Java

Java language and systems

There are 3 posts filed in Java (this is page 1 of 1).

Migrating from Adopt OpenJDK to Adoptium on Mac

Adopt OpenJDK is officially deprecated and is moved to the Eclipse Temurin project. So the Homebrew Tap for AdoptOpenJdk is also deprecated.

So we must first remove the AdoptOpenJdk tap from Homebrew:

# Uninstall the AdoptOpenJDK tap
brew untap AdoptOpenJDK/openjdk

In the next step we’ve two options. We can install the latest Temurin release or a specific one.

# Option 1: Install latest Temurin release
brew install --cask temurin

# Option 2: Install a specific Temurin release
brew tap homebrew/cask-versions
brew install --cask temurin11

You can set the JAVA_HOME variable with the following snipset in your login script:

# set JAVA_HOME to current Java version
export JAVA_HOME=$(/usr/libexec/java_home)

# set JAVA_HOME to a specific Java version
export JAVA_HOME=/Library/Java/JavaVirtualMachines/<version>/Contents/Home

JAAS with active directory authentication in a web application

This is a sample to use JAAS authentication with a windows active directory server. I use a Sun Java System Application Server, so the steps with other servers could be different.

Step 1: Defining LDAP realm

In this example you must define a LDAP realm named «ads-realm» with the following parameters:

Realm class:

com.sun.enterprise.security.auth.realm.ldap.LDAPReam

Properties:

directory            = ldap://ads.host.name:389
base-dn              = DC=ads,DC=domain,DC=com
search-bind-dn       = user
search-bind-password = password
search-filter        = (&(objectClass=user)(sAMAccountName=%s))
group-search-filter  = (&(objectClass=group)(member=%d))
jaas-context         = ldapRealm

You must change directory, base-dn, search-bind-dn and search-bind-password to your active directory configuration. The «search-bind-dn» and «search-bind-password» parameters are needed, because with default settings active directory doesn’t allow anonymous users to browse the directory.

Step 2: Setting the following JVM Switch for refferals

The following JVM switch is needed with active directory LDAP servers:

-Djava.naming.referral=follow

Add this switch to your server startup script or with the admin console.

Step 3a: Basic authentication

Add the following section to your web.xml or go to Step 3b for form
based authentication.

<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>ads-realm</realm-name>
</login-config>

Step 3b: Form based authentication

Add the following section to your web.xml:

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>ads-realm</realm-name>
  <form-login-config>
    <form-login-page>/login.html</form-login-page>
    <form-error-page>/login.html</form-error-page>
  </form-login-config>
</login-config>

Create the page /login.html with a least the following code:

<html>
  <head/>
  <body>
    <form action="j_security_check" method="post">
      Username: <input type="text" name="j_username"><br/>
      Password: <input type="password" name="j_password"><br/>
      <input type="submit" value="Login"/>
    </form>
  </body>
</html>

Step 4: Adding security role to web.xml

Add at least one security role to your web.xml, in this example «userRole».

<security-role>
  <role-name>userRole</role-name>
</security-role>

Step 5: Adding security constraint to web.xml

Now we must create a security constraint and the path to the pages we want to allow only authenticated access. In this sample the access to the folder /pages/ is resticted to authenticated users in role «userRole».

<security-constraint>
  <display-name>SecurityConstraint</display-name>
  <web-resource-colletion>
    <web-resource-name>SecuredFolder</web-resource-name>
      <url-pattern>/pages/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>userRole</role-name>
    </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
</security-constraint>

Step 6: Create role mapping between active directory group and role

Role mappings are defined in sun-web.xml for the Sun Java System Application Server, so add the following section:

<security-role-mapping>
  <role-name>userRole</role-name>
  <group-name>users</group-name>
</security-role-mapping>

This maps the active directory group «users» to our role «userRole»,
so only users in the group «users» can access our secured folder.

Hibernate with JPA

To use Hibernate as a persistence provider for the Java Persistence API (JPA) you must include the following jar files into your classpath:

  • From Hibernate Entity Manager
    • hibernate-entitymanager.jar
    • lib/hibernate-annotations.jar
    • lib/hibernate-commons-annotations.jar
    • lib/jboss-archive-browsing.jar
  • From Hibernate Core
    • hibernate3.jar
    • lib/antlr-2.7.6.jar
    • lib/asm-attrs.jar
    • lib/asm.jar
    • lib/c3p0-0.9.1.jar
    • lib/cglib-2.1.3.jar
    • lib/commons-collections-2.1.1.jar
    • lib/commons-logging-1.0.4.jar
    • lib/concurrent-1.3.2.jar
    • lib/dom4j-1.6.1.jar
    • lib/ehcache-1.2.3.jar
    • lib/javassist.jar
    • lib/log4j-1.2.11.jar

If you use a Java SE project you must also include the javaee.jar file from the Java EE 5 SDK.

Here is a sample persistence.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<persistence version="1.0"
  xmlns="http://java.sun.com/xml/ns/persistence"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
  http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd">

  <persistence-unit name="webstore-ejbPU" transaction-type="JTA">
    <provider>org.hibernate.ejb.HibernatePersistence</provider>
    <jta-data-source>jdbc/webstore</jta-data-source>
    <properties>
      <property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQLDialect"/>
      <property name="hibernate.hbm2ddl.auto" value="update"/>
    </properties>
  </persistence-unit>
</persistence>