VirtualBox Unable to Run Two Instances

Double Bows by Nicholas_T

I have been using VirtualBox for awhile and have been pretty pleased with it considering it’s a free solution.  I blogged about wanting to try it over two years ago.

Today I started up Windows 7 on my iMac.  Then I tried to start up Windows XP but got this error.

Failed to open a session for the virtual machine Windows XP Pro Media Center.

PIIX3 cannot attach drive to the Secondary Master
(VERR_SHARING_VOILATION).

Unknown error creating VM (VERR_SHARING_VIOLATION).

Fortunately Google came to the rescue and led me to this article in the VirtualBox forums, Can’t run multiple Instances on OSX Leapord.  Once I unmounted the DVD drive in Windows 7 (Devices –> CD/DVD Devices) I was able to start Windows XP.

The lesson is you can’t run two instances if both want to mount the same DVD drive. Not sure if this is a problem with Parallels or VMWare.

Programming Secure FTP in Java

Often server applications need to upload or download files using FTP.  But in this age of increasing security awareness vendors are now asking this be done using SFTP (Secure FTP).

Fortunately this is not difficult using the JSch (Java Secure Channel) library.  The downloadable JSch archive includes numerous examples.  I used the Sftp.java to implement SFTP for my server application.

Starting a connection to an SFTP server using JSch is somewhat simple.

JSch jsch = new JSch();

// start session
session = jsch.getSession(username, host);

// specify our own user info to accept secure connection to FTP server
UserInfo ui = new MyUserInfo(host);
session.setUserInfo(ui);

// set password
session.setPassword(password);

// connect
session.connect();

// get SFTP channel
Channel channel = session.openChannel("sftp");
channel.connect();
schannel = (ChannelSftp) channel;

The trick is getting past confirmation of the authenticity of the host. I do this my creating my own UserInfo implementation, MyUserInfo, which knows about the host I am connecting to. The only method I implement is the promptYesNo method which simply checks if the message is asking about the host I want to connect to.

protected MyUserInfo(final String pKnownHost) {
    this.mKnownHost = pKnownHost;
}

@Override
public boolean promptYesNo(final String pMessage) {
    // message looks like this "The authenticity of host 'foo.com' can't be established..."
    final int start = pMessage.indexOf("'") + 1;
    final int end = pMessage.indexOf("'", start);
    final String host = pMessage.substring(start, end);

    // is the host a known host?
    return this.mKnownHost.equals(host);
}

Now uploading is trivial.

schannel.put(src, dest);

For further reading please see Java: What is the best way to SFTP a file from a server.

Configuring JBoss for HTTPS

Keys 1 by ~Brenda-Starr~

This is how I configured JBoss to handle HTTPS requests for secure ATG applications.

  1. Create the keystore and private key.
    $ cd /opt/jboss/jboss-eap-4.3/jboss-as/server/atg/conf
    $ keytool -genkey -alias jbosskey -keyalg RSA -keystore server.keystore
  2. Generate and store the certificate.
    $ keytool -export -alias jbosskey -file server.crt -keystore server.keystore
    $ keytool -import -alias jbosscert -file server.crt -keystore server.keystore
  3. Enable HTTPS.
    $ vi /opt/jboss/jboss-eap-4.3/jboss-as/server/atg/deploy/jboss-web.deployer/server.xml

    Uncomment SSL HTTP/1.1 Connector section and edit. For example:

        <Connector port="8443" address="${jboss.bind.address}"
                   protocol="HTTP/1.1" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS"
                   keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
                   keystorePass="letmein" />
  4. Start JBoss with keystore specified. On UNIX you can do this by updating run.conf. For example:
    JAVA_OPTS="-Xms128m -Xmx512m -XX:MaxPermSize=128m -Djavax.net.ssl.trustStore=/opt/jboss/jboss-eap-4.3/jboss-as/server/atg/conf/server.keystore -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.lang.ClassLoader.allowArraySyntax=true"

Note that if you are using service bindings (i.e. uncommented service bindings section of conf/jboss-service.xml) then the bindings in the XML configuration file (e.g. sample-bindings.xml) will take precedence. In this case the secure port becomes 8543.

For further reading please see HOWTO Configure JBoss for HTTPS.

Bootstrapping is the Rage

Web startups boot strapping themselves are all the rage.  Every few weeks someone approaches me with a new idea.  The implementation plans for the venture are almost always identical.

  • web application
  • open source framework, usually Ruby on Rails, sometimes PHP
  • free database, almost always MySQL
  • cloud hosting
  • small group of guys, typically people who have made money at a previous venture
  • no salaries, just equity

Inspirations for these companies are places such 37signals, Wufoo, Plentyoffish and World of Goo.

I enjoy hearing the ideas and almost joined one venture.  But in the end none have been compelling enough for me to risk 6 to 12 months of income.  Hopefully I’ll think of one on my own. 🙂

Turning On Debug in JBoss

Prius Power ButtonThere are probably many ways of turning debug on in JBoss.

In windows the way I do it is by uncommenting the line in<JBoss>/bin/run.bat that starts with:

rem set JAVA_OPTS=-Xdebug


Uncommenting in DOS bat files is simply done by removing the rem command:

set JAVA_OPTS=-Xdebug


I created aliases for turning debug on and off. I use a script which simply replaces one string with another.

alias debugon='changeString.sh "^rem set JAVA_OPTS=-Xdebug" "set JAVA_OPTS=-Xdebug" ${JBOSS}/bin/run.bat && chmod 755 ${JBOSS}/bin/run.bat && unix2dos ${JBOSS}/bin/run.bat'
alias debugoff='changeString.sh "^set JAVA_OPTS=-Xdebug" "rem set JAVA_OPTS=-Xdebug" ${JBOSS}/bin/run.bat && chmod 755 ${JBOSS}/bin/run.bat && unix2dos ${JBOSS}/bin/run.bat'


On Unix I do a similar thing, uncommenting this line in <JBoss>/bin/run.conf:

#JAVA_OPTS="$JAVA_OPTS -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n"


Uncommenting in Unix shell scripts is simply done by removing the # character at the beginning of the line.

JAVA_OPTS="$JAVA_OPTS -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n"


These are my aliases on UNIX for turning debug on and off.

alias debugon="changeString.sh '^#JAVA_OPTS=\"\$JAVA_OPTS -Xrunjdwp:transport=dt_socket' 'JAVA_OPTS=\"\$JAVA_OPTS -Xrunjdwp:transport=dt_socket' ${JBOSS_HOME}/bin/run.conf"
alias debugoff="changeString.sh '^JAVA_OPTS=\"\$JAVA_OPTS -Xrunjdwp:transport=dt_socket' '#JAVA_OPTS=\"\$JAVA_OPTS -Xrunjdwp:transport=dt_socket' ${JBOSS_HOME}/bin/run.conf"


One of the reasons I created the scripts was because on Windows suspend=y by default. Therefore when in debug mode you have to start your debugger or the JBoss server will not completely start up. On Unix suspend=n by default. If you change suspend=n on Windows too then the server will start up without waiting for the debugger to attach.

Note that you can only have one server with debug on for a given port, e.g. port 8787.  So if you try to start more than one JBoss server with that port, only the first will start.  The solution is to start only one server with debug on or start different servers with different debug ports.

ATG Confirm Password Bug in ProfileFormHandler

Long-billed Curlew (Numenius americanus) birds on Morro Strand State Beach during a golden sunset. Also characteristic of Montana de Oro area to the south. | Flickr

Long-billed Curlew birds by mikebaird

Hi ATG Support,

I noticed a bug in how ATG’s ProfileFormHandler (ATG Java API) handles confirm passwords when creating a new profile.  Note that this bug happens only if you persist anonymous profiles.

During registration when you call handleCreate it calls createProfileItem and then updateProfileAttributes. In updateProfileAttributes it checks if the password matches the confirm password. If they don’t match it adds a form exception.

However at this point it has updated the profile attributes including the login. Therefore after the user sees the error about the passwords not matching, corrects it and resubmits the form she will see an error that the login is already taken.

The work around is to set creatNewUser to true but since the default value is false most developers will see this bug.

Update 12-22-2010: ATG confirmed this is a bug.

Hi Frank,

Thanks for the information and details. I’m glad that using ProfileFormHandler.createNewUser=true works for you. You might want to periodically check the size of the dps_user table and purge the anonymous profiles, if needed.

For your reference, I have created PR#DPS-167714 “ProfileFormHandler Confirm Password” to track the issue.

Kind Regards,
Kristi Coleman

Load ATG Order

Crystal Ball | FlickrCrystal Ball by David Reece

You can always look up an order in the repository using it’s ID.  But then you want to use the properties of this order object you will always be calling getPropertyValue and casting it to the type you expect.

A better and much simpler way is to look up the order using the OrderManager.  Then you get a strongly typed Order object and don’t have have to deal with the repository.  Life has become a little easier. 🙂

OrderManager orderManager = getOrderManager;
Order order = orderManager.loadOrder(orderId);


Now that you have the order you can also get the profile for that order.

RepositoryItem profile = getProfileTools().getProfileForOrder(order);

Turning on Secure for ATG Applications

Closed for business | FlickrClosed for business by maistora’s Photostream | Flickr

Almost all web applications have some parts of their site they want to be secure such as login and profile pages.

To enable security ATG has a ProtocolSwitchServlet, located at /atg/dynamo/servlet/dafpipeline/ProtocolSwitchServlet. Set the enable property to true and configure the other properties appropriately.

The only other properties that you will need to configure are the secureList property and the ignoreList property.  Examples of how these properties would be configured follow.

secureList=/myapp/account,/myapp/checkout
ignoreList=/myapp/css,/myapp/javascript

Optionally you might want to change the secureHostName and the httpsPort but typically it would be better to change siteHttpServerName and httpsPort respectively in /atg/dynamo/Configuration.

The default values for the other properties should be fine.

ATG Log Error from JSP Page

"The page cannot be displayed" | Flickr

"The page cannot be displayed" by Peter Kaminski

Unlike this IKEA sign, you usually don’t want to display errors on your web pages.  ATG allows you to log errors to the server log from a JSP page.  Below is an example of how to do this.  In this case if we find the price is null we log an error to the server log.

<dsp:getvalueof id="price" idtype="java.lang.Double" param="currentItem.priceInfo.amount">
<%
if (price == null) {
atg.servlet.DynamoHttpServletRequest dreq = atg.servlet.ServletUtil.getDynamoRequest(request);
dreq.logError("price is null!”);
}
%>
</dsp:getvalueof>