Eclipse based LDAP Browser and Directory Client

Apache Directory Studio is a completely directory tooling platform intended to be used with any LDAP server however it is particularly designed for use with Apache Directory Sever.

Features

• LDAP Browser

The LDAP Browser has been designed to work with almost any LDAP server available. It not only permits to read and display the tree of your LDAP Server but also allows you to modify it by creating, editing or removing entries.

• LDIF Editor

The LDIF Editor is a tool for editing LDIF files. It provides syntax highlighting and content assistance.

• Schema Editor

The Schema Editor has been designed to edit the schema files in the OpenLDAP format. It allows you to edit easily attribute types and object classes for Apache Directory Server and OpenLDAP.

• Embeded ApacheDS

Apache Directory Studio bundles the latest version of the LDAPV3 certified Apache DS. Creating and launching a new LDAP server now takes less than 10 seconds!

• ApacheDS Configuration

The Apache DS Configuration Editor can be used to edit the server configuration ('server.xml' file) of an Apache Directory Server installation.

• ACI Editor

The ACI Editor allows you to define, for an entry or a set of entries, graphically or manually (in souce code mode), an ACI (Access Control Information) item specification for Apache Directory Server.

• Internationalization

Apache Directory Studio is now internationalized in English, French and German. We're also open for volunteers who want to add another language support.

• Multi-platform & in eclipse

Based on Eclipse, Apache Directory Studio is a multi-plaform application that runs on Mac OS X, Linux and Windows, and also as plugins inside Eclipse itself.

New Features and Enhancements in JDK 7

• The java.nio.file package and its related package, java.nio.file.attribute, provide comprehensive support for file I/O and for accessing the file system. See File I/O (featuring NIO 2.0) in the Java Tutorials
• Networking

• Sockets Direct Protocol (SDP) is a wire protocol developed to support stream connections over InfiniBand fabric. For more information, see Understanding the Sockets Direct Protocol a trail in the Java Tutorials.

• Closing a URL Classloader

• Java HotSpot Virtual Machine
  

• Compressed Oops in the Hotspot JVM

• Java HotSpot Virtual Machine Performance Enhancements

• Java Virtual Machine Suppport for Non-Java Languages

• Garbage-First Collector

• Supported Encodings

• Supported Locales

• Submitting a Bug Report and Available Support Options

• Copyright and License Terms for Documentation

Tips for Using Tomcat in Production

1. If you're running on a 1.5+ JVM, add the following to your JAVA_OPTS in catalina.sh (or catalina.bat for Windows):
   
   

   1. -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/home/j2ee/heapdumps

   Then use a tool such as YourKit to analyze the heapdump file.

2. Straight from the Tomcat documentation on Jasper 2...
   

   When using Jasper 2 in a production Tomcat server you should consider making the following changes from the default configuration.
   development - To disable on access checks for JSP pages compilation set this to false.
   genStringAsCharArray - To generate slightly more efficient char arrays, set this to true.
   modificationTestInterval - If development has to be set to true for any reason (such as dynamic generation of JSPs), setting this to a high value will improve performance a lot.
   trimSpaces - To remove useless bytes from the response, set this to true.

3. Use Tomcat's clustering/session replication capability to minimize application user impact during maintenance periods.
4. Implement custom error pages to hide raw exception messages. To do this, simply add something like the following to your web.xml:
   
   

   1. <error-page>
   2.    <error-code>404</error-code>
   3.    <location>/error/404.html</location>
   4. </error-page>

5. Eliminate System.out and System.err statements from application code and use a logging toolkit such as Log4J for application logging.
6. Leverage Tomcat's shared library directory. If you're loading several applications with several of the same library dependencies, consider moving them from the applications' WEB-INF/lib directory to Tomcat's shared library {catalina.home}/shared/lib. This will reduce the memory used by each application and result in smaller WAR files.
   
   
7. Tweak memory parameters. Most of the time you will want to make a change to the default settings. The best advice here is to create a development environment that matches your production environment and load test the application. While you do this you can also use a profiler to identify bottlenecks, etc.
8. Remove unnecessary applications.
9. Secure the Manager application. By default there are no users with the manager role. To make use of the manager webapp you need to add a new role and user into the CATALINA_HOME/conf/tomcat-users.xml file.
   
   

   1. <role rolename="manager">
   2.    <user username="darren" password="ReallyComplexPassword" roles="manager"></user>
   3. </role>

   Use a valve to filter by IP or hostname to only allow a subset of machines to connect (i.e. LAN machines). This can be configured at the Engine, Host, or Context level in the conf/server.xml by adding something like the following:

   
   

   1. <!-- allow only LAN IPs to connect to the manager webapp -->
   2. <!-- contrary to the current Tomcat 5.5 documation the value for 'allow' is not a regular expression -->
   3. <!-- future versions may have to be specified as 192.168.1.* -->
   4. <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.*"></Valve>

10. Strip down server.xml by removing comments to make it easier to read and remove connectors that you don't need. An easy way to do this is the following: Rename CATALINA_HOME/conf/server.xml to CATALINA_HOME/conf/server-original.xml and rename CATALINA_HOME/conf/server-minimal.xml to CATALINA_HOME/conf/server.xml. The minimal configuration provides the same basic configuration, but without the nested comments is much easier to maintain and understand. Do not delete the original file as the comments make it useful for reference if you ever need to make changes. Unless you are using Tomcat with the Apache server, comment out this line in CATALINA_HOME/conf/server.xml:
    
    
    <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3">

11. Split your Tomcat installation for added flexibility when it comes time to upgrade Tomcat. See the "Advanced Configuration - Multiple Tomcat Instances" section in the RUNNING.txt file of the Tomcat distribution.
12. Precompile JSPs (at build time).
    
13. Secure directory listings. In CATALINA_HOME/conf/web.xml:
    
    

    1. <servlet>
    2.    <servlet-name>default</servlet-name>
    3.    <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>   
    4.    <init-param>
    5.       <param-name>debug</param-name>
    6.       <param-value>0</param-value>
    7.    </init-param>
    8.    <init-param>
    9.       <param-name>listings</param-name>
    10.       <param-value>false</param-value>  <!-- make sure this is false -->
    11.    </init-param>
    12.    <load-on-startup>1</load-on-startup>
    13. </servlet>

14. If you have multi-core CPUs or more than one CPUs on your server, it might be beneficial to increase the thread pool beyond the default 250. On the other hand, if you have a slow server, decreasing the thread pool will decrease the overhead on the server.
15. Monitor application applications via Tomcat MBeans. This article provides some great insight on how to do this.
16. Consider JDK 1.5 or even better JDK 1.6 to take advantage of performance improvements.
    
    
17. Use the -server JVM option. This enables the server JVM, which JIT compiles bytecode much earlier, and with stronger optimizations. Startup and first calls will be slower due to JIT compilation taking more time, but subsequent ones will be faster.
18. Use GZIP compression. Look for the service connector you wish to configure for compression and add two attributes, compression and compressableMimeType. For example:
    
    
     

    1. <Connector>
    2.    port="80"
    3.    maxHttpHeaderSize="8192"
    4.    URIEncoding="UTF-8"
    5.    maxThreads="150"
    6.    minSpareThreads="25"
    7.    maxSpareThreads="75"
    8.    enableLookups="false"
    9.    redirectPort="8443"
    10.    acceptCount="100"
    11.    connectionTimeout="20000"
    12.    disableUploadTimeout="true"
    13.    compression="on"
    14.    compressableMimeType="text/html,text/xml,text/plain,application/xml">
    15. </Connector>

    For more information, read the Tomcat HTTP Connector documentation.

19. The default Tomcat configuration provides good protection for most requirements, but does not prevent a malicious application from compromising the security of other applications running in the same instance. To prevent this sort of attack, Tomcat can be run with a Security Manager enabled which strictly controls access to server resources. Tomcat documentation has a good section on enabling the Security Manager.

Choosing a Java Web Framework

Choosing a Java Web framework for your project is not getting any easier. Here are some things I think about when choosing a Java Web framework.

• Is it action based? Action based frameworks generally map actions (defined in an HTML form or URL) to code in the controller tier of the application. Action based frameworks are the most popular type of framework. Most developers have had at least some exposure to these kinds of frameworks. The most popular Java Web framework, Struts, is an action based framework. Examples: Struts, Struts2 (based on WebWork), Spring MVC, Stripes, Ruby on Rails , Grails

• Is it component based? Component based frameworks create a component abstraction in the view tier. Event listeners capture user actions and map back to code in the controller tier. I am of the opinion that component based framework have a steeper learning curve than action based frameworks. Some will counter that component based frameworks offer greater productivity, once the framework is learned. Programming in a component based framework can sometimes feel like programming Java Swing components. Examples: JavaServer Faces (JSF) implementations (MyFaces, Tapestry, RIFE, Wicket, Google Web Toolkit (GWT), ThinWire, Echo2, IceFaces (JSF implementation), Click

• Is it page based? Page based frameworks allow you to develop application made of many Web pages. To implement these Web pages, the developer creates HTML (using JSPs or templates), JavaScript and CSS files. All action based frameworks (that I know of) and some component based frameworks are page based. Most of these frameworks now have good support for AJAX. Because you write the Web tier yourself, you also have a lot of control and the ability to adhere to Web standards. Struts is a page based framework. Examples: Struts, Struts2/WebWork, Spring MVC, Stripes, Ruby on Rails (requires JRuby to run in Java), Grails, RIFE, JavaServer Faces (JSF) implementations (MyFaces), Tapestry, RIFE, Wicket

• Is the Web tier generated? New AJAX frameworks such as Google Web Toolkit, require you to only code in Java. They then generate the entire Web tier for you, so you don’t have to code the HTML, JavaScript or CSS. You will still need to understand CSS concepts in order to style you components. This may be attractive you if you or your team doesn’t have much experience with JavaScript and CSS or you want to keep all of you application logic within Java code. These frameworks are component based and the style of programming is very similar to Swing. AJAX is used heavily by these framework to create a rich user interface. In traditional frameworks, there are many Web pages that work together to form an application. These frameworks may only have one page (a frame) where components and screens are swapped out using AJAX. Examples: Google Web Toolkit (GWT), ThinWire, Echo2, IceFaces (JSF implementation)

• Is it JSP based? Many frameworks, including Struts, use JSP pages to generate HTML. JSP (JavaServer Pages) are the classic way to generate Web pages in Java. Tag libraries are used within JSP pages to generate HTML. Custom tags can be created fairly easily to add your own functionality. JSP pages get compiled into Java Servlets. Examples: Struts, Struts2/WebWork, Spring MVC, JavaServer Faces (JSF) implementations (MyFaces), Click

• Is it template based? Some frameworks offer an alternative to JSP pages known as a template. Sometimes a framework only works with templates, while there are also lightweight template libraries, such as Velocity or FreeMarker, that can be used in combination with JSP frameworks. A template is often an HTML file with references to Java components made within the HTML code. Because these files are not JSP pages, they bypass the JSP API which many developers do not like to use. This also give some templates the ability to be viewed by a browser, which makes them nice for Web designers. I list some examples of frameworks that use template out of the box. However, as I mentioned earlier, JSP based frameworks can be made to work with templating technologies. Examples: Facelets (a view handler that can be used with any JSF implementation), Tapestry, RIFE, Wicket, Velocity, Clay (part of Shale), FreeMarker

• Is it Rails like? The hugely popular Ruby on Rails (RoR) framework has defined its own class of Web framework. Without going into the framework itself, two fundamentals of this framework are “convention over configuration” and “don’t repeat yourself”. Rails like frameworks generate a lot of the application structure up front to make it easy to get up and running. Examples: Ruby on Rails (requires JRuby to run in Java), Grails, Trails

• Does it support a dynamic scripting language? Many frameworks now have support for dynamic scripting frameworks. If you would rather do most of your Web programming in a scripting language rather than Java (there are many who would), then one of these frameworks might be for you. They tend to be action and page based and have good support for AJAX. Examples: Ruby on Rails (requires JRuby to run in Java), Grails (using Groovy scripting language)

• Does it support IoC? You will often hear this referred to as “Spring integration”. The Spring Framework is a full stack J2EE application framework. There are many different sub-frameworks within the Spring Framework, and its Spring IoC (inversion of control or dependency injection) framework is its most widely used. IoC frameworks can make it easy to configure Java beans within your application, as well as provide a number of other benefits. Most of the popular frameworks have support in one way or another for Spring IoC. If this is important to you, then you should make sure the framework you are selecting makes it easy to work with Spring IoC. There are other IoC frameworks out there, such as HiveMind and Plexus, but Spring is currently the standard.

• Does it support Web conversations? Supporting Web conversations is about tracking state across several pages, so if you are using a framework that is page based, then this may be important to you. If it is, then JBoss Seam and Spring Web Flow are frameworks to consider. They are not Web frameworks, but server side frameworks that integrate into the middle tier of your application. Seam uses JSF for its Web tier. Spring Web Flow can integrate with various Web frameworks. Shale, a framework for JSF, also includes support for conversations, as well as RIFE.

• Is it testable? Many of the popular frameworks are building in formal support for mock objects and other testing concerns. Testing is critical and Web applications tend to be difficult to test.
• How well does it support security? Is it well supported and maintained? Is it stable? Will it help me adhere to standards? These are things I think about on all projects when selecting a framework and they apply here as well. Especially here, since there are so many Java Web frameworks to choose from and new ones are showing up each month.

Technologies used to censor the Web

IP Blocking

IP Blocking is one of the most basic methods for censorship, as it simply prevents all packets going to or from targeted IP addresses.

But while these sorts of operations are relatively simple to execute, they don't tackle the problem of individual communications between users, especially if the users have set up multi-hop circuits that use multiple servers to create a proxy ring.

Traffic Classification (QoS)

This is a much more sophisticated method of blocking traffic than IP blocking, as one can halt any file sent through a certain type of protocol, such as FTP. Because we know that FTP transfers are most often sent through TCP port 21, they can simply limit the bandwidth available on that port and throttle transfers. "it is not too resource intensive and is fairly easy to set up."

Shallow Packet Inspection

Shallow packet inspection is basically a blunter, broader version of the deep packet inspection (DPI) technique that is used to block packets based on their content. But unlike DPI, which intercepts packets and inspects their fingerprints, headers and payloads, shallow packet inspection makes broad generalities about traffic based solely on checking out the packet header.

"Shallow packet inspection is more judging a book by its cover. If a packet says that it's SSL (Secure Sockets Layer) in the header, then a shallow packet inspector takes it at face value."

Packet Fingerprinting

This is a slightly more refined method of throttling packets than shallow packet inspection, as it looks not only at the packet header but at its length, frequency of transmission and other characteristics to make a rough determination of its content.

"A lot of things don't explicitly say what they are. For example, a lot of VPN traffic is indistinguishable from SSH traffic, which means that it would be throttled if SSH was,". "But what if businesses relied on VPN connections? You'd move the system to fingerprinting, where the two are easily distinguishable."

Deep Packet Inspection / Packet Content Filtering

DPI is the most refined method for blocking Internet traffic. As mentioned above, deep packet inspectors examine not only a packet's header but also its payload. This gives the ability to filter packets at a more surgical level than any of the other techniques discussed so far.

"Viewing a packet's contents doesn't tell you much on its own, especially if it's encrypted," . "But combining it with the knowledge gained from fingerprinting and shallow packet inspection, it is usually more than enough to figure out what sort of traffic you're looking at."

CentOS x64 bit: Installing Flash plugin for FF

Download flash plugin from http://labs.adobe.com/downloads/flashplayer10.html

then in terminal:


$ tar -xf libflashplayer-10.0.22.87.linux-x86_64.so.tar.gz
$ sudo cp libflashplayer.so /usr/lib64/mozilla/plugins/

Restart firefox-64 bit.

fxd2tbina4

IE vs Firefox in Progressive Rendering

Progressive rendering is the act of displaying each object as it is downloaded. Both IE and FF supports progressive rendering; but, they differ on how they render tables.

Internet Explorer 7

When Internet Explorer renders a , it downloads all the objects within the table before displaying it. This is required so that Internet Explorer can render the table with the correct width for each column.

Mozilla Firefox

On the other hand, Firefox renders all objects progressively regardless if it's in a table. That is to say - each object is displayed as soon as it is downloaded.

What You Can Do To Improve Performance

Performance Tips

1. Ensure HTML code is valid.
2. Minimize number of nested tables.
3. Never wrap entire body contents within a table.
4. Move towards a CSS-based layout.
5. Move JavaScript to the very bottom of document (right before the tag). If not possible, move JavaScript to the of document.
6. Pay close attention to the size of objects and their locations?

The Key Is To Understand

By knowing each browser's strengths and weaknesses, you can build a better design. A good design will never make the reader wait.