Tuesday, April 20, 2010

combining PBE and XMLEncoder to generate encrypted file.

I have seen that many companies still be comfortable with putting their sensitive information in a plain text configuration file. Now, I use PHP and Zend Framework to develop enterprise application. I saw popular function MD5 and SHA is widely used by PHP programmer to protect sensitive data. It is not enough to protect data like password as message digest is not encryption algorithm. It is used to ensure data integrity.

I find back the configuration file encryption Java code. It is pretty easy to implement Passphase Based Encryption (PBE) in Java. I like to use XMLEncoder and XMLDecoder to write and read configuration file as it make simple code and good OO manner. However, XMLEncoder write Java object in a plain xml file. So, I create my own simple EncryptXMLEncoder and DecryptXMLDecoder to wrap around XMLEncoder and XMLDecoder. With EncryptXMLEncoder and DecryptXMLDecoder, I can write Java object into an encrypted file and read it back to a Java object.

These classes has potential to be expanded to be part of license manager. I will put my license manager design later. Also, I will implemented similar class in PHP later.

DummyDemo.java
package jia.blog.util.cfg;


import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import jia.blog.util.beans.DecryptedXMLDecoder;
import jia.blog.util.beans.EncryptedXMLEncoder;

/**
 *
 * @author Yiyu Jia
 */
public class DummyDemo {


    static public void main(String argv[]) {
        
        try {
            //I use a simple DB configuration object for demo.
            DBConfiguration db = new DBConfiguration();
            db.setDbDriverName("com.mysql.jdbc.Driver");
            db.setDbURI("jdbc:mysql://localhost:3306/jiaBlog");
            db.setDbUser("yiyu.jia");
            db.setDbPassword("****");
            db.setDbPoolMinSize(1);
            db.setDbPoolMaxSize(5);

            //point out where the configuration file will be saved
            FileOutputStream fos = new FileOutputStream(System.getProperty("user.dir") + File.separator + "cfg" + File.separator + "dbCfg.xml");
            BufferedOutputStream bos = new BufferedOutputStream(fos);

            //initialized an EcnryptedXMLEncoder with pass in passphase and salt string.
            EncryptedXMLEncoder xmlEncoder = new EncryptedXMLEncoder(bos, "a complex password is a passphase", "put some salt for better taste");
            //write the object to file. writing is down!
            xmlEncoder.writeObject(db);

            //point out where the configuration file will be read.
            FileInputStream fis = new FileInputStream(System.getProperty("user.dir") + File.separator + "cfg" + File.separator + "dbCfg.xml");

            //initialized an DecryptedXMLEncoder with pass in passphase string and salt string.
            DecryptedXMLDecoder xmlDecoder = new DecryptedXMLDecoder(fis, "a complex password is a passphase", "put some salt for better taste");
            DBConfiguration dbCfg = (DBConfiguration )xmlDecoder.readObject();

            //let's see whether we get back the configuration correctly. 
            System.out.print(dbCfg.getDbDriverName() + "\n"
                        + dbCfg.getDbUser() + "\n"
                        + dbCfg.getDbPassword());
            
        } catch (IOException ex) {
            Logger.getLogger(DummyDemo.class.getName()).log(Level.SEVERE, null, ex);
        } catch (Exception ex) {
            Logger.getLogger(DummyDemo.class.getName()).log(Level.SEVERE, null, ex);
        } finally {
            
        }
    }
}


EncryptedXMLEncoder.java
package jia.blog.util.beans;

import java.beans.XMLEncoder;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;

/**
 *
 * @author Yiyu Jia
 */
public class EncryptedXMLEncoder {

    OutputStream out;
    String passphase, salt;

    public EncryptedXMLEncoder(OutputStream out, String passphase, String salt) {
        this.out = out;
        this.passphase = passphase;
        this.salt = salt;
    }

    public void writeObject(Object o) throws IOException, Exception {

        //I simply use ByteArrayOutputStream here.
        //We can swith to piped stream if the object is really large.
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        XMLEncoder xmlEncoder = new XMLEncoder(baos);
        xmlEncoder.writeObject(o);
        xmlEncoder.close();        
        InputStream is =new ByteArrayInputStream(baos.toByteArray());
        baos.close();        
        Encrypter.encryptOutput(passphase, salt, is, out);

    }
}

DecryptedXMLDecoder.java
package jia.blog.util.beans;

import java.beans.XMLDecoder;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;

/**
 *
 * @author Yiyu Jia
 */
public class DecryptedXMLDecoder {

    InputStream in;
    String passphase, salt;

    public DecryptedXMLDecoder(InputStream in, String passphase, String salt) {
        this.in = in;
        this.passphase = passphase;
        this.salt = salt;
    }

    public Object readObject() throws Exception {

        //I simply use ByteArrayOutputStream here.
        //We can swith to piped stream if the object is really large.
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        Encrypter.decryptInput(passphase, salt, in, baos );
        InputStream is =new ByteArrayInputStream(baos.toByteArray());
        XMLDecoder xmlDecoder = new XMLDecoder(is);
        Object o = xmlDecoder.readObject();
        xmlDecoder.close();
        return o;
    }
}


click here for netbean project files.

Saturday, April 10, 2010

HTML DIV tag in ExtJS vs java.awt.Container in Swing.

I have strong feelings that I can compare those pure JavaScript Ajax toolkits, for instance ExtJS, with Java Swing. To compare these stuff from different worlds, the starting point is java.awt.Container and DIV tag in HTML. According to my understanding, java.awt.Container is the root component for all Java Swing widgets. Meanwhile, theoretically, HTML div tag is the root component for all ExtJS widgets. This thoughts can be represented as below figure. 

 Of course, there is no a class called as "DIV" in ExtJS. The root class for all widgets is Ext.Component, which extends from Ext.util.Observable. Observable is the common interface for widgets to publish event.However, Ext.Component does wrap DIV as a canvas, on which we can paste html tag, CSS, figures and all other things we can do on a DOM object.

So, how can this thought be useful? Well, I think the first benefit pump out in my mind is that I will think it is technically feasible to seamlessly use ExtJS with other pure javaScript Ajax libraries like Dojo, in one HTML page. Of course, it might ask for great skill to handle DOM event and JavaScript coding. Also, I guess GWT toolkit creators has similar thoughts to make GWT toolkit? I wish this post will encourage Java Swing programmer to have no fear of learning ExtJS :)

BTW, I do not include Java AWT here because AWT has different architecture with Swing. AWT widgets have their peers from mother OS. So, they are so-called heavyweight components. Meanwhile, Swing widgets are lightweight because all components are "drew" purely by Java.

Edit:
As we can see in ExtJS 4.0 beta release, Sencha changes its class model in ExtJS 4.0. Then introduced a new concept "mixin (mixed in)". Therefore, the Observable class becomes a mixin of Component class. So, now, we can see that ExtJS is more similar as Java Swing. Below is the diagrams linked from ExtJS blog to describe its new class system.

Tuesday, April 6, 2010

We don't need MVC framework on the server side today

I got this thought several years ago when I evaluated Ajax libraries for one project about upgrading an old enterprise application written in PHP and Java. I recalled this because I interviewed with one employer who intends to select Zend Framework now (in 2010). Its implementation of MVC is one of reasons for them to choose Zend Framework. Zend framework could be good candidate for implementing enterprise application. However, I do not think a Rich Internet Application or a Single Page Application needs a MVC framework on the server side today.

Many software vendors talked about Ajax when Ajax was becoming popular. However, many of them talk about their own server side framework, which i personally do not like. I divide those Ajax frameworks into two classes. One is client side pure JavaScript library. The other is Ajax framework running on the server side to generate client side Ajax widget. Personally, I like the pure javascripts libraries for developing Single page enterprise application.

It is not necessary to adopt MVC framework on the server side if we are developing a Single page Web application because we will not generate View on the server side. Supposing we are using ExtJS or Dojo to developing a Single page Web application. All views (widgets) could be written in JavaScript. Browser can either download whole views at one time or dynamically download views on demand. Therefore, why do we still need a MVC framework on the server side? I believe that we only need a front control framework on the server side to supply data (modal) to render views downloaded in browser. With this design, we clearly divide view development and models developing. Also, it is possible to divide developing team into two group. One is good at JavaScript coding and will focus on JavaScript code. The other is good at PHP coding or Java coding and will focus on server side programming. Furthermore, we can avoid mixing HTML, Javascript, and PHP or Java code as much as possible. A designed protocol will link server side and client side applications. JSON could be a good candidate technique to be used for delivering data between browser and server.

Maybe, it could be good idea to implement an Javascript MVC framework in browser?

Saturday, April 3, 2010

Install KDE on Fedora with GNOME

Because of license issue, KDE is not included in Fedora installation CD by default. But, the KDE desktop environment is really attractive. I feel it looks better than GNOME. So, we need to install the KDE. There are different ways described how to do it. I write what I found here in case I need to do this again. Then, I do not need to spend time on searching again. command is simple,

yum -y groupinstall 'KDE' 

Thursday, April 1, 2010

Include Java source code in generated JavaDoc

I wanted to include Java source code directly in generated javaDoc. However, I found that I forgot it. And it is not very quick found after I google it though it should be very simple. Maybe, it is too simple and people is not bothered to document it. So, I am writing a note here in case I will forget it again.

It is really very simple. All I need to do is just put "-linksource" option when I use javadoc tool. In netbeans, it is very easy to generate javadoc by right clicking the project and selecting "Generate Javadoc" menu item. In order to include java source code, we need to add options to project properties as below,
  1. right click your project and select properties.
  2. selecting Documenting under Build node in the pop up window.
  3. adding -linksource in the "Additional Javadoc Options" text field.
See below pic for a clear view.