Updating Your Local SSL Certificate

Previously: Create SSL Certificate for HTTPS localhost on Tomcat 7 Chrome and Internet Explorer

The local certificate will expire after 3 months. here is how to update it.

1.Inspect your tomcats’ server.xml file to see what java it is using. So lets say it is using:
C:\Program Files\Java\jdk1.XXX
2.Delete the expired certificate with the following command:
keytool -delete -alias gleniris.com -keyalg
RSA -keystore “C:\Program Files\Java\C:\Program Files\Java\jdk1.XXX\jre\lib\security\cacerts” – the password is by default changeit
3.restart the machine
4.generate a new cert with the following command:
keytool -genkey -alias gleniris.com -keyalg
RSA -keystore “C:\Program Files\Java\C:\Program Files\Java\jdk1.XXX\jre\lib\security\cacerts”

You are now asked to enter your name. enter your name as whatever value your alias is. In my case I entered the name as gleniris.com
5.Copy the certificate which you have generated:
Attempt to navigate to the secure section of your site. For me, it was (Note the HTTPS protocol):
https://my.gleniris.com:8443
Using the 3 dot menu, more tools, developer tools, security tab, and Click the Certificate Information > Details tab > Copy To file > Export. Save it as the defaut .cer file type. Save it with the same name as you alias. For me this file is named:
gleniris.com.cer
6.Create an entry in the trusted certificate publishers directory of your machine
Open a command window and type
certmgr.msc
Expand the ‘Trusted Publishers’ directory. Using the menu bar, select action >All Tasks >Import, and import the file you created in step 4. Repeat this process in the ‘Trusted Root Certification Authorities’ directory.
7.Restart your machine.

Mock Testing

Mock Testing explained:

• http://zeroturnaround.com/rebellabs/how-to-mock-up-your-unit-test-environment-to-create-alternate

Concise Example of the EasyMock testing framework:

• http://www.ibm.com/developerworks/java/library/j-easymock/index.html

Reflection in Java

Six years of programming with Java and I’ve never had to use reflection. I don’t know if that a good or a bad thing but below is the best, most concise explanation of Java Reflection which I have found. The commentator confuses himself at times but the core message and logic comes across well. Only 11 or so minutes long.

Advice on Technical Hiring from the Employers Perspective

The below is an extract from a chapter from the O’Reilly published 97 Tthings Every Software Architect Should Know:

 

“Most people probably agree that finding top-notch developers requires thorough technical interviewing.  But what does thorough mean exactly?  It doesn’t mean requiring candidates to answer difficult questions about obscure technical details.  Screening for specific technical knowledge is definitely part of the process but turning an interview into a certification test will not guarantee success.  You are searching for developers with problem solving skills and passion.  The tools you use are sure to change; you need people who are good at attacking problems regardless of the technologies involved.  Proving someone has the ability to recite every method in an API tells you very little about their aptitude or passion for solving problems.

However, asking someone to explain their approach to diagnosing a performance problem gives you great insight into their methods for problem solving.  If you want to learn about developer’s ability to apply lessons learned, ask what they would change given the chance to start their most recent project anew. Good developers are passionate about their work.  Asking them about past experience will bring out that passion and tell you what correct answers to technical trivia questions cannot….

by Chad LaVigne
This work is licensed under a Creative Commons Attribution 3″

Security Issue for Java and MySQL or SQL

The most basic vulnerability is to leave the database operating on the default port of 3306 with the default user name and password. Ensure that this port is not open to the web.

SQL Injection Vulnerability

To protect against SQL Injection, it is necessary to avoid methods which take an argumenrt which is directly used in an SQL query.

The solution is a two setp process.

1. First, validate the input argument against a regex or caught parse exception. Therefore you will know, if the method is supposed to accept a String containing a int, or an entire set of digits, you can be sure that this is the case. This ensures you are not using user input to directly query the database without validating it first.
2. The second prevention step is not to use a direct SQL query. Instead use a prepared statement. This means that you are not using string concatenation or string replacement to query the database. If this were the case, an attacker can pass your method an SQL statement which will then be run against your database.

Hibernate Delete using HQL – QuerySyntaxException: Foo is not mapped

The entity name needs to be used in the query instead of the table name.

 

For example this causes the QuerySyntaxException as it uses the database table name in the query:

 

Query query = session.createQuery(“delete from product where venue_id = :venueID”);
query.setParameter(“venueID”, venueID);

The below query works as it uses the entity name:

Query query = session.createQuery(“delete from ProductEntity where venue_id = :venueID”);
query.setParameter(“venueID”, venueID);

Error 1723 cant unstall Java due to missing DLL

Download the Windows Installer Cleanup from here. Worked a treat.

Spring Exceptions and Errors

I am learning how spring works so as a reference for myself here are some errors and or exceptions that have had me wondering whats going on. While working through Brians excellent Java Blog for Spring novices, I tried setting up his Service but customised to my own applications needs.

 

1. Endpoint mapping [org.springframework.ws.soap.server.endpoint.mapping.SoapActionAnnotationMethodEndpointMapping@25dad8eb] has no mapping for request  – Cause by having the wrong payload root localpart set in the endpoint java class.

Builder Pattern in Java to avoid multiple argument constructors for the same object

This post is heavily inspired by page 14, chapter 2 of Joshua Bloch’s Effective Java Second Edition. I typed it out here as an exercise to memorise it.

The idea of this pattern is to implement a better way of creating an object which has optional parameters. For example, a Dog object in a database needs to have a name attribute. However, breed, age and colour attributes are optional. Consider the old constructor setup, and by old I mean the way I coded it before I discovered the Builder pattern:

public class Dog{

       public Dog(String name){…}

       public Dog(String name, String breed){…}

       public Dog(String name, String breed, int age, String colour){…}

etc, etc,

Not very efficient, the following is an example of the Builder Pattern

public class Dog{

 private final String name;       

 private final String breed;

 private final String colour;

public static class Builder{

//required parameter
private final String name;

//optional parameters
private final String breed = “”
private final String colour = “”

public Builder(String name){
this.name = name;
}

public Builder breed(String val)
{ breed = val; return this;}

public Builder breed(String val)

{ colour= val; return this;}

public Dog build(){
return new Dog(this);
}

private Dog(Builder builder){
breed = builder.breed;
colour = builder.colour;
}
}

The object of type Dog is then created as such:

Dog arsenesDog = new Dog.Builder(“Thierry”).breed(“lab”).colour(“golden”).build();

Thierry Henry, an evangelist for the Builder Pattern

Software Engineer Interview Guide

After almost 5 years as some class of Software Engineer (titles ranged from Associate Software Engineer to Software Engineer to Web Support Engineer to Senior Consultant and back to Software Engineer), having moved companies a number of times, I have realised that the job interview process for technical jobs is broadly the same.

For each interview I have done, both successfully and unsuccessfully, I had to put in a certain amount of preperation. I usually put together a dossier on each position I apply for based on the following information.

Do Your Homework on The Company

• Why do you want to work for them?
• Why are you leaving your current position?
• Who are their competitors?
• If you get a name for your interviewer, look them up on Linked In to see their area of interest. This may tip you off as to what they are likely to ask about.
• Have 3 – 4 good questions ready for the interviewer. The goal here should be to genuinely learn something as opposed to just ticking the box of asking a question A bad example of this is –   “What is your favourite thing about working here at X”. A good example is “I noticed that you mentioned that you use Technology X to achieve goal A, I find this interesting as previously I had never heard of that, in my experience I would have used Technology Y to achieve goal A. Can you tell me why using technology X suits you better?” To reiterate, show that you are not afraid to chat about technical topics rather than just asking a question for the sake of it.

Understand Why You Want THIS Job

Look, ideally we would all play professionally for Arsenal and only use computers to place job adverts on line for pool cleaners / drivers. However, the squad is full so we need to get employed elsewhere.

If you are applying for the job as it is a job for which you are qualified fair enough, but you will stand a much better chance of being employed if you actually want the job.

What I mean is that the job is the best fit for you. ie, the job involves the technologies with which you are most interested and to a lesser extent, skilled in. The job will offer you the chance to work in an environment and culture which will allow you to meet your career goals – weather that is to stay at a junior level all your life or to progress to the highest levels of management before you are 30.

Have this clear in your own head before you are expected to make it clear in the interviewers head.

Common Interview Running Order

In my experience, it is common to be interviewed by the Human Resources department, the potential manager and a potential team member (skill level similar to you). They will all probably allow you to ask questions at the end f their individual sessions. If in session 1, all of your questions were genuinely answered, dont just say “no” when session two asks you if you have any questions. A better response is “well I did want to find out more about X but Jimmy Five Bellies answered that question for me in the last session”.

• The HR interview tries to see how you are as a person. They will want to judge you on actual experiences of your career and life and how you reacted to them. They would rather specific examples of a time when you did X as opposed to what would you do if X happened? Past behaviour is the best predictor of future behaviour.
• The manager interview likes to hear of your work experience. He / She may even get technical but if they do it will probaly be at a high level. For example, what web servers have you used as opposed to which Java Collection is best for storing an ordered list of objects.
• The peer will ask technical questions and may even present you with a whiteboard and ask you to give an overview of a system which you have worked on in the past. This task has numerous purposes:

1. Test your communication skills. Can you explain a technical problem. This is a common ask for a software engineer. How are you supposed to work through technical problems with team members if you cannot describe issues?
2. Test your overall understanding of the system which you worked on. Did you know the architecture or were you just concerned with the little piece which you had responsibility for?
3. Technical knowledge. This diagram will offer the interviewer the chance to ask specific questions on single parts of your system. They will probably focus on their area of expertise. For example, if your diagram includes a database and the interviewer is a database administrator, they may ask you about normalisation, choice of database (MySQL, Oracle, SQL), database performance etc.

Common Interview Questions Which I have Encountered

• Tell me about an improvement which you made to a system.
• Have you ever been given a set of requirements which you didnt understand, if so, how did you go about completing the assignment.
• Have you ever worked with somebody who held the team back, or with whom you had a personality clash, if so, what happened in this situation.
• How do you manage tight deadlines.
• Where do you see your career going?
• Describe your ideal colleague.
• How do you feel about mentoring?
• What motivates you?
• What does success mean to you?
• Have you ever made a mistake that impacted a live system?
• Describe how the software model which you used in your last job.
• Describe the last project you worked on to a person with no technical experience beyond checking their email and surfing the net.
• How would you improve the performance of a system which uses a database?
• How would you get two machines to communicate with each other?

Dont try and fudge answers. If you dont know ,say “I am not sure but if I was to guess I would say…”.

Summary

• Prepare and practice drawing block diargams of a system which you previously worked on.
• Be clear why you want the job.
• Be clear what the position is.
• Be clear who the company are and what they do.
• Know your resume and what it claims inside out, for example, if you only used Apache Ant once, dont list it as a skill on your resume.
• Arsenal are more successful and have more class than Spurs.

More as I remember it.