« November 2009 | Main | January 2010 »

16 posts from December 2009


Cay Horstmann: Integrating JSF 2.0 with Tomcat

I came across this article today, which I thought others might find interesting as well: JSF 2.0 and Tomcat.  It looks like integrating the two is not as nice as I would have assumed it to be but it can be done—you just won't be able to go live with it if you brag about it to the Ops guys.  Cay does, however, suggest looking into Glassfish instead of trying to integrate it with tomcat 6 but he does detail all the painful steps necessary to get it working.  Alternatively, beta-fresh JBoss Web Server 3.0 provides a JSF 2.0 implementation as well if you are more comfortable with JBoss and want to get your feet wet with JSF2 now.  

Also, while visiting the Sun developer site, I discovered this "Introducing JSF 2.0 Tour" (login required) screencast by Sun Senior Staff Engineer Ed Burns that provides an overview of all the neat new things in JSF 2.0.  I'm watching it now!

DISCLAIMER:  I do not suggest going live with anything in beta because, ultimately, I'm an Infrastructure and Operations guy but I can't imagine the beta cycle for JBoss Web Server 3 being all that long of a wait.  So if you want to see what JSF2 is about now, you could certainly give the beta a test drive now while waiting for JBoss Web (or JBoss AS6) to go GA.  

In addition, I do not suggest switching to Glassfish or JBoss either from whatever you might be using unless your company is willing to fund a support contract during the development stages and for at least the first year after going live.  Just because something is open source and freely downloadable does not make it any less complex than a commercial solution.


How To Log Client IP AND X-Forwarded-For IP in Apache

When you utilize a device like a BigIP LTM to load-balance your web servers, a typical configuration masks the client IP address.  The BigIP essentially proxies requests on behalf of the browser, so the only thing your web server sees is the IP address of the BigIP itself.  The BigIP utilizes an industry-standard (but not HTTP standard) mechanism for storing the customer IP address into an HTTP Request Header called the X-Forwarded-For header.  Typically, you configure your Apache servers to log the value from the X-Forwarded-For header instead of logging the client IP.  

This all works great except when you access the web server directly, bypassing the BigIP.  Since the BigIP (or other proxy) is inserting the X-Forwarded-For header and your browser is not, nothing gets logged in the Apache access logs so you have no simple way to determine which internal user or monitor just took your site down with that vulnerability scan.  You can still figure it out based on user-agent and communication with your peers but we sysadmins are like the police on TV—we like to have all the damning evidence at hand before "interviewing" the perp.

The following HOWTO details a mechanism for logging both, depending upon whether an X-Forwarded-For value exists or not.  HOWTO: Log Client IP AND X-Forwarded-For IP in Apache. It also includes a basic groovy script for validating.


Beginning Google App Engine Book Released

The second of two books I'm planning on purchasing in the near future, Beginning Java Google App Engine was released on Amazon a few days ago. From the Publisher:

Google App Engine is one of the key technologies to emerge in recent years to help you build scalable web applications even if you have limited previous experience. If you are a Java programmer, this book offers you a Java approach to beginning Google App Engine. You will explore the runtime environment, front-end technologies like Google Web Toolkit, Adobe Flex, and the datastore behind App Engine. You'll also explore Java support on App Engine from end to end.

The journey begins with a look at the Google Plugin for Eclipse and finishes with a working web application that uses Google Web Toolkit, Google Accounts, and Bigtable. Along the way, you’ll dig deeply into the services that are available to access the datastore with a focus on Java Data Objects (JDO), JDOQL, and other aspects of Bigtable.

With this solid foundation in place, you’ll then be ready to tackle some of the more advanced topics like integration with other cloud platforms such as Salesforce.com and Google Wave.

Beginning Java Google App Engine Available on Amazon