information back to Glassfish. However, my advice is to not even create your own LoginContext. The ACC on Glassfish is good enough for most needs, you shouldn't have to create your own LoginContext. I'll cover a method of how to get a bit more control over user logins with EJBs on Glassfish with your plain ol' Java Application Client.

Thursday, November 19, 2009

What's wrong with me?

Okay now a little bit of Java code to get into the mindset of using Glassfish.

What is wrong with this code?

File: SimpleMessageRemote.java


package com.blogspot.ramenboy.logintest;

import javax.ejb.Remote;

@Remote
public interface SimpleMessageRemote {

String sayWorld();

}


File: SimpleMessage.java


package com.blogspot.ramenboy.logintest;

import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateless;

@DeclareRoles("AUser")
@Stateless
public class SimpleMessage implements SimpleMessageRemote {

@RolesAllowed("AUser")
public String sayWorld() {
return "World!!";
}
}


File: Main.java


package logintest01;

import com.blogspot.ramenboy.logintest.SimpleMessageRemote;
import javax.swing.JOptionPane;
import javax.ejb.EJB;

public class Main {

@EJB
private static SimpleMessageRemote s;

public static void main(String[] args) {
JOptionPane.showMessageDialog(null, "Hello... " + s.sayWorld());
}
}


The problem with this code is (we are assuming that all the XML descriptors are in order) that we are injecting an EJB that is protected. Now there is nothing wrong with injecting a protected EJB but we shouldn't do this in our Main method. Injecting secure EJBs should be done once we have established the user as belonging to the system.

Why?

If the user fails to login properly (mistyped something or what-have-you). The Injection fails and the end result is an unusable object. The object being the whole freaking program, since this is the main method.

Ergo, don't do this unless you are just writing a simple test. This isn't really production grade programming to inject secure beans all over the place. A failed injection will bring your application client to a grinding halt with a very confusing error.

Pretty Print Test

Okay so I chickened out and started using the Google CSS for syntax highlighting. Here is a test.



package foo;

public class Testing {

public static void main(String[] args) {
javax.swing.JOptionPane.showMessageDialog(null,"Hello, World!");

System.exit();
}
}


So I hope this works.

Tuesday, November 17, 2009

Chest Colds are the worst

I think the title says it all.  This would be the seventh time this year that I have gotten sick.  I can not seem to do anything in my personal time other than get sick and try to recover.  I swear, I'm going to post some python code soon.  I just keep getting sick.

Tuesday, November 10, 2009

Using the built in login versus ProgrammaticLogin

Yeah, I figure I'd cover a bit of Glassfish and JavaEE nuances. Today's gem is logging in.

When you think of logging into something you may have a sudden urge to think, "Yeah it's just a database with users and passwords stored in it."

To an extent you are correct. The broad 10,000 feet view of logging in is that you present something and that something proves you are who you say you are.  In some cases it is a password, some cases it may be a USB stick, and in some cases it may be something on you like your thumbprint.  However, the fun thing about being a programmer is that you not only get to deal with the details of where, what, and how idenities are matched with proof, you also deal with the way it is prosented to the user, interfaced with that presentation, handled during transport, how to transport, and so forth.  Basically you'll leave wondering how the API actually helped you.

But I'm getting ahead of myself, short end is that no matter what framework you use; be ready to do a bit of leg work when it comes to logging people in.

Now on to the topic at hand.  In JavaEE there is a set way of how to handle logging in to an AS.  This method is known as JAAS (say it with me: Jazz).  Without going into what that means (you can safely assume that the J stands for Java) JAAS is the standard built-in method for logging into an AS.  Now JAAS is great and all but it was mostly intended for web based applications, so if you are doing a lot of web based apps then just sticking with the default JAAS won't do you wrong.

Therein is the problem, if you are doing Client Application programming (thick clients) you may seek to have a bit more control over the login process.  JAAS is an okay solution, and you can work around some of it's limitations, but after a point you're just boiler plating and you need to stop.  One thing about JAAS is that it is specific to the Application Control Container (ACC), that's not to say the code isn't cross platform, it means that the ACC handles login, not you, you have to keep poking at the ACC for information about the current state of the login.  This simplifies things at an amazing rate.  You can have a databased back login module in less than five minutes.  In fact you'll spend most of your time with SQL.  The problem is things like making sure the person provides a valid login add complexity because the ACC will toss an Exception at you and your client will receive a very cryptic error message about RMI-IIOP.

This is all because when something bad happens you can't trap the ACC (that's a good thing security-wise) and therefore authentcation errors blow up your client.  You have to write EJBs that force the system to log you in and then before actually using that login check to make sure it is okay.  This can add a bit of overhead in Client Applications...

Enter ProgrammaticLogin.  The purpose is pretty stright forward, handle logins programmatically.  Two problems with this approach, this will lock your code (once you start coding for ProgrammaticLogin you are locked into Glassfish with you code sans a major rewrite); second, you must handle everything about logging in yourself.  ProgrammaticLogin is lock-in for every platform, yes that's right, everyone has a ProgrammaticLogin (JBoss, Oracle, IBM, etc...), every single one of them makes it look the same (takes two to four parameters, passes information on to EJBs, etc...) but they all do it very differently per AS platform.  Judging by history, this makes it a good candidate for inclusion in the next version of JavaEE (???).

I guess I'll cover a bit about logging into an AS next time, I'll cover JAAS first.

Monday, November 02, 2009

Things not to do on Blogger when at work.

I'll try to keep updating this list as I go.
  1. Click the Next Blog link.
  2. Go to a blog that I know is going to have background music.
Holy smokes! Did you know it was November already?! Crap I've got so many car related things to get done it's not even funny.
  • Fix my car.  It's got a stuck open thermostat that makes the computer send P0126.  That's a you fail emissions error.
  • Inflate my freaking tires!  I usually am on top of this but the blasted air machines taunt me by accepting only quarters when I have a ton of dimes!  This also, by-the-way, sends a you fail emissions error.  In fact, every error on my car is a fail emissions error except low oil and low freon.  WTF?!
  • I turn an age evenly divisible by five this year.  That means that I have to pay to continue to keep my drivers license.  I don't really understand the point of this.  They don't require that you come in and have your eyes checked, your ability to drive checked, or anything that would ensure that you are still able to drive.  In lieu of all of that safety stuff they just want you to mail in a check and a form that ASSERTS that you still feel able to drive.
  • My son will be turning, an age that is a single number in binary, years old very soon.  I've so got to get planning and sending out invites done like it was yesterday.
  • I am so carpet bombing my friend's place.  He has consistently held the pieces of wood that I am using to make shelves for ransom.  He has until this Friday to return them, or I am getting 2,4,6-trinitrotoluene on his rear end.
See, this is what happens as you get older.  As a kid you loose track of time on a smaller scale, say minutes or even hours.  As an adult the same thing happens just on a larger scale, say days, months, seasons...  I guess it all just comes down to simply forgetting what year, century, millennium your currently in once you're ready to retire.

"What?! OH?!  Why are you grabbing me by the arms and dragging me out?!  What do you mean I retired seven years ago?! Let go of me right... oh forget it, I need a nap."

MS Access and the Gettoness that it is.

Why on Earth would you have a cross-tab query with no "non-VBA" method of making a report?  Oh well OpenOffice.org is guilty of the same crime.  C'mon, if I'm doing this with GUI magic in the query editor, why can't I do this with the report editor.

Well off I go to write about 400 lines of VBA code that no one will notice.  Nah, just kidding, it's only like 40 lines.

Code and Pre Tags

Hello.

Usually when I do some code, I just really place it between some <pre> tags. If it will have a lot of < and > symbols (like C++ code). I'll do the code really quickly in gedit and replace them with the entities that correspond to them.

However I was on Microsoft's web site and I really liked the idea of how they surround their code with a little blue box with a bigger top border.

Now using Firebug to look at the CSS for this, it is a really simply addition to what I was doing.


This is what I was doing...
<pre style="border:1px solid #8888FF">



However, as you can see in the above example, I'm using a similar usage of the MS CSS except I've made it green as such:


This is my new take.
<pre style="border-style: solid; corder-color: rgb(192,231,192); border-width: 10px 1px 1px;white-space: pre-wrap;word-wrap: break-word;">



Also I've been trying to understand how ScribeFire works with <br />. I am still working on it. Also, I will try to get my own CSS written and uploaded to Blogger when time permits.

Sunday, November 01, 2009

VirtualBox I still love you

Well it seems I'm running into a problem. 64-bit guest won't seem to go into long mode on a 64-bit host when AMD-V or Intel VT isn't available. That's okay because VBox still rocks.