Changing my blog… AGAIN?

August 2, 2010 1 comment

Well, it’s true, I’m moving to new site:

To tell the long story short: I’m moving my blog to new domain If you read my RSS please change subscription, since I won’t be posting any new stuff here (and I will eventually close this blog on, so it won’t get confusing). Note also that in upcoming weeks I will import most of post from this blog to the new one.

And that simply it. Please refer to the new address from now on. For those of you who are wondering why I move from, please read on.

You still here 🙂 ? Cool! You may know that it’s been more than a year since I started this blog. It was actually a continuation of previous one, that I was maintaining in Polish language. Nevertheless I’ve switched to English completely and after more then one year of blogging, I can honestly say that I don’t regret this at all. The people I met from all around the world, the thoughts we exchanged (not always agreeing with each other ;)… well experience have been great. I’ve started in May 2009 with 600 visits per month to reach average 6000 per month a year later.

For some it might be impressive, for some it may not. For me it was a reward, that my writing actually has some value. So why do I move then? Well honestly two things were cause of the change

1. with somehow growing popularity 🙂 I wanted to bring my blog to another level (by buying domain ;))

2. beside that I just simply wanted to have better control of my blog, which unfortunately wasn’t giving me enough.

And that is simply it! See you next time on

Categories: Other

JRE Exploit happened!

April 11, 2010 3 comments

Tavis Ormand discovered the bug inside Java Web Start. Critical bug that exists inside Java Runtime Environment allows to remotely run code on any machine with Java 6.0 with update 10 or later. In practice anyone can be attacked by simply entering specially designed page.

To explain how the exploit can work, you need to know that ever since 1.6.10 Sun has distributed an NPAPI plugin (for firefox, chrome ect.) and ActiveX control (for Internet Explorer) called “Java Deployment Toolkit” that simplifies distributing applications to the end user by Web Start. The launch() method of this toolkit accepts url as a parameter, however this parameter is poorly validated, thus allowing passing arbitrary parameters. This parameter is later on passed to javaws, allowing to run any code on attacked machine.

Tavis Ormand created a Proof of Concept application to show exploit in use. Source of this PoC was published by Ruben Santamart. Currently there is no fix for the bug and according to Tavis Ormand, Oracle/Sun is not planning to do it quickly:

Sun has been informed about this vulnerability, however, they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.

Categories: News

Installing Liferay with MySQL, CAS and openLDAP on Ubuntu (part 3)

April 8, 2010 2 comments

This is third part of of article “Installing Liferay with MySQL, CAS and openLDAP on Ubuntu”.

5. Installing and configuring CAS

The easiest way to integrate CAS with openLDAP is to build CAS using Maven.  Created war file will contain all needed dependencies and all properties will be set inside configuration files.  Before we move on you need to first download CAS sources and unpack it somewhere in your file system (for example /home/user/Downloads/cas). We will refer to this folder (or to the path of this folder) as CAS_SOURCE further in this tutorial.

5.1 Configuration of dependencies and properties

1. Go to folder $CAS_SOURCE/cas-server-webapp and in file pom.xml add


2. Go to folder $CAS_SOURCE/cas-server-webapp/src/main/webapp/WEB-INF and open file deployerConfigContext.xml

3. In file deployerConfigContext.xml inside bean authenticationManager comment out SimpleTestUsernamePasswordAuthenticationHandler

class="" />

4. Add FastBindLdapAuthenticationHandler inside authenticationManager bean (where SimpleTestUsernamePasswordAuthenticationHandler used to be)

  <property name="filter" value="uid=%u,ou=people,dc=it,dc=mycompany,dc=com" />
  <property name="contextSource" ref="contextSource" />

5. Add new bean called contextSource

<bean id="contextSource" class="">
        <property name="pooled" value="true"/>
        <property name="urls">
        <property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/>
        <property name="password" value="asdfgh"/>
        <property name="baseEnvironmentProperties">

5.2 Building CAS war file

Building CAS war file actually requires only modules cas-server-core, cas-server-webapp and cas-server-support-ldap, however you can always build all components (somemodules simply won’t be used). For me personally, this is much quicker way. So all you really need to do now is to open your command line, go to $CAS_SOURCE folder and type

mvn -Dmaven.test.skip=true clean install

Created war file (called cas.war) can be found inside folder  $CAS_SOURCE/cas-server-webapp/target.  Now all you need to do is to deploy this file in tomcat. Just copy it to folder LIFERAY_ROOT/tomcat/webapps/ .

6. Integrating Liferay with CAS and with openLDAP

6.1 Integrating Liferay with CAS

1. Start Liferay

2. Log into admin account (at this point Liferay is not integrated with CAS yet)
haslo: test

3. Go to Control Panel -> Settings -> Authentication -> CAS

4. Select values ‘Enabled’ and  ‘Import from LDAP’
[x] Enabled
[x] Import from LDAP

5. In default values change cas-web into cas and localhost into your server’s DNS name (for this tutorial it will be – or leave it localhost if you don’thave DNS name for your server.

6. In field  “Server Name” enter DNS name –

7. In field “Service URL” enter path to the service –

6.2 Integrating Liferay with openLDAP

1. Go to Control Panel -> Settings -> Authentication -> LDAP
2. Select ‘Enabled’ option
3. Select openLDAP
4. Values

base provider: ldap://localhost:389
base dn: dc=it,dc=mycompany,dc=com
principal: cn=admin,dc=it,dc=mycompany,dc=com
password: asdfgh
(test connection)

Authentication Search Filter: (uid=@screen_name@)
Import Search Filter: (objectClass=uidObject)
Screen Name: uid
Password: userPassword
Email Address: email
Full Name:
First Name: name
Last Name: sn
Job Title: — leave it empty
Group: member

Import Search Filter: (objectClass=groupOfNames)
Group Name: cn
Description: description
User: member
(test connection)

5. In Import/Export:

Import Enabled: [x]
Import on Startup Enabled: [x]
Import Interval: any value e.g. 5 minutes
Export Enabled: [ ]

6. Go to Control Panel -> Settings -> Authentication → General and change “How do users authenticate?” to “By Screen Name”

7. Accept changes by clicking “Save” button

After importing users and groups you need to give  group “admins” a role “Administrator”. Go to Control Panel → Roles → Administrator → Assign Members → User Groups. Select group „admins” and click “Update Associations”.

Part 4 is coming soon….


[CAS1] – CAS official site
[CAS2] – what wikipedia knows
[CAS3] – CAS official wiki

Categories: Articles

Installing Liferay with MySQL, CAS and openLDAP on Ubuntu (part 2)

January 23, 2010 4 comments

This is second part of of article “Installing Liferay with MySQL, CAS and openLDAP on Ubuntu”.

2. Installing and configuring MySQL

To install MySQL you simply run command:

sudo apt­ get install mysql­-server

Now that we have MySQL installed we can download sql script (that generates schema) and unzip it:


unzip ./

Next you need to enter MySQL shell

mysql -u root -p

and create new database for Liferay

create database lportal character set utf8;
create user ‘lportal’@’localhost’ identified by ‘lportal123’;
grant all privileges on lportal.* to ‘lportal’@’localhost’;
flush privileges;

After entering portal database:

use lportal;

we can generate basic schema:

source liferay-portal-sql-5.2.3/portal-minimal/portal-minimal-mysql.sql

Now we have MySQL installed with database configured for Liferay portal.

3. Installing Liferay portal

Before we move on you need to first download Liferay 5.2.3 zip archive and unpack it somewhere in your file system (for example /home/user/liferay/). We will refer to this folder (or to the path of this folder) as LIFERAY_ROOT further in this tutorial.

Add rights to make tomcat runable:

chmod ­R +x LIFERAY_ROOT/tomcat/bin

Then you need to delete sample data. Liferay (since version 5.2) comes with so-called “sample data”, which must be removed before we move on. Delete :

  • folder LIFERAY_ROOT/tomcat/webapps/sevencogs­hook
  • folder LIFERAY_ROOT/tomcat/webapps/sevencogs­theme
  • folder LIFERAY_ROOT/tomcat/webapps/wol­portlet
  • file LIFERAY_ROOT/data/hsql/
  • file LIFERAY_ROOT/data/hsql/lportal.script

Now you need to only bind your Liferay portal with MySQL database your created earlier. To do that open file LIFERAY_ROOT\tomcat\webapps\ROOT\WEB­-INF\classes\portal­ for edition and enter lines below:


Now you have properly installed and configured Liferay portal.

4. Configuring SSL

Authentication to your portal should be done using secure connection. That’s why you need to enable SSL in your tomcat. First you need to generate certificate for your server. To do that run JDK tool called keytool:

keytool -­genkey ­-alias tomcat -­keypass asdfgh ­-keyalg RSA

notice that for this tutorial keypass (in other words password) will be ‘asdfgh’. Keytool will ask you few questions, but only one is really important. When asked “What is your first and last name?” you must answer with the DNS name of your server. If you are following this tutorial on your private computer (that do not have DNS name) then provide ‘localhost’ answer. Other questions are irrelevant and you can answer with default values (just keep pressing ENTER).

Now that you have your certificate generated, you can export it to .cert file. Run keytool again:

keytool ­-export ­-alias tomcat ­-keypass asdfgh ­-file server.cert

At the end you need to add your certificate to JDK’s keystore:

keytool ­-import ­-alias tomcat ­-file server.cert ­-keypass asdfgh ­-keystore $JAVA_HOME/jre/lib/security/cacerts

You will be asked for JDK’s keystore pass. By default this password is ‘changeit’.

Now all you need to do is simply enable SSL in your tomcat. In LIFERAY_ROOT/tomcat/conf/sertver.xml add new connector:

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” keystorePass=”asdfgh”/>

Congratulations. You have now enabled SSL in your tomcat.

Go to Part 3 of this tutorial


[1] – Liferay portal page

[2] – Tomcat SSL configuration How-to

Installing Liferay with MySQL, CAS and openLDAP on Ubuntu (part 1)

January 19, 2010 4 comments

Recently I’ve been asked to deploy a portal infrastructure into one of the Polish corporations. The task was to bind together Liferay (portal with MySQL as internal database) with CAS (single sign-on authentication) and openLDAP (directory for holding user specific data like login, password, email etc.).

The general idea was that every user’s information should be  held inside openLDAP. Liferay portal would delegate authentication to CAS web application where user’s login action would be authenticated against data from openLDAP. Because Liferay keeps its internal database, portal needs to periodically check openLDAP to see whether any data changed and update if needed.

Because the whole idea was kind of new for me, I had to do a small research before I got my hands dirty. On Internet I found many tutorials how to integrate Liferay with CAS, CAS with openLDAP and Liferay with openLDAP. Some of them worked, some not, some were simply obsolete. Moreover there was not one single tutorial to show how to bind all these technologies together. This post tries to fills this gap.

This post will be divided into four parts. Liferay version was 5.2.3 used with CAS 3.3. Installation and deployment was done on Linux Debian and on Ubuntu Linux (9.04).

1. Installing openLDAP

Warning: This will not run on Ubuntu 9.10! There were some changes done in Ubuntu that made installation of openLDAP really hard task. Ubuntu 9.04 is recommended.

To run installation you should simply run command below:

sudo apt­-get install slapd ldap­-utils

During installation you will be asked for administrator password. For purpose of this document this password will be ‘asdfgh’.

After installation ends, you should run configuration program:

sudo dpkg­-reconfigure slapd

You will then need to answer few questions:

a) If you enable this option, no initial configuration or database will be created for you. Omit
OpenLDAP server configuration?

Choose: No

b) The DNS domain name is used to construct the base DN of the LDAP directory. For example,
‘’ will create the directory with ‘dc=foo, dc=example, dc=org’ as base DN.

You need to enter name base DN, which normally is just simply the DNS domain name.
For DN would be dc=it,dc=mycompany,dc=com

c) Please enter the name of the organization to use in the base DN of your LDAP directory.

Simply your organisation name. Can be anything.
d) The HDB backend is recommended. HDB and BDB use similar storage formats, but HDB adds
support for subtree enames. Both support the same configuration options.
In either case, you should review the resulting database configuration for your needs.
See/usr/share/doc/slapd/README.DB_CONFIG.gz for more details.

Choose: No

e) Do you want the database to be removed when slapd is purged?

Choose: No

f) Please enter the password for the admin entry in your LDAP directory.

Any, for this document it’s ‘asdfgh’
g) The obsolete LDAPv2 protocol is disabled by default in slapd. Programs and users should
upgrade to LDAPv3. If you have old programs which can’t use LDAPv3, you should select this
option and ‘olcAllows: bind_v2’ will be added to your cn=config directory.

Choose: No

Now to create simple structure that holds users and their groups, we run command:

ldapadd ­x ­D cn=admin,dc=it,dc=mycompany,dc=com ­W ­f ldap_data_set.ldif

where ldap_data_set.ldif looks like this:

——————- ldap_data_set.ldif ——————–

dn: ou=groups,dc=it,dc=mycompany,dc=com
objectClass: organizationalUnit
objectClass: top
description: grupy
ou: groups

dn: ou=people,dc=it,dc=mycompany,dc=com
objectClass: organizationalUnit
objectClass: top
ou: people

dn: cn=admins,ou=groups,dc=it,dc=mycompany,dc=com
objectClass: extensibleObject
objectClass: groupOfNames
objectClass: top
cn: admins
description: admins group
member: uid=jdoe,ou=people,dc=it,dc=mycompany,dc=com

dn: cn=programmers,ou=groups,dc=it,dc=mycompany,dc=com
objectClass: extensibleObject
objectClass: groupOfNames
objectClass: top
cn: programmers
description: programisci hudsona
member: uid=kmoe,ou=people,dc=it,dc=mycompany,dc=com
member: uid=jhudson,ou=people,dc=it,dc=mycompany,dc=com

dn: uid=jdoe,ou=people,dc=it,dc=mycompany,dc=com
objectClass: account
objectClass: extensibleObject
objectClass: uidObject
objectClass: userSecurityInformation
objectClass: top
member: cn=admins,ou=groups,dc=it,dc=mycompany,dc=com
name: John
sn: Doe
uid: jdoe
userPassword: {MD5}ICy5YqxZB1uWSwcVLSNLcA==

dn: uid=kmoe,ou=people,dc=it,dc=mycompany,dc=com
objectClass: account
objectClass: extensibleObject
objectClass: uidObject
objectClass: userSecurityInformation
objectClass: top
member: cn=programmers,ou=groups,dc=it,dc=mycompany,dc=com
name: Kate
sn: Moe
uid: kmoe
userPassword: {MD5}ICy5YqxZB1uWSwcVLSNLcA==

dn: uid=jhudson,ou=people,dc=it,dc=mycompany,dc=com
objectClass: account
objectClass: extensibleObject
objectClass: uidObject
objectClass: userSecurityInformation
objectClass: top
member: cn=programmers,ou=groups,dc=it,dc=mycompany,dc=com
name: Jane
sn: Hudson
uid: jhudson
userPassword: {MD5}ICy5YqxZB1uWSwcVLSNLcA==

—————-end of ldap_data_set.ldif ——————

This will create structure described below:
|­­­ groups

|       |    admins

|       |    programmers
|­­­ people

|       |   jdoe

|       |   kmoe

|       |   jhudson

Every user has password: ‘123’.

And that’s simply it. We now have openLDAP installed with some user data in it.

Go to Part 2 of this tutorial


[ldap1] – -> official Ubuntu tutorial
[ldap2] – -> older version of [ldap1]
[ldap3] – –  SUN’s documentation –  ldapmodify
[ldap4] – – SUN’s documentation –

Java Killers #003 – ? is the question

January 13, 2010 Leave a comment
Categories: Java Killers Tags:

JPA 2.0 and Spring 3.0 with Maven

January 9, 2010 27 comments

I’m currently updating WicketCool to use Spring 3.0, JPA2.0 and latest Wicket. Here is a short summary of my research, a quick tutorial showing how to jump into Spring3.0 + JPA2.0 development using Maven.

1. Dependencies

a) Spring

To use 3.0 release of the Spring framework you can’t no longer add one dependency as you used to do it


This will no longer work. Spring framework is divided into 20 modules:

If you create web appliactions, you will probably need modules listed below:

  1. all from Core Container: Beans, Core, Context and Expression Language
  2. AOP
  3. from Data Access/Integration: Transactions, ORM
  4. from Web: Web (even if you don’t use SpringMVC, you still might consider OpenEntityManagerInViewFilter which is inside Web module
  5. Test

Thus set of dependencies that you need to include in your pom.xml are:



b) JPA 2.0

Now that we have Spring dependencies sorted out, we can look at the JPA2.0.  We must remember that JPA itself is only standard, thus when setting dependencies we are really choosing the provider. I could go with Hibernate or EclipseLink. Hibernate is still in beta state and EclispeLink is a reference implementation of the standard, so I thought that EclipseLink is a good way to go. However after recent discoveries (which took me quite some to figure out by the way), I thought I will stick with the Hibernate’s beta.

What is new in Hibernate’s recent release is that you no longer need to define dependencies to core, annotations, commons-annotations ect. It is now only one, single dependency.  Second dependency is the API of the standard.


You might also need to add JBoss repository:

   <id>JBoss Repo</id>

2. Configuration

The simples application context configuration file can look like this:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""
 xmlns:tx="" xmlns:p=""

 <!-- holding properties for database connectivity /-->
   <context:property-placeholder location=""/>
   <!-- enabling annotation driven configuration /-->
<context:component-scan base-package="wcpackage"/>
   <tx:annotation-driven transaction-manager="transactionManager"/>


    <bean id="dataSource"
       p:driverClassName="${jdbc.driverClassName}" p:url="${jdbc.url}"/>

    <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"

    <bean id="entityManagerFactory"
       <property name="loadTimeWeaver">
        <property name="persistenceUnitName" value="wctemplatePU"></property>

    <bean id="jpaAdapter"

Given that wcpackage is a root package for component scan and wctemplatePU is name of the persistent unit.
Now all we need to do is to define persistence unit in META-INF/persistence.xml

<persistence xmlns=""

	<persistence-unit name="wctemplatePU" transaction-type="RESOURCE_LOCAL">
			<property name="" value="validate" />

And that is basically it. You have Spring configuration and now can use EntityManager in your services classes.

@Repository(value = "userDAO")
public class UserDefaultDAO implements UserDAO {

    private EntityManager entityManager;

Injected EntityManager will be with transaction-scoped persistence context, resource_local transaction type (meaning transactions used from database not JTA). Hope everything is comprehensive. If you have any questions, please let me know.

See also:

  1. A proper way for JPA entities instantiation
ale macie fajnie
Categories: Other Tags: , , ,