Current Topics Of Interest
a) Method templates
b) Standard Hardware platform based byte code generation
c) J2ee developer workspace setup on various IDEs
d) Developer Testing - Component testing, Unit testing
Sunday, August 19, 2007
Monday, August 13, 2007
How to write a JNI code and invoke the same from a Java class?
JNI - Java Native Interface.
JNI provides a mapping for both C and C++ by default.
How to write a JNI code and invoke the same from a Java class?
1) Native Method Declaration
The native declaration provides the bridge to run the native function in the Java1 virtual machine. In this example, the loadFile function maps onto a C function called Java_ReadFile_loadFile. The function implementation accepts a String that represents a file name and returns the contents of that file in the byte array.
native byte[] loadFile(String name);
2) Load the Library
The library containing the native code implementation is loaded by a call to System.loadLibrary().
3) Compile the Program
To compile the program, just run the javac compiler command as you normally would:
javac ReadFile.java
4) Generate the Header File
To generate a a header file, run the javah command on the ReadFile class. In this example, the generated header file is named ReadFile.h. It provides a method signature that you have to use when you implement the loadfile native function.
javah -jni ReadFile
5) Implement the Native Method
In this native C source file, the loadFile definition is a copy and paste of the C declaration contained in ReadFile.h.
6) Compile the Dynamic or Shared Object Library
The library needs to be compiled as a dynamic or shared object library so it can be loaded at runtime. Static or archive libraries are compiled into an executable and cannot be loaded at runtime.
To run, the Java virtual machine needs to be able to find the native library. To do this, set the library path to the current directory as follows:
Unix or Linux: LD_LIBRARY_PATH=`pwd` export LD_LIBRARY_PATH
Windows NT/2000/95: set PATH=%path%;.
Ref :
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/jniexamp.html
JNI provides a mapping for both C and C++ by default.
How to write a JNI code and invoke the same from a Java class?
1) Native Method Declaration
The native declaration provides the bridge to run the native function in the Java1 virtual machine. In this example, the loadFile function maps onto a C function called Java_ReadFile_loadFile. The function implementation accepts a String that represents a file name and returns the contents of that file in the byte array.
native byte[] loadFile(String name);
2) Load the Library
The library containing the native code implementation is loaded by a call to System.loadLibrary().
3) Compile the Program
To compile the program, just run the javac compiler command as you normally would:
javac ReadFile.java
4) Generate the Header File
To generate a a header file, run the javah command on the ReadFile class. In this example, the generated header file is named ReadFile.h. It provides a method signature that you have to use when you implement the loadfile native function.
javah -jni ReadFile
5) Implement the Native Method
In this native C source file, the loadFile definition is a copy and paste of the C declaration contained in ReadFile.h.
6) Compile the Dynamic or Shared Object Library
The library needs to be compiled as a dynamic or shared object library so it can be loaded at runtime. Static or archive libraries are compiled into an executable and cannot be loaded at runtime.
To run, the Java virtual machine needs to be able to find the native library. To do this, set the library path to the current directory as follows:
Unix or Linux: LD_LIBRARY_PATH=`pwd` export LD_LIBRARY_PATH
Windows NT/2000/95: set PATH=%path%;.
Ref :
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/jniexamp.html
Agitator One vs RAD Component Testing
1) RAD misses the snap shot facility. This will be very useful when you look through the failed assertions.
2) Also the test stubs generated by RAD does not have all the boundary conditions provided by the agitator by default.
3) On agitation, Agitation reads the code and provides plain assertions based on boundary conditions and output. RAD generates only empty stubs left for the developer to fill.
4) Also the dashboard facility is something very good in Agitator one which is not provided in RAD component testing.
5) The UI of Agitator One is so intuitive where as with RAD it is not the case.
6) All the features of Agitator One are cohesive or located together while with RAD it appears scattered all over the UI.
7) With RAD the claim is that the test data can be associated with variables, method parameters etc. where as Agitator does not allow vairables. But still the effect is same because with agitator you work on your code andin your code, you define the boundary conditions / test data on the method parameters where as in RAD you work on the generated tests and in that the method of the code is just called. In that case the method parameter is declared as variable in the test. All RAD means is that you can associate test data with this variable which is nothing but equivalent to the Agitators method parameter test data association.
8) There is a perspective difference between RAD and Agitator One. Agitator One allows the developers to be on their code and define declarative tests on their code where as with RAD you have to work on the generated tests (nothing but Test Stubs) which is like a separate effort. Agitator clearly wins over in this point that the developer need not leave his code and still associate tests to it.
2) Also the test stubs generated by RAD does not have all the boundary conditions provided by the agitator by default.
3) On agitation, Agitation reads the code and provides plain assertions based on boundary conditions and output. RAD generates only empty stubs left for the developer to fill.
4) Also the dashboard facility is something very good in Agitator one which is not provided in RAD component testing.
5) The UI of Agitator One is so intuitive where as with RAD it is not the case.
6) All the features of Agitator One are cohesive or located together while with RAD it appears scattered all over the UI.
7) With RAD the claim is that the test data can be associated with variables, method parameters etc. where as Agitator does not allow vairables. But still the effect is same because with agitator you work on your code andin your code, you define the boundary conditions / test data on the method parameters where as in RAD you work on the generated tests and in that the method of the code is just called. In that case the method parameter is declared as variable in the test. All RAD means is that you can associate test data with this variable which is nothing but equivalent to the Agitators method parameter test data association.
8) There is a perspective difference between RAD and Agitator One. Agitator One allows the developers to be on their code and define declarative tests on their code where as with RAD you have to work on the generated tests (nothing but Test Stubs) which is like a separate effort. Agitator clearly wins over in this point that the developer need not leave his code and still associate tests to it.
Thursday, August 09, 2007
Java Web Start
Java Web Start is a technology by Sun Java. It does not change the way the Java applications are created but changes the way they are deployed and run on the desktops. It is not for the browser based applications (or is it???) but only for thick clients.
If you have a Java thick client application and you are always chided for the overheads involved in deployment, the environment set up, the upgrades and the security concerns, Java Web Start is for you. Main advantage of Web Start over applets is that this overcome the compatibility problems with the browser's Java plugins and different JVM versions.
Installing the application is a matter of putting the application code base in a web server and clicking on the URL. The application as well as the required JRE are automatically installed. The new JRE version if installed is used only for this application by Java Web Start and does not affect any other JRE in the desktop.
Upgrades to the application is just updating the jars on the web server which houses the application code base and the next time the application on the client desktop is launched the new updates are automatically downloaded into the desktop and the new version on the application is launched.
If you are concerned on security, two buzz words "Sandbox" and "Signed JAR" are for you. Sandbox is a controlled environment with in the scope of the JWS and the application can access resources only in that. Any access to the file system or to the network is restricted.
If this sounds as a restriction and you trust your users to make conscious decisions, do not panic, you have a way to get around. You can sign the jars digitally and if the users acknowldge and accept the digital certificate before the application is launched, the application can have anywhere between the restricted to unlimited access to the resources based on the permissions configured in the JNLP xml file.
Wait a minute, What is JNLP? This is the protocol, the API and the specification that makes the Java Web Start Technology work. It expands as Java Network Launching Protocol.
More on JNLP :
http://jcp.org/en/jsr/detail?id=56
More on JWS:
http://java.sun.com/j2se/1.5.0/docs/guide/javaws/index.html
References :
http://java.sun.com/developer/technicalArticles/WebServices/JWS_2/JWS_White_Paper.pdf
http://en.wikipedia.org/wiki/Java_Web_Start
If you have a Java thick client application and you are always chided for the overheads involved in deployment, the environment set up, the upgrades and the security concerns, Java Web Start is for you. Main advantage of Web Start over applets is that this overcome the compatibility problems with the browser's Java plugins and different JVM versions.
Installing the application is a matter of putting the application code base in a web server and clicking on the URL. The application as well as the required JRE are automatically installed. The new JRE version if installed is used only for this application by Java Web Start and does not affect any other JRE in the desktop.
Upgrades to the application is just updating the jars on the web server which houses the application code base and the next time the application on the client desktop is launched the new updates are automatically downloaded into the desktop and the new version on the application is launched.
If you are concerned on security, two buzz words "Sandbox" and "Signed JAR" are for you. Sandbox is a controlled environment with in the scope of the JWS and the application can access resources only in that. Any access to the file system or to the network is restricted.
If this sounds as a restriction and you trust your users to make conscious decisions, do not panic, you have a way to get around. You can sign the jars digitally and if the users acknowldge and accept the digital certificate before the application is launched, the application can have anywhere between the restricted to unlimited access to the resources based on the permissions configured in the JNLP xml file.
Wait a minute, What is JNLP? This is the protocol, the API and the specification that makes the Java Web Start Technology work. It expands as Java Network Launching Protocol.
More on JNLP :
http://jcp.org/en/jsr/detail?id=56
More on JWS:
http://java.sun.com/j2se/1.5.0/docs/guide/javaws/index.html
References :
http://java.sun.com/developer/technicalArticles/WebServices/JWS_2/JWS_White_Paper.pdf
http://en.wikipedia.org/wiki/Java_Web_Start
Eclipse ATF webinar
Eclipse ATF webinar :
https://admin.adobe.acrobat.com/_a300965365/p56692696/
A webinar on the Eclipse AJAX Toolkit Framework. ATF is an IDE for AJAX developers.
https://admin.adobe.acrobat.com/_a300965365/p56692696/
A webinar on the Eclipse AJAX Toolkit Framework. ATF is an IDE for AJAX developers.
Sunday, August 05, 2007
Digital Certificates : Sequence of events
Flow of information between a publisher’s server and a user’s computer in using digital certificates:
a.The client attempts access to a controlled
resource from a publisher, such as a database
or digital library, usually through a Web interface.
b. The publisher’s server asks the client to present a
certificate.
c. The client presents a certificate, and the publisher’s
server verifies that the certificate
• is issued by a recognized certificate authority,
• asserts that the holder is a member of a licensed
institution, and
• has not been revoked.
d. The publisher extracts a URL from the certificate,
which provides the means to retrieve from the
campus or library additional information (attributes)
needed for authorization decisions.
e. The publisher then connects to the specified
attribute server using the prescribed secure protocol,
presenting its own X.509 certificate to establish the
secure connection. The attribute server verifies that
the publisher’s certificate is valid and uses the
publisher’s identity to determine access permissions
from the information in the directory service.
f. The attribute server executes the query. The result of
the query is presumed to be a list of attribute namevalue
pairs, including the service type or access
authorized for the individual. The list of results is
returned to the publisher.
g. The publisher looks at the value(s) of the
“ServiceClass” attribute. If at least one value is valid
for the publisher and service requested, the user is
granted access. The precise access rights may
depend on the ServiceClass attribute value(s), the
institution to which the individual belongs, and
other factors (e.g., number of current users).
References:
http://www.diglib.org/architectures/cren-dlf.pdf
a.The client attempts access to a controlled
resource from a publisher, such as a database
or digital library, usually through a Web interface.
b. The publisher’s server asks the client to present a
certificate.
c. The client presents a certificate, and the publisher’s
server verifies that the certificate
• is issued by a recognized certificate authority,
• asserts that the holder is a member of a licensed
institution, and
• has not been revoked.
d. The publisher extracts a URL from the certificate,
which provides the means to retrieve from the
campus or library additional information (attributes)
needed for authorization decisions.
e. The publisher then connects to the specified
attribute server using the prescribed secure protocol,
presenting its own X.509 certificate to establish the
secure connection. The attribute server verifies that
the publisher’s certificate is valid and uses the
publisher’s identity to determine access permissions
from the information in the directory service.
f. The attribute server executes the query. The result of
the query is presumed to be a list of attribute namevalue
pairs, including the service type or access
authorized for the individual. The list of results is
returned to the publisher.
g. The publisher looks at the value(s) of the
“ServiceClass” attribute. If at least one value is valid
for the publisher and service requested, the user is
granted access. The precise access rights may
depend on the ServiceClass attribute value(s), the
institution to which the individual belongs, and
other factors (e.g., number of current users).
References:
http://www.diglib.org/architectures/cren-dlf.pdf
Digital Certificates : FAQs
Well, Web browsers are an important
part of the infrastructure for digital certificates. What is
the relationship between the browser and the digital
certificate?
• All major browsers come with the ability to store
certificates and to deliver them to remote Web based
applications.
• Digital certificates are part of the Secure Socket
Layer (SSL) protocol, which enables secure electronic
transactions on the Web.
Where will the individuals store
their private keys?
Individuals will be responsible for storing and protecting
their private keys. Web browsers currently provide
limited tools that do this for users. Individuals who use
one primary machine, such as a laptop, will probably
store their private keys on their computers. Individuals
who frequently move from machine to machine, such as
students, will probably store their private keys on small
storage media such as floppy disks or smart cards.
What is in a digital certificate?
The contents of a digital certificate are prescribed by the
X.509 standard, developed by the International Standards
Organization (ISO) and adopted by the American
National Standards Institute (ANSI) and the Internet
Engineering Task Force (IETF). The latest version is now
X509 v3. The principal elements of a digital certificate are
as follows:
• Version number of the certificate format
• Serial number of the certificate
• Signature algorithm identifier
• Issuer of digital certificate: a certificate authority
with URL
• Validity period
• Unique identification of certificate holder
• Public key information
References:
http://www.diglib.org/architectures/cren-dlf.pdf
part of the infrastructure for digital certificates. What is
the relationship between the browser and the digital
certificate?
• All major browsers come with the ability to store
certificates and to deliver them to remote Web based
applications.
• Digital certificates are part of the Secure Socket
Layer (SSL) protocol, which enables secure electronic
transactions on the Web.
Where will the individuals store
their private keys?
Individuals will be responsible for storing and protecting
their private keys. Web browsers currently provide
limited tools that do this for users. Individuals who use
one primary machine, such as a laptop, will probably
store their private keys on their computers. Individuals
who frequently move from machine to machine, such as
students, will probably store their private keys on small
storage media such as floppy disks or smart cards.
What is in a digital certificate?
The contents of a digital certificate are prescribed by the
X.509 standard, developed by the International Standards
Organization (ISO) and adopted by the American
National Standards Institute (ANSI) and the Internet
Engineering Task Force (IETF). The latest version is now
X509 v3. The principal elements of a digital certificate are
as follows:
• Version number of the certificate format
• Serial number of the certificate
• Signature algorithm identifier
• Issuer of digital certificate: a certificate authority
with URL
• Validity period
• Unique identification of certificate holder
• Public key information
References:
http://www.diglib.org/architectures/cren-dlf.pdf
security protocols
SSL
Secure Sockets Layer (SSL) is the Internet security protocol for point-to-point connections. It provides protection against eavesdropping, tampering, and forgery. Clients and servers are able to authenticate each other and to establish a secure link, or “pipe,” across the Internet or Intranets to protect the information transmitted.
S/MIME
Secure Multipurpose Internet Mail Extensions, S/MIME, is the electronic messaging standard that enables e-business by addressing the important issues of data privacy and authenticity. S/MIME uses public-key encryption technology to protect messages from unauthorized interception and forgery.
An S/MIME-enabled application is analogous to a secure piece of postal mail travelling between two locations. The S/MIME protocol guarantees the secure transmission, storage, authentication, and forwarding of secret data.
IP Security Protocol
IPSec is the leading standard for cryptographically based authentication, integrity, and confidentiality services at the IP datagram layer. IPSec comprises a basis for interoperably secured host-to-host pipes, encapsulated tunnels, and Virtual Private Networks (VPNs), thus providing protection for client protocols residing above the IP layer.
IPSec ensures that the low-level IP packets that are continuously transferred between computers on a secure network are unaltered, authentic, and private.
References :
Security Protocols Overview An RSA Data Security Brief
Secure Sockets Layer (SSL) is the Internet security protocol for point-to-point connections. It provides protection against eavesdropping, tampering, and forgery. Clients and servers are able to authenticate each other and to establish a secure link, or “pipe,” across the Internet or Intranets to protect the information transmitted.
S/MIME
Secure Multipurpose Internet Mail Extensions, S/MIME, is the electronic messaging standard that enables e-business by addressing the important issues of data privacy and authenticity. S/MIME uses public-key encryption technology to protect messages from unauthorized interception and forgery.
An S/MIME-enabled application is analogous to a secure piece of postal mail travelling between two locations. The S/MIME protocol guarantees the secure transmission, storage, authentication, and forwarding of secret data.
IP Security Protocol
IPSec is the leading standard for cryptographically based authentication, integrity, and confidentiality services at the IP datagram layer. IPSec comprises a basis for interoperably secured host-to-host pipes, encapsulated tunnels, and Virtual Private Networks (VPNs), thus providing protection for client protocols residing above the IP layer.
IPSec ensures that the low-level IP packets that are continuously transferred between computers on a secure network are unaltered, authentic, and private.
References :
Security Protocols Overview An RSA Data Security Brief
ECommerce Security : SSL
Secure Sockets Layer (SSL) is the Internet security protocol for point-to-point connections.
It provides protection against eavesdropping, tampering, and forgery. Clients and servers are able to authenticate each other and to establish a secure link, or “pipe,” across the Internet or Intranets to protect the information transmitted.
SSL is all about encryption. SSL encrypts data, like credit cards numbers (as well other personally identifiable information), which prevents the "bad guys" from stealing your information for malicious intent. You know that you're on an SSL protected page when the address begins with "https" and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox in the address bar as well).
Infrastructure for SSL:
a) On the client side the Internet browser should support SSL. newer versions above 5.5 IE or netscape 4.72 can do 128 bit encryption with out SGC, lower versions above 3.2 can do 128 bit with SGC and even lower can only do 40 / 56 bit encryption.
b) On serverside there should be a valid SSL certificate.
SSL certificate is a digital document that a certified vendor (in most cases) issues that contain the public key of the individual, individuals identification details (phone, email, address, name etc.)
The SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, the name of the Certificate Authority who issued the certificate, the root and the country it was issued in.
The main purpose of the digital certificate is to ensure that the public key contained in the certificate belongs to the entity to which the certificate was issued.
Encryption techniques using public and private keys require a public-key infrastructure (PKI) to support the distribution and identification of public keys. Digital certificates package public keys, information about the algorithms used, owner or subject data, the digital signature of a Certificate Authority that has verified the subject data, and a date range during which the certificate can be considered valid.
How a Certificate Is Issued
1. Key Generation:
The individual requesting certification (the applicant, not the CA) generates key pairs of public and private keys.
2. Matching of Policy Information:
The applicant packages the additional information necessary for the CA to issue the certificate (such as proof of identity, tax ID number, e-mail address, and so on). The precise definition of this information is up to the CA.
3. Sending of Public Keys and Information:
The applicant sends the public keys and information (often encrypted using the CA's public key) to the CA.
4. Verification of Information:
The CA applies whatever policy rules it requires in order to verify that the applicant should receive a certificate.
5. Certificate Creation:
The CA creates a digital document with the appropriate information (public keys, expiration date, and other data) and signs it using the CA's private key.
6. Sending/Posting of Certificate:
The CA may send the certificate to the applicant, or post it publicly as appropriate.
7. The certificate is loaded onto an individual's computer.
References :
http://www.webopedia.com/DidYouKnow/Internet/2005/ssl.asp
http://support.microsoft.com/kb/195724
Security Protocols Overview An RSA Data Security Brief
It provides protection against eavesdropping, tampering, and forgery. Clients and servers are able to authenticate each other and to establish a secure link, or “pipe,” across the Internet or Intranets to protect the information transmitted.
SSL is all about encryption. SSL encrypts data, like credit cards numbers (as well other personally identifiable information), which prevents the "bad guys" from stealing your information for malicious intent. You know that you're on an SSL protected page when the address begins with "https" and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox in the address bar as well).
Infrastructure for SSL:
a) On the client side the Internet browser should support SSL. newer versions above 5.5 IE or netscape 4.72 can do 128 bit encryption with out SGC, lower versions above 3.2 can do 128 bit with SGC and even lower can only do 40 / 56 bit encryption.
b) On serverside there should be a valid SSL certificate.
SSL certificate is a digital document that a certified vendor (in most cases) issues that contain the public key of the individual, individuals identification details (phone, email, address, name etc.)
The SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, the name of the Certificate Authority who issued the certificate, the root and the country it was issued in.
The main purpose of the digital certificate is to ensure that the public key contained in the certificate belongs to the entity to which the certificate was issued.
Encryption techniques using public and private keys require a public-key infrastructure (PKI) to support the distribution and identification of public keys. Digital certificates package public keys, information about the algorithms used, owner or subject data, the digital signature of a Certificate Authority that has verified the subject data, and a date range during which the certificate can be considered valid.
How a Certificate Is Issued
1. Key Generation:
The individual requesting certification (the applicant, not the CA) generates key pairs of public and private keys.
2. Matching of Policy Information:
The applicant packages the additional information necessary for the CA to issue the certificate (such as proof of identity, tax ID number, e-mail address, and so on). The precise definition of this information is up to the CA.
3. Sending of Public Keys and Information:
The applicant sends the public keys and information (often encrypted using the CA's public key) to the CA.
4. Verification of Information:
The CA applies whatever policy rules it requires in order to verify that the applicant should receive a certificate.
5. Certificate Creation:
The CA creates a digital document with the appropriate information (public keys, expiration date, and other data) and signs it using the CA's private key.
6. Sending/Posting of Certificate:
The CA may send the certificate to the applicant, or post it publicly as appropriate.
7. The certificate is loaded onto an individual's computer.
References :
http://www.webopedia.com/DidYouKnow/Internet/2005/ssl.asp
http://support.microsoft.com/kb/195724
Security Protocols Overview An RSA Data Security Brief
Subscribe to:
Comments (Atom)