Java: Import AWS RDS certificate

To establish secure connection between Java application and AWS MySQL RDS instance the ssl/tls certificate needs to be imported in to JVM.

Step #1: Find Java home

Using the following commands you can find the Java home directory

whereis java
ls -l /etc/alternatives/java

Step #2: backup existing cacerts file for future reference

cp $JAVA_HOME/jre/lib/security/cacerrts $JAVA_HOME/jre/lib/security/cacerrts.original

Here are the steps to import RDS certificate into JVM

wget https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
openssl x509 -outform der -in rds-ca-2019-root.pem -out rds-ca-2019-root.der
keytool -import -alias rds-root -keystore $JAVA_HOME/jre/lib/security/cacerrts -file rds-ca-2019-root.der
wget https://s3.amazonaws.com/rds-downloads/rds-ca-2019-us-west-2.pem
openssl x509 -outform der -in rds-ca-2019-us-west-2.pem -out rds-ca-2019-us-west-2.der
keytool -import -alias rds-intermediate -keystore $JAVA_HOME/jre/lib/security/cacerts -file rds-ca-2019-us-west-2.der

Step #3: Update JDBC url in your Java application

Here is the sample JDBC url with SSL enabled

jdbc:mysql://aws.rds.com/dname?useUnicode=true&characterEncoding=UTF8&verifyServerCertificate=true&useSSL=true&requireSSL=true

Design pattern to scale relational database horizontally

Database scalability is one of the critical factor in designing scalable web application. All the four major cloud vendors (Amazon, Microsoft, Google and Oracle) offers relational database as service which abstracts several complexities for developers to setup and manage database servers that helps developers focus on core application development. Even with cloud vendors’ service based offering scaling database horizontally (or scale out) still a challenge which developers can resolve at application level. In this post I would like to talk about the challenges and possible solution for same.

Read more of this post

Monitoring HttpSession memory leak during JavaEE development

In my previous post I have provided a sample servlet filter to monitor non-serializable objects in HttpSession to make the JavaEE application compatible for clustered environment. We have enhanced the same servlet filter to log HttpSession object size which is helping us to find the memory leak during the development.

Here is the Java code
Read more of this post

Java: Sample Active Directory authentication code

Here is a sample Java code to authenticate against Windows Active Directory server.

  • The code finds all available active directory servers in your network.
  • It uses one of the available active directory server for authentication.
  • If an active directory server is down then it starts using next available server if any.
  • This class is thread-safe, you can create one instance and re-use them multiple times.
  • I tested this code from Linux and Windows box.

You can find the below source code in GitHub as well.
ActiveDirectoryAuthentication.java
Read more of this post

JavaEE – Clustering support in JSF, Wicket, ZK, etc.

When a seasoned MVC framework developer starts writing code in component based framework like JSF, Wicket, ZK, etc. they fail to understand the basic differences between MVC and component based framework because they could write code which can work in non-clustered environment i.e. in single JVM deployment. When the same application is deployed in a clustered environment they start realizing the difference which will require lots of effort revisit all the code and make it compatible for clustering. I am going to talk about a few guidelines on making development (on top of component based framework ) cluster aware.
Read more of this post

Capture Heap dump from Tomcat Windows Service

Add the following options into Tomcat >> Java >> Java Options

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=8086
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false

  • Goto JAVA_HOME/bin directory and launch jconsole.exe application
  • In the remote process box enter localhost:8086 and click Connect button
  • Switch to the MBeans tab
  • select com.sun.management – HotSpotDiagnostic – Operations – dumpHeap in the tree on the left
  • Pressing the dumpHeap button creates the heap dump. The parameter called p0 allows you to specify into which target file the heap is dumped.

Alternative to JPA / Hibernate

Ours is a legacy application, we are migrating from desktop to JavaEE web based application. Since it is desktop application database triggers, functions and procedures are heavy used to do lots important functionality. Some of our team members were proposing JPA to move trigger, function and procedure logic to Java layer but many of us (including me) felt is too risky for our business, time to market and lots of data needs to be migrated.

I started looking for a simple alternative framework for JPA which can help us to retain database objects at the same time simplify our Java code like JPA . Here are my findings Read more of this post

Java vs. JavaScript coding

In today’s web programming many Java developers write JavaScript coding hence they tend to follow Java best practice and coding style in JavaScript as well. But there is huge amount of difference in both the coding style and best practices.

Read more of this post

There is no language yet available to replace Java!

There is a perception created in the software development industry that Java is out-dated and Ruby, Python, Scala, etc. are going to take over Java’s position. Some “hyper-enthusiasts” are already left Java platform. Sun’s profit model collapse, Applet, Jini, EJB and JSF heavyweight framework failures added fuel to these campaigns. I still believe no language yet available in the market to replace Java. I don’t have to talk why Java is better because it is proven solution for more than a decade but I would like to talk about how false campaigns are created by “hyper-enthusiasts”. It is easy to fall into these false campaigns because as a developer we want new challenges and something new to learn. Read more of this post

Wicket in OC4J / OracleAS

Recently I tried deploying wicket framework based web application in OC4J container it didn’t work, whereas the same code works well in Tomcat. While googling found a few solution which recommends to use wicket servlet configuration instead of servlet filter to resolve the issue. I did the same but no luck. Then I tried associating a bookmarkable page for the homepage then it works well. Here is the code snippet: Read more of this post

JRebel – a productive tool for Java developers

Java Rebel – a very useful productive tool
One of my friend told me about JavaRebel. Later I tried with eclipse it worked well. The installation and setups are very simple and easy. It saves a lot of time for enterprise class projects. Now you don’t have to restart Tomcat for each changes. Try out today, enjoy the productivity.
Reference:
http://www.zeroturnaround.com
http://www.zeroturnaround.com/blog/configuring-ide-debugging-with-javarebel/
http://www.zeroturnaround.com/update-site/

Java – Object XML Mapping

Have you written 1000s of buggie lines of code to parse XML? Generating an XML is easy but when it comes to XML parsing/import it is hard. We have to think about many scenarios and deal with many combinations. I use to prefer XPath API for XML import because I can fetch required values as they way/order I want rather than iterating all nodes in DOM structure. XPath is better than DOM coding but is not the best solution. So I started looking for a solution similar to Hibernate for XML to Object translation. Read more of this post

Single-Sign-On (SSO) in Java Platform using Active Directory

Sorry guys it been long time writing in my blog.

Nowadays single-sign-on became a hot selling feature for all desktop and web-based products. In this article I talk about single-sign-on implementation in Java platform with Active Directory server. Since Microsoft Windows has become one of the most common corporate network platforms it is worth integrating with your product. Starting from Windows 2000 Microsoft supports Kerberos protocol. It is unusal that Microsoft support open-standard protocol, but they do in this case; good for us :-) Read more of this post

Handling currency calculations in Java business application

Recently I saw a weird floating issue in Java application which made our currency calculation wrong. Can you guess what would be the output of the below code?

System.out.println(38.0 - 26.6);

Read more of this post

Java – Thread’s stack trace dump

Recently I was dealing with a deadlock issue. Usually I use eclipse break points to create deadlock situation at the same time find the line/code which causes the deadlock. But this one is bit complex scenario where it is not easy to have break points move line by line to reproduce the deadlock. Read more of this post