Here i am discussing about how to add/initialize log4j logger when BIRT Viewer is invoked. Here is the clue... As we know BIRT provides the frameset servlet via which we can run BIRT reports. By now you might have already guessed it...did you ? if not here is the deal... Define your own servelet say MyBIRTServlet and instead of extending it from HttpServerlet extend it from frameset servlet , and the define two obvious methods goGet() and doPost() along with init() method. Now initialize your logger object with some name inside init() method and after that you would need to call super.init() to allow framset-init() to execute.. Also redirect the call of doGet(…) and doPost(…) to frameset doGet(…) and doPost(..) MyBIRTServlet doGet(..) -> Call super.doGet(…) similarly for doPost(…) Last thing that we need to do is update the web.xml (which is present under birt-viewer/WEB-INF directory) for newly created servlet mapping with frameset.
Tuesday, September 18, 2012
Using log4j logging in BIRT Viewer
Thursday, September 13, 2012
Managing multiple entries in java (custom) truststore
Here is the scenario:
Say i have got two End Point Reference (EPR) to which i have to make web method/API calls and these EPR's has given me their keystore file. Now i got to create self-signed certificate (out of each keystore file) and finally import these certificates as part of truststore [Which will finally used for server verification].
1)Create a self-signed certificate with name "cert_EPR1.cert" from keystore keystore_epr1.jks
$JAVA_HOME/bin/keytool -export -rfc -file cert_EPR1.cert -alias EPR1 -storetype JKS -storepass changeit -keypass changeit -keystore keystore_epr1.jks
2)See how cert_EPR1.cert looks
/usr/java/default/bin/keytool -printcert -file cert_EPR1.cert
Owner: CN=*.mycomp.com
Issuer: CN=*.mycomp.com
Serial number: 5040ccbe
Valid from: Fri Aug 31 08:39:58 MDT 2012 until: Thu Nov 29 07:39:58 MST 2012
Certificate fingerprints:
MD5: D1:73:70:9C:2D:34:9F:85:8A:93:01:71:49:7A:0C:6D
SHA1: F5:E5:DB:BD:76:D6:B2:4E:C7:C5:5C:45:1E:E5:94:6D:48:A5:16:B8
Signature algorithm name: SHA1withRSA
Version: 3
3)Create a self-signed certificate with name "cert_EPR2.cert" from keystore keystore_epr2.jks
$JAVA_HOME/bin/keytool -export -rfc -file cert_EPR2.cert -alias EPR2 -storetype JKS -storepass changeit -keypass changeit -keystore keystore_epr2.jks
Certificate stored in file
4) See how cert_EPR2.cert looks
/usr/java/default/bin/keytool -printcert -file cert_EPR2.cert
Owner: CN=*.mycomp.com
Issuer: CN=*.mycomp.com
Serial number: 502a52d6
Valid from: Tue Aug 14 07:29:58 MDT 2012 until: Mon Nov 12 06:29:58 MST 2012
Certificate fingerprints:
MD5: E9:F5:82:4B:CB:A2:5A:A0:17:E2:61:9E:E8:B7:17:64
SHA1: 5C:95:B6:4F:76:0E:4B:ED:56:79:F5:CC:1E:CA:B6:8D:7E:E6:38:5A
Signature algorithm name: SHA1withRSA
Version: 3
5)make cert_EPR1.cert as part of one truststore who's password is trustStorePassword
$JAVA_HOME/bin/keytool -import -alias EPR1 -keystore truststore -file cert_EPR1.cert -storepass trustStorePassword
Owner: CN=*.mycomp.com
Issuer: CN=*.mycomp.com
Serial number: 5040ccbe
Valid from: Fri Aug 31 08:39:58 MDT 2012 until: Thu Nov 29 07:39:58 MST 2012
Certificate fingerprints:
MD5: D1:73:70:9C:2D:34:9F:85:8A:93:01:71:49:7A:0C:6D
SHA1: F5:E5:DB:BD:76:D6:B2:4E:C7:C5:5C:45:1E:E5:94:6D:48:A5:16:B8
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: y
Certificate was added to keystore
6)make cert_EPR2.cert as part of same truststore (who's password is trustStorePassword)
$JAVA_HOME/bin/keytool -import -alias EPR2 -keystore truststore -file cert_EPR2.cert -storepass trustStorePassword
Owner: CN=*.mycomp.com
Issuer: CN=*.mycomp.com
Serial number: 502a52d6
Valid from: Tue Aug 14 07:29:58 MDT 2012 until: Mon Nov 12 06:29:58 MST 2012
Certificate fingerprints:
MD5: E9:F5:82:4B:CB:A2:5A:A0:17:E2:61:9E:E8:B7:17:64
SHA1: 5C:95:B6:4F:76:0E:4B:ED:56:79:F5:CC:1E:CA:B6:8D:7E:E6:38:5A
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: y
Certificate was added to keystore
7)Lets see what actually created trusstore has :
/usr/java/default/bin/keytool -list -keystore truststore -storepass trustStorePassword
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
EPR1, Sep 13, 2012, trustedCertEntry,
Certificate fingerprint (MD5): D1:73:70:9C:2D:34:9F:85:8A:93:01:71:49:7A:0C:6D
EPR2, Sep 13, 2012, trustedCertEntry,
Certificate fingerprint (MD5): E9:F5:82:4B:CB:A2:5A:A0:17:E2:61:9E:E8:B7:17:64
so all good .. We are done here
Use above create trustStore in your webservice client..
Monday, September 10, 2012
Tomcat and https/ssl settings
I came across this topic when i was asked to deploy one of the web applications over ssl/https under the tomcat web container. As we all know there is one port reserved in tomcat to server the http request [which is defined in server.xml (tomcat/conf/server.xml) and there is one commented port entry for https which looks like below: We need to uncomment this line, Note here: 8443 is the default port reserved for https.clientAuth is default set to false - which means you do not want to authenticate the client request. Apart from this attributes you also need to add two more attributes named "keyStoreFile" and "keyStorePass" Where do i get the value for keyStoreFile and what it is ? Value is the name of the file which has keys generated at server/host to validate. To create this file make use of keytool utility provided by java. $JAVA_HOME/bin/keytool -genkey -keystore ${tomcat_dir}/conf/my_keystore.jks -alias someNameforAlias -keyalg RSA -keysize 2048 -dname CN=$host -storepass $password -keypass changeit This will give you a file with name my_keystore.jks,to view the content of this file $JAVA_HOME/bin/keytool -list -keystore my_keystore.jks -storepass changeit so we got the required value to be populated: lets uncomment the entry in server.xml : it will look like below: Now make sure you have my_keystore.jks file in conf directory of tomcat and bounce (Stop and start) the tomcat. You should be able to accee it via https://myhost:8443/myapp
Subscribe to:
Posts (Atom)