Sun River
Topics about Java SE, Servlet/JSP, JDBC, MultiThread, UML, Design Pattern, CSS, JavaScript, Maven, JBoss, Tomcat, ...
posts - 78,comments - 0,trackbacks - 0

Question How do you delete a Cookie within a JSP? (JSP)

Answer

Cookie mycook = new Cookie("name","value");

response.addCookie(mycook);

Cookie killmycook = new Cookie("mycook","value");

killmycook.setMaxAge(0);

killmycook.setPath("/");

killmycook.addCookie(killmycook);

Question How many types of protocol implementations does RMI have? (RMI)

Answer RMI has at least three protocol implementations: Java

Remote Method Protocol(JRMP), Internet Inter ORB Protocol(IIOP),

and Jini Extensible Remote Invocation(JERI). These are alternatives,

not part of the same thing, All three are indeed layer 6 protocols for

those who are still speaking OSI reference model.

Question What are the different identifier states of a Thread?

(Core Java)

Answer The different identifiers of a Thread are:

R - Running or runnable thread

S - Suspended thread

CW - Thread waiting on a condition variable

MW - Thread waiting on a monitor lock

MS - Thread suspended waiting on a monitor lock


Question What is the fastest type of JDBC driver? (JDBC)

Answer JDBC driver performance will depend on a number of

issues:

(a) the quality of the driver code,

(b) the size of the driver code,

(c) the database server and its load,

(d) network topology,

(e) the number of times your request is translated to a different API.

In general, all things being equal, you can assume that the more your

request and response change hands, the slower it will be. This

means that Type 1 and Type 3 drivers will be slower than Type 2

drivers (the database calls are make at least three translations versus

two), and Type 4 drivers are the fastest (only one translation).

Question Request parameter How to find whether a parameter

exists in the request object? (Servlets)

Answer 1.boolean hasFoo = !(request.getParameter("foo") ==

null || request.getParameter("foo").equals(""));

2. boolean hasParameter =

request.getParameterMap().contains(theParameter);

(which works in Servlet 2.3+)


Question How can I send user authentication information while

makingURLConnection? (Servlets)

Answer You’ll want to use

HttpURLConnection.setRequestProperty and set all the appropriate

headers to HTTP authorization.

Question How do I convert a numeric IP address like 192.18.97.39

into a hostname like java.sun.com? (Networking)

Answer

Question How many methods do u implement if implement the

Serializable Interface? (Core Java)

Answer The Serializable interface is just a "marker" interface,

with no methods of its own to implement. Other ’marker’ interfaces

are

java.rmi.Remote

java.util.EventListener

String hostname =InetAddress.getByName("192.18.97.39").getHostName();

posted @ 2010-10-25 17:08 Sun River| 编辑 收藏
1.

Question What is the query used to display all tables names in

SQL Server (Query analyzer)? (JDBC)

Answer select * from information_schema.tables

Question What is Externalizable? (Core Java)

Answer Externalizable is an Interface that extends Serializable

Interface. And sends data into Streams in Compressed Format. It has

two methods, writeExternal(ObjectOuput out) and

readExternal(ObjectInput in).

Question What modifiers are allowed for methods in an Interface?

Answer Only public and abstract modifiers are allowed for

methods in interfaces.

Question How many types of JDBC Drivers are present and what

are they? (JDBC)

Answer There are 4 types of JDBC Drivers

Type 1: JDBC-ODBC Bridge Driver

Type 2: Native API Partly Java Driver

Type 3: Network protocol Driver

Type 4: JDBC Net pure Java Driver

Question What is the difference between ServletContext and

PageContext? (JSP)

Answer ServletContext: Gives the information about the container

PageContext: Gives the information about the Request.

Question How to pass information from JSP to included JSP?

Answer Using <%jsp:param> tag.

posted @ 2010-10-25 16:07 Sun River| 编辑 收藏

 

tomcat6配置双向认证

1
、生成服务器端证书

keytool -genkey -keyalg RSA -dname "cn=localhost,ou=sango,o=none,l=china,st=beijing,c=cn" -alias server -keypass password -keystore server.jks -storepass password -validity 3650


2
、生成客户端证书

keytool -genkey -keyalg RSA -dname "cn=sango,ou=sango,o=none,l=china,st=beijing,c=cn" -alias custom -storetype PKCS12 -keypass password -keystore custom.p12 -storepass password -validity 3650


客户端的CN可以是任意值。
3
、由于是双向SSL认证,服务器必须要信任客户端证书,因此,必须把客户端证书添加为服务器的信任认证。由于不能直接将PKCS12格式的证书库导入,我们必须先把客户端证书导出为一个单独的CER文件,使用如下命令,先把客户端证书导出为一个单独的cer文件:

keytool -export -alias custom -file custom.cer -keystore custom.p12 -storepass password -storetype PKCS12 -rfc


然后,添加客户端证书到服务器中(将已签名数字证书导入密钥库)

keytool -import -v -alias custom -file custom.cer -keystore server.jks -storepass password


4
、查看证书内容

keytool -list -v -keystore server.jks -storepass password


5
、配置tomcat service.xml文件

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="true" sslProtocol="TLS"
    keystoreFile="D:/server.jks" keystorePass="password"
    truststoreFile="D:/server.jks" truststorePass="password"
/>


clientAuth="true"
表示双向认证
6
、导入客户端证书到浏览器
双向认证需要强制验证客户端证书。双击“custom.p12”即可将证书导入至IE

tomcat6
配置单向认证

1
、生成服务器端证书

keytool -genkey -keyalg RSA -dname "cn=localhost,ou=sango,o=none,l=china,st=beijing,c=cn" -alias server -keypass password -keystore server.jks -storepass password -validity 3650


2
、由于是单向认证,没有必要生成客户端的证书,直接进入配置tomcat service.xml文件

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="D:/server.jks" keystorePass="password"    
/>


clientAuth="false"
表示单向认证,同时去掉truststoreFile="D:/server.jks" truststorePass="password"2

posted @ 2010-05-11 12:12 Sun River| 编辑 收藏
 

---The key thing to know is that IDs identify a specific element and therefore must be unique on the page – you can only use a specific ID once per document. Many browsers do not enforce this rule but it is a basic rule of HTML/XHTML and should be observed. Classes mark elements as members of a group and can be used multiple times, so if you want to define a style which will be applied to multiple elements you should use a class instead.

 Notice that an ID's CSS is an HTML element, followed by a "#", and finally ID's name. The end result looks something like "element#idname". Also, be sure to absorb the fact that when an ID is used in HTML, we must use "id=name" instead of "class=name" to reference it!

Why Did They Choose Those Names??

       ID = A person's Identification (ID) is unique to one person.

       Class = There are many people in a class.

ID for Layout and Uniqueness

Standards specify that any given ID name can only be referenced once within a page or document. From our experience, IDs are most commonly used correctly in CSS layouts. This makes sense because there are usually only one menu per page, one banner, and usually only one content pane.

In Tizag.com CSS Layout Examples we have used IDs for the unique items mentioned above. View the CSS Code for our first layout example. Below are the unique IDs in our code.

*       Menu - div#menuPane

*       Content - div#content

Answer: Classes vs IDs

Use IDs when there is only one occurence per page. Use classes when there are one or more occurences per page.

posted @ 2010-03-16 10:14 Sun River| 编辑 收藏
--Spring的singleton是容器级的,我们一般说的singleton模式是JVM级的。所以singleton模式中,singleton的class在整个JVM中只有一个instance,Spring的Bean,你可以一个class配置多个Bean,这个class就有了多个instance。这个singleton是指在spring容器中,这个Bean是单实例的,是线程共享的。所以要求这些类都是线程安全的。也就是说,不能出现修改Bean属性的方法,当然除了设值得那些setter。只要满足线程安全,这些bean都可以用singleton。而且我们在绝大多数使用上,也是这样用的,包括dao,service。
Beanfactory是Spring初始以静态方式载入的,Spring的单例IOC是基于容器级的,所以这你都不用担心与考虑.

--应用中对象有两种,行为对象和数据对象,行为对象都要求是线程安全的!也就是允许单例的, 不管是dao 还是 service 对象,都是行为对象,行为对象不应该引用非线程安全的对象做成员量,同时在应用外部的资源(如文件,数据库连接,session)时,要先保证对这些东西的访问是做了并发控制的!
  对于spring来讲,<bean scope="singleton"/>或<bean singleton="true"/>都是保证对同一sesionfactory bean是单例的,也就是所谓 sessionfactory 范围的.

--这是一个真实的案例,我们在项目中使用Spring和ACEGI,我之所以选择ACEGI,除了它对权限的良好控制外,
我还看好它的SecurityContextHolder,通过代码
代码
  1. Authentication auth = SecurityContextHolder.getContext().getAuthentication();   
<script>render_code();</script>
我可以很容易在系统任意一层得到用户的信息,而不用把用户信息在参数里传来传去,(这也是struts的缺点之一)
但是我在每一次要得到用户信息的时候都写上面的一段代码,未免有些麻烦,所以我在BaseService, BaseDao里都提供了如下方法:
代码
  1.  /**  
  2.  * get current login user info  
  3.  * @return UserInfo  
  4.  */  
  5. protected UserInfo getUserInfo()   
  6. {   
  7.     return getUserContext().getUserInfo();   
  8. }   
  9.   
  10. /**  
  11.  * get current login user context  
  12.  * @return UserContext  
  13.  */  
  14. protected UserContext getUserContext()   
  15. {   
  16.     Authentication auth = SecurityContextHolder.getContext().getAuthentication();   
  17.     return (UserContext) auth.getPrincipal();   
  18. }   
<script>render_code();</script>
这样在其他的Service和Dao类里可以通过
代码
  1. super.getUserContext(), super.getUserInfo()   
<script>render_code();</script>
来得到用户的信息,这也为问题的产生提供了温床。请看如下代码:
代码
  1. public class SomeServece extends BaseService implements SomeInterFace     
  2. {   
  3.     private UserInfo user = super.getUserInfo();   
  4.        
  5.     public someMethod()   
  6.     {   
  7.        int userID = this.user.getUserID();   
  8.        String userName = this.user.getUserName();   
  9.        //bla bla do something user userID and userNaem   
  10.     }   
  11. }       
<script>render_code();</script>

 

这段代码在单元测试的时候不会用任何问题,但是在多用户测试的情况下,你会发现任何调用SomeService里someMethod()方法
的userID和userName都是同一个人,也就是第一个登陆的人的信息。Why?

其根本原因是Spring的Bean在默认情况下是Singleton的,Bean SomeServece的实例只会生成一份,也就是所SomeServece实例的user
对象只会被初始化一次,就是第一次登陆人的信息,以后不会变了。所以BaseService想为开发提供方便,却给开发带来了风险

正确的用法应该是这样的

代码
  1. public class SomeServece extends BaseService implements SomeInterFace     
  2. {   
  3.        
  4.        
  5.     public someMethod()   
  6.     {   
  7.        int userID = super.getUserInfo().getUserID();   
  8.        String userName = super.getUserInfo().getUserName();   
  9.        //bla bla do something user userID and userNaem   
  10.     }   
posted @ 2009-04-08 12:12 Sun River| 编辑 收藏