We Keep Coding

Modular Java 13 / JavaFx WebWiew fails to display when jlinked

I have a problem with displaying a webpage in an embedded window but only when creating a standalone jlinked package and only for certain https sites.
I followed the instructions at https://openjfx.io/openjfx-docs/#install-javafx for creating a simple modular App and this works fine when run from the command line with
java --module-path "%PATH_TO_FX%;mods" -m uk.co.comsci.testproj/uk.co.comsci.testproj.Launcher
but after jlinking with the command
jlink --module-path "%PATH_TO_FX_MODS%;mods" --add-modules uk.co.comsci.testproj --output launch
and running with
launch\bin\java.exe -m uk.co.comsci.testproj/uk.co.comsci.testproj.Launcher
the javaFx scene opens but just a blank screen... and I have to use task manager to terminate the App.
If I change the URL to other https sites, it displays fine.
I guess it is down to the security settings and policies somewhere but I have no idea where to start.
I have tried monitoring with WireShark and this shows that when run from java and it works it does some TLSv1.3 stuff to establish the connection. When run as a jlinked package it only does TLSv1.2 stuff. Maybe a clue?
Here's my SSCE:
module-info.java
module uk.co.comsci.testproj {
requires javafx.web;
requires javafx.controls;
requires javafx.media;
requires javafx.graphics;
requires javafx.base;
exports uk.co.comsci.testproj;
}
Launcher.java
package uk.co.comsci.testproj;
public class Launcher {
public static void main(String[] args) {
try {
MainApp.main(args);
} catch (Exception ex) {
System.err.println("Exception!!! " + ex);
}
}
}
MainApp.java
package uk.co.comsci.testproj;
import javafx.application.Application;
import javafx.geometry.Pos;
import javafx.scene.Scene;
import javafx.scene.control.Button;
import javafx.scene.layout.HBox;
import javafx.scene.layout.Priority;
import javafx.scene.layout.VBox;
import javafx.scene.web.WebEngine;
import javafx.scene.web.WebView;
import javafx.stage.Modality;
import javafx.stage.Stage;
import javafx.stage.StageStyle;
public class MainApp extends Application {
private Stage mainStage;
public static void main(String[] args) throws Exception {
launch(args);
}
#Override
public void start(final Stage initStage) throws Exception {
mainStage = new Stage(StageStyle.DECORATED);
mainStage.setTitle("Test Project");
WebView browser = new WebView();
WebEngine webEngine = browser.getEngine();
// webEngine.load("https://app.comsci.co.uk"); // url);
String uri = "https://test-api.service.hmrc.gov.uk/oauth/authorize"
+ "?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8084%2Fredirect"
+ "&state=lFuLG42uri_aAQ_bDBa9TZGGYD0BDKtFRv8xEaKbeQo"
+ "&client_id=tASN6IpBPt5OcIHlWzkaLXTAyMEa&scope=read%3Avat+write%3Avat";
webEngine.load(uri);
Button closeButt = new Button("Cancel");
closeButt.setOnMouseClicked(event -> {
mainStage.close();
});
HBox closeButBar = new HBox(closeButt);
closeButBar.setAlignment(Pos.BASELINE_RIGHT);
VBox vlo = new VBox(browser, closeButBar);
vlo.setFillWidth(true);
vlo.setSpacing(10.0);
VBox.setVgrow(browser, Priority.ALWAYS);
Scene scene2 = new Scene(vlo, 800, 800);
mainStage.setScene(scene2);
mainStage.initModality(Modality.APPLICATION_MODAL);
mainStage.setTitle("Test connection");
mainStage.showAndWait();
}
}
Any help much appreciated.

OK. Finally tracked it down. So in case anyone has the same problem:
Nothing to do with JavaFx or Webview it was the TLS handshake failing.
Replacing the webview with an http client get
String uri = "https://test-api.service.hmrc.gov.uk/oauth/authorize"
+ "?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8084%2Fredirect"
+ "&state=lFuLG42uri_aAQ_bDBa9TZGGYD0BDKtFRv8xEaKbeQo"
+ "&client_id=tASN6IpBPt5OcIHlWzkaLXTAyMEa&scope=read%3Avat+write%3Avat";
var client = HttpClient.newHttpClient();
var request = HttpRequest.newBuilder()
.GET()
.uri(URI.create(uri))
.timeout(Duration.ofSeconds(15))
.build();
try {
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println("REsponse " + response.body());
} catch (IOException | InterruptedException e) {
e.printStackTrace();
}
and running with '-Djavax.net.debug=ssl:handshake:verbose' showed that the handshake was failing.
running the embedded keytool -showinfo -tls and comparing this with the system keytool output showed that the TLS_ECDHE_... cyphers where not supported in the jlinked output
A bit of googling and help from here https://www.gubatron.com/blog/2019/04/25/solving-received-fatal-alert-handshake_failure-error-when-performing-https-connections-on-a-custom-made-jre-with-jlink/ showed that all I needed to do was add
requires jdk.crypto.cryptoki;
to my module-info.java :-)

You need to just add the following line in module-info.java
requires jdk.crypto.cryptoki;

How to use Apache Apex Malhar RabbitMQ operator in DAG

I have an Apache Apex application DAG which reads RabbitMQ message from a queue. Which Apache Apex Malhar operator should I use? There are several operators but it's not clear which one to use and how to use it.

Have you looked at https://github.com/apache/apex-malhar/tree/master/contrib/src/main/java/com/datatorrent/contrib/rabbitmq ? There are also tests in https://github.com/apache/apex-malhar/tree/master/contrib/src/test/java/com/datatorrent/contrib/rabbitmq that show how to use the operator

https://github.com/apache/apex-malhar/blob/master/contrib/src/main/java/com/datatorrent/contrib/rabbitmq/AbstractRabbitMQInputOperator.java
That is the main operator code where the tuple type is a generic parameter and emitTuple() is an abstract method that subclasses need to implement.
AbstractSinglePortRabbitMQInputOperator is a simple subclass that provides a single output port and implements emitTuple() using another abstract method getTuple() which needs an implementation in its subclasses.
The tests that Sanjay pointed to show how to use these classes.

I also had problems finding out how to read messages from RabbitMQ to Apache Apex. With the help of the provided links of Sanjay's answer (https://stackoverflow.com/a/42210636/2350644) I finally managed to get it running. Here's how it works all together:
1. Setup a RabbitMQ Server
There are lot of ways installing RabbitMQ that are described here: https://www.rabbitmq.com/download.html
The simplest way for me was using docker (See: https://store.docker.com/images/rabbitmq)
docker pull rabbitmq
docker run -d --hostname my-rabbit --name some-rabbit -p 5672:5672 -p 15672:15672 rabbitmq:3-management
To check if RabbitMQ is working, open a browser and navigate to: http://localhost:15672/. You should see the Management page of RabbitMQ.
2. Write a Producer program
To send messages to the queue you can write a simple JAVA program like this:
import com.rabbitmq.client.BuiltinExchangeType;
import com.rabbitmq.client.Channel;
import com.rabbitmq.client.Connection;
import com.rabbitmq.client.ConnectionFactory;
import java.util.ArrayList;
public class Send {
private final static String EXCHANGE = "myExchange";
public static void main(String[] args) throws Exception {
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
Connection connection = factory.newConnection();
Channel channel = connection.createChannel();
channel.exchangeDeclare(EXCHANGE, BuiltinExchangeType.FANOUT);
String queueName = channel.queueDeclare().getQueue();
channel.queueBind(queueName, EXCHANGE, "");
List<String> messages = Arrays.asList("Hello", "World", "!");
for (String msg : messages) {
channel.basicPublish(EXCHANGE, "", null, msg.getBytes("UTF-8"));
System.out.println(" [x] Sent '" + msg + "'");
}
channel.close();
connection.close();
}
}
If you execute the JAVA program you should see some outputs in the Management UI of RabbitMQ.
3. Implement a sample Apex Application
3.1 Bootstrap a sample apex application
Follow the official apex documentation http://docs.datatorrent.com/beginner/
3.2 Add additional dependencies to pom.xml
To use the classes provided by malhar add the following dependencies:
<dependency>
<groupId>org.apache.apex</groupId>
<artifactId>malhar-contrib</artifactId>
<version>3.7.0</version>
</dependency>
<dependency>
<groupId>com.rabbitmq</groupId>
<artifactId>amqp-client</artifactId>
<version>4.2.0</version>
</dependency>
3.3 Create a Consumer
We first need to create an InputOperator that consumes messages from RabbitMQ using available code from apex-malhar.
import com.datatorrent.contrib.rabbitmq.AbstractSinglePortRabbitMQInputOperator;
public class MyRabbitMQInputOperator extends AbstractSinglePortRabbitMQInputOperator<String> {
#Override
public String getTuple(byte[] message) {
return new String(message);
}
}
You only have to override the getTuple() method. In this case we simply return the message that was received from RabbitMQ.
3.4 Setup an Apex DAG
To test the application we simply add an InputOperator (MyRabbitMQInputOperator that we implemented before) that consumes data from RabbitMQ and a ConsoleOutputOperator that prints the received messages.
import com.rabbitmq.client.BuiltinExchangeType;
import org.apache.hadoop.conf.Configuration;
import com.datatorrent.api.annotation.ApplicationAnnotation;
import com.datatorrent.api.StreamingApplication;
import com.datatorrent.api.DAG;
import com.datatorrent.api.DAG.Locality;
import com.datatorrent.lib.io.ConsoleOutputOperator;
#ApplicationAnnotation(name="MyFirstApplication")
public class Application implements StreamingApplication
{
private final static String EXCHANGE = "myExchange";
#Override
public void populateDAG(DAG dag, Configuration conf)
{
MyRabbitMQInputOperator consumer = dag.addOperator("Consumer", new MyRabbitMQInputOperator());
consumer.setHost("localhost");
consumer.setExchange(EXCHANGE);
consumer.setExchangeType(BuiltinExchangeType.FANOUT.getType());
ConsoleOutputOperator cons = dag.addOperator("console", new ConsoleOutputOperator());
dag.addStream("myStream", consumer.outputPort, cons.input).setLocality(Locality.CONTAINER_LOCAL);
}
}
3.5 Test the Application
To simply test the created application we can write a UnitTest, so there is no need to setup a Hadoop/YARN cluster.
In the bootstrap application there is already a UnitTest namely ApplicationTest.java that we can use:
import java.io.IOException;
import javax.validation.ConstraintViolationException;
import org.junit.Assert;
import org.apache.hadoop.conf.Configuration;
import org.junit.Test;
import com.datatorrent.api.LocalMode;
/**
* Test the DAG declaration in local mode.
*/
public class ApplicationTest {
#Test
public void testApplication() throws IOException, Exception {
try {
LocalMode lma = LocalMode.newInstance();
Configuration conf = new Configuration(true);
//conf.addResource(this.getClass().getResourceAsStream("/META-INF/properties.xml"));
lma.prepareDAG(new Application(), conf);
LocalMode.Controller lc = lma.getController();
lc.run(10000); // runs for 10 seconds and quits
} catch (ConstraintViolationException e) {
Assert.fail("constraint violations: " + e.getConstraintViolations());
}
}
}
Since we don't need any properties for this application the only thing changed in this file is uncommenting the line:
conf.addResource(this.getClass().getResourceAsStream("/META-INF/properties.xml"));
If you execute the ApplicationTest.java and send messages to RabbitMQ using the Producer program as described in 2., the Test should output all the messages.
You might need to increase the time of the test to see all messages (It is set to 10sec currently).

How to inject EJB from different EAR in same glassfish

I have been trying to implement this design for couple of days ago and had no success. (before continuing I tell that I have read this article "How can I inject an EJB from an other application on the same GlassFish Server?" and other than glassfish-ejb-jar.xml I tried everything in it )
I have 2 ear application. test.ear is my main app which I want to test it, but I don't want to add any remote interfaces in this project, so I created another .ear(automation.ear) which contains remote interfaces and inject EJBs from test.ear . so my standalone application calls automation app and can not access test application directly.
each application contains these modules: entities, ejb , ear (for example automation application contains :automation-entities, automation-ejb, automation-ear)
here is my journey :
(I deployed test.ear before all these attempts)
-first try: I added test.ejb with ejb type as a maven dependency to automation-ejb pom.xml and injected EJB of test.ear in one of the beans of automation project and gave it a mappedName; it worked however I realized that it is a false positive and it actually doesn't go to the implementation of test.ear. it uses the copy it has (because of dependency)
- second try: I added a plugin in pom.xml of test.ear to create ejb-client for me (which only contains the interfaces and not the implementation) and added this .jar to automation pom.xml as a dependency, then injected the ejb gave it mappedName and try to deply ; well it complained about not finding the class!--> can't deploy
- third try: I added a copy of the interface I wanted to use(from test.ear) in automation.ear and removed the dependencies in pom.xml of automation. injected EJB and gave it the mappedName; tried to deploy and no luck ! still can't find the class--> can't deploy
Here are my classes:
test.ear application
package com.ericsson.test.service;
import javax.ejb.Local;
#Local
public interface TestService1 {
public String TestMethod1();
}
//////////////////////////////////////////////////////
package com.ericsson.test.service;
import javax.ejb.Local;
import javax.ejb.Stateless;
#Local(TestService1.class)
#Stateless(name = "TestService1")
public class TestServiceBean1 implements TestService1{
#Override
public String TestMethod1() {
return "Test Method1";
}
}
automation.ear application
#Remote
public interface RemoteInterfaceTest{
public void doSomething();
}
////////////////////////////////////////////////////////////////////////
package com.ericsson.test.service;
import javax.annotation.PostConstruct;
import javax.ejb.EJB;
import javax.ejb.Singleton;
import javax.ejb.Startup;
import javax.naming.InitialContext;
#Singleton
#Startup
public class RemoteInterfaceTestBean implements RemoteInterfaceTest {
#EJB(mappedName = "Test-Server-Local/test-ejb-0.0.1-SNAPSHOT/TestService1/local")
private TestService1 testService1EJB;
#PostConstruct
public void doSomething() {
try {
InitialContext ic = new InitialContext();
TestService1 service1 = (TestService1) ic
.lookup("java:global/Test-Server-Local/test-ejb-0.0.1-SNAPSHOT/TestService1");
System.out.println(service1.TestMethod1());
} catch (Exception e) {
System.out.println(e.getMessage());
System.out.println("OOOOOOPPPPPPSSSSSSSSS ! First try");
}
try {
testService1EJB.TestMethod1();
} catch (Exception e) {
System.out.println("OOOOOOPPPPPPSSSSSSSSS ! Second try");
}
}
}
and this is the exception I get:
SEVERE: Exception while deploying the app [automation-csdp-remote] : Cannot resolve reference Local ejb-ref name=com.ericsson.test.service.RemoteInterfaceTestBean/testService1EJB,Local 3.x interface =com.ericsson.test.service.TestService1,ejb-link=null,lookup=,mappedName=Test-Server-Local/test-ejb-0.0.1-SNAPSHOT/TestService1/local,jndi-name=,refType=Session
I have tried played with it like 1000 times, I checked the glass fish and the class is there, why it can not find it ? any idea would be greatly appreciated.
I am using EJB 3.x , glassfish 3.1.2 , maven 3.0.5, eclipse kepler

Picketlink not picking my user defined authenticator

I'm trying to implement JSF authentication with PickeLink 2.6.0 (EAR, Wildfly 8.1.0), as shown in the PicketLink 'picketlink-authentication-jsf' quickstart. I provided an authentication marked with the #PicketLink annotation, but Identity.login() always returns FAILED. This is my JSF form:
<h:form>
<h:panelGrid styleClass="full">
<h:inputText value="#{loginCredentials.userId}" required="true"
pt:placeholder="Username" />
<h:inputSecret value="#{loginCredentials.password}" required="true"
pt:placeholder="Password" />
<h:commandButton value="Login" action="#{loginAction.login()}" />
</h:panelGrid>
</h:form>
This is my LoginAction bean in the WAR module:
import java.util.logging.Logger;
import javax.enterprise.context.RequestScoped;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import org.picketlink.Identity;
import org.picketlink.Identity.AuthenticationResult;
import org.picketlink.credential.DefaultLoginCredentials;
#RequestScoped
#Named
public class LoginAction {
#Inject
private Identity identity;
#Inject
private DefaultLoginCredentials credentials;
protected Logger log = Logger.getLogger(this.getClass().getSimpleName());
public void login() {
this.log.info(String.format("%s => %s", this.credentials.getUserId(), this.credentials.getPassword())); // Does get printed!
AuthenticationResult result = this.identity.login();
this.log.info(result.toString());
if (AuthenticationResult.FAILED.equals(result)) {
FacesContext.getCurrentInstance().addMessage(
null,
new FacesMessage(FacesMessage.SEVERITY_ERROR,
"Authentication was unsuccessful. Please check your username and password "
+ "before trying again.", ""));
}
}
}
And my Authenticator in the EJB module:
import java.util.logging.Logger;
import javax.inject.Inject;
import org.picketlink.annotations.PicketLink;
import org.picketlink.authentication.BaseAuthenticator;
import org.picketlink.credential.DefaultLoginCredentials;
#PicketLink
public class Authenticator extends BaseAuthenticator {
#Inject
private DefaultLoginCredentials credentials;
#Inject
private ApplicationAuthenticator applicationAuthenticator;
protected Logger log = Logger.getLogger(this.getClass().getSimpleName());
#Override
public void authenticate() {
this.log.info("authenticate"); // Not printed!
this.log.info(String.format("%s => %s", this.credentials.getUserId(), this.credentials.getPassword()));
ProcessResult auth = this.applicationAuthenticator.authUser(
this.credentials.getUserId(), this.credentials.getPassword());
this.log.info(auth.toString());
if (auth.getResult()) {
this.setStatus(AuthenticationStatus.SUCCESS);
this.log.info(AuthenticationStatus.SUCCESS.toString());
} else {
this.setStatus(AuthenticationStatus.FAILURE);
this.log.info(AuthenticationStatus.FAILURE.toString());
}
}
}
Looks as if my Authenticator is not called at all. This is what I get from the log:
12:25:00,093 INFO [LoginAction] (LoginAction.java:27) defaultuser => defaultpass
12:25:00,105 INFO [idm] (DefaultPartitionManager.java:165) PLIDM001000: Bootstrapping PicketLink IDM Partition Manager
12:25:00,107 INFO [store] (AbstractIdentityStore.java:50) PLIDM001001: Initializing Identity Store [class org.picketlink.idm.file.internal.FileIdentityStore]
12:25:00,110 WARN [file] (FileDataSource.java:173) PLIDM001101: Working directory [C:\Users\JPANGA~1\AppData\Local\Temp\pl-idm] is marked to be always created. All your existing data will be lost.
12:25:00,165 INFO [file] (FileDataSource.java:180) PLIDM001100: Using working directory [C:\Users\JPANGA~1\AppData\Local\Temp\pl-idm].
12:25:00,252 INFO [LoginAction] (LoginAction.java:29) FAILED
The PicketLinks jars are at $EAR_ROOT/lib.
I read the docs at http://docs.jboss.org/picketlink/2/latest/reference/html-single/ and it looks like I'm not missing anything. Why can't I get my Authenticator to work?

After getting more familiar with CDI I realized my silly mistake (the answer wasn't in PLINK docs, but in EE docs). All I needed was to add
#Named
#RequestScoped
to the bean. It still won't work without setting the account after setting the authentication status (I missed that):
this.setStatus(AuthenticationStatus.SUCCESS);
this.setAccount(new User(username)); // <-- don't miss this!

Jetty - how to only allow requests from a specific domain

I have exposed an api provided by a jetty server to a front-end application. I want to make sure that only the front-end application (from a certain domain) has access to that api - any other requests should be unauthorised.
What's the best best way of implementing this security feature?
Update: I have set up a CrossOriginFilter - however, I can still access the api via basic GET request from my browser.
Thanks!

Use the IPAccessHandler to setup whitelists and blacklists.
Example: this will allow 127.0.0.* and 192.168.1.* to access everything.
But 192.168.1.132 cannot access /home/* content.
package jetty.demo;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.IPAccessHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
public class IpAccessExample
{
public static void main(String[] args)
{
System.setProperty("org.eclipse.jetty.servlet.LEVEL","DEBUG");
System.setProperty("org.eclipse.jetty.server.handler.LEVEL","DEBUG");
Server server = new Server();
ServerConnector connector = new ServerConnector(server);
connector.setPort(8080);
server.addConnector(connector);
// Setup IPAccessHandler
IPAccessHandler ipaccess = new IPAccessHandler();
ipaccess.addWhite("127.0.0.0-255|/*");
ipaccess.addWhite("192.168.1.1-255|/*");
ipaccess.addBlack("192.168.1.132|/home/*");
server.setHandler(ipaccess);
// Setup the basic application "context" for this application at "/"
// This is also known as the handler tree (in jetty speak)
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setContextPath("/");
// make context a subordinate of ipaccess
ipaccess.setHandler(context);
// The filesystem paths we will map
String homePath = System.getProperty("user.home");
String pwdPath = System.getProperty("user.dir");
// Fist, add special pathspec of "/home/" content mapped to the homePath
ServletHolder holderHome = new ServletHolder("static-home", DefaultServlet.class);
holderHome.setInitParameter("resourceBase",homePath);
holderHome.setInitParameter("dirAllowed","true");
holderHome.setInitParameter("pathInfoOnly","true");
context.addServlet(holderHome,"/home/*");
// Lastly, the default servlet for root content
// It is important that this is last.
ServletHolder holderPwd = new ServletHolder("default", DefaultServlet.class);
holderPwd.setInitParameter("resourceBase",pwdPath);
holderPwd.setInitParameter("dirAllowed","true");
context.addServlet(holderPwd,"/");
try
{
server.start();
server.join();
}
catch (Throwable t)
{
t.printStackTrace(System.err);
}
}
}
Or alternatively, write your own Handler to filter based on some other arbitrary rule.
Such as looking for a required request header, something that your specific front-end application provides, but a browser would not.
package jetty.demo;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.HandlerWrapper;
public class BanBrowserHandler extends HandlerWrapper
{
#Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
String xfe = request.getHeader("X-FrontEnd");
if ((xfe == null) || (!xfe.startsWith("MagicApp-")))
{
// not your front-end
response.sendError(HttpStatus.FORBIDDEN_403);
baseRequest.setHandled(true);
return;
}
getHandler().handle(target,baseRequest,request,response);
}
}

The class IPAccessHandler is deprecated. The InetAccessHandler is recommended.
org.eclipse.jetty.server.Server server = ...;
InetAccessHandler ipaccess = new InetAccessHandler();
ipaccess.include(clientIP);
ipaccess.setHandler(server.getHandler());
server.setHandler(ipaccess);