JBoss

I remembered that in my previous company, they write a specialized software for doing the user authentication to all the systems. This project is so large, which requires so many resources to work on it.

Now, I used the login authentication provided by JBoss instead. Through the login-config.xml configuration, I can easily set all the things up.

Pros:

• Easy to configure, saves time
• There are many login modules. I’m using the one authenticated with Database
• The encrytion are done. I don’t need to care security myself

Cons:

• The interface is so simple
• You can use a form instead, where you can put beautiful layouts around. However, the security level will be reduced

In order to strengthen the functions and securities of JBoss login, which fits your needs, there are some more backend things to do.

For example, if you want to control the maximum login attempt, the original JBoss login cannot do this. You should implement your own logic. Here is an example.

Building a Custom JBoss Login Module - http://www.informit.com/articles/article.asp?p=389111&seqNum=7&rl=1

By using the MD5 Encoding, we can create encryted password using message digest technology. To do this, we can make use of utility provided by JBoss. See the following:

If you need to generate passwords in code, the org.jboss.security.Util class provides a static helper method that will hash a password using a given encoding.

String hashedPassword = Util.createPasswordHash("MD5",
                                                Util.BASE64_ENCODING,
                                                null,
                                                null,
                                                "password");

OpenSSL provides an alternative way to quickly generate hashed passwords.

echo -n password | openssl dgst -md5 -binary | openssl base64

In both cases, the text password should hash to “X03MO1qnZdYdgyfeuILPmQ==”. This is the value that would need to be stored in the user store.

The about org.jboss.security.Util class can be found in the jbossx.jar shipped with JBoss Application Server.

Reference:

http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html

To talk about internationalization, there is an interesting joke on its acronym “i18n”. You know why it is called i18n?

The answer is simple, just because there are 18 characters in between its first and last letter.

Last week, my colleague discussed with me on how to make the i18n possible since he was unable to do so. At that time, I couldn’t really answer on why, but I can say, it must be possible, as my old company did that.

After then, I did some researches, and finally solved the problem. It can be divided into several parts. (Mainly focus on how to show Simplified Chinese)

1. Include Chinese directly in the JAVA class
2. Show a Chinese String which is retrieved from database
3. Send the Chinese String from the client to server side

The solutions or methods to each case are as follow:

1. Include Chinese directly in the JAVA class

This one is so simple. Just type the chinese in the JAVA class should be ok. If you’re not ok, it should be just your computer’s problem. Try reinstalling the JDK, it’s no matter to the stable release of JDK version.

2. Show a Chinese String which is retrieved from database

This is one is not difficult either. For the database retrieving part, just like other cases, use the very simple SQL statement is ok, since the JDBC connector will take the content as usual Strings. After retrieving the contents to the Action / Servlet, you should send the content to the JSP, in this step, you should set the character set to UTF-8, so that the string is encoded in Unicode(UTF-8) like the following:

response.setContentType(”text/html; charset=UTF-8″);

3. Send the Chinese String from the client to server side

For this one, there are more to do.
Firstly, as we’re using JBoss which Tomcat is embedded as the web container. We should do some tricks to let Tomcat knows the characters are chinese.

The first thing to do is to make use of the tomcatEncoding-1-0.jar, put this into the /WEB-INF/lib/ folder.
Then we need to add some elements to the /WEB-INF/web.xml, like the following:

<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>org.apache.filters.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

Actually, we just put a filter into Tomcat, so that for every request made to Tomcat, the parameters will pass through this filter and be encoded to UTF-8 Strings. As a resul, we can pass chinese characters into the servlet