Tuesday 24 April 2012

How to use Force.com Database SDK on Google APP Engine

It has been a couple of months I’ve started to work on a cloud project. To reduce costs, I’ve then decided to host the app on GAE while the database should be host on database.com. By these days, I just know that GAE support JPA with datanucleus API, and that database.com provides an extension of datanucleus that could be used to work with its database: it was quite fine for me. But the thing I didn’t figure is that GAE only support version 1 of datanucleus while database.com supports version 2, and moreover these two versions were incompatibles. I was then stuck with a problem: How to access my database hosted of Force.com from my application hosted on GAE? It’s true I’d a choice, the one of using web services, but it will break my architecture since I wanted all my business code to be hosted on GAE, and I also like working with JPA. I’ve then started to find if someone faced the same problem and how it’s been overcome, but I’ve not been satisfied. Therefore, when in January Google decided to provide an implementation of datanucleus 3, I thought it was time to modify Force.com SDK to let it work with datanucleus 3 and therefore to be compatible with GAE.
I then downloaded Force.com SDK source code and started to work on it, and after few weeks I ended with a first version that supports datanucleus 3.0.6, and I integrated this version in my app, and it worked quite fine. However this version suffers of two problems: 
  1. You can’t use it to enhance your classes: Since each entity class need to be enhanced before used, I’ve used existent version of Force.com SDK API to enhance my classes (in a separate project) before integrating them in my final project. 
  2. This version only works with datanucleus 3.0.6: I plan to upgrade it to make it work with the recent versions of datanucleus. 
I have created an open source GIT repository where I’ve put sources, and then changes could be added as measure as it is needed. However, you could find attached to this document the libraries modified you could use within yours GAE Projects. I hope it will be helpful for you...

Friday 17 February 2012

How to automatically reconnect a Data source when the Application server and DBMS are not on the same server?

When I have started working on my current project (a J2EE software that will manage all travel agencies of Cameroon), I faced a problem I didn't heard about before. In fact, before digging into the problem allow me to brieftly describe the architecture of the system.
In fact we are using a J2EE architecture (using JBoss as application server) with rich clients (Swing), and our data are stored in Oracle 10g. But the very concern here is that JBoss and Oracle are located on two different servers bounds by a network connection. Therefore, what could be the problem?
When I was doing tests, due to my environment, sometimes the network connection was lost, and once it was restablished, my datasource could no longer connect to Oracle, I then needed to restart this datasource. This problem could be worst in an exploitation environment, since the service could be stopped longer than accepted.
Overcome this problem, could be done by a good configuration of the datasource, by adding a tag <valid-connection-checker-class-name>, and in my case that's the tag I've added:
<valid-connection-checker-class-name>  
org.jboss.resource.adapter.jdbc.vendor. OracleValidConnectionChecker 
<\valid-connection-checker-class-name>

I hope this post will help you to overcome quickly this kind of problem, and even if this connection will be lost rarely, it's better to anticipate.

Friday 10 February 2012

Why I've made so long before taking a certification exam.

I've been working with java related technologies for seven years today, and with software firm for five years, however I have never taken an exam. Maybe, because I was thinking my experience was good enough to prove my skills. But recently, when I've decided to move forward and start to work for the world best companies, I've noticed that they don't care about my past experiences, since the companies in which I've worked were not known internationally and moreover, were African's firms. Therefore, my past experience doesn't weight as I though. I decided to prove that African firms also should be considered in terms of its engineers, and the way I found was firstly to pass some certifications, and with good scores; and secondly show on this blog the challenges I face in my daily job and how I do manage them.
The big deal here is that, with my full time job as Senior software engineer at AFFIXE Software Engineering (where I'm currently running two projects) and my part time Computer science PhD in the area of web semantic, it seems to be difficult to find time to prepare certifications in a way I could not miss any question. Then, In November, I decided it was time to know if I was right about the skills of African firms' software engineers, I schedule my OCJP 6 (Oracle Certified Java Professional) two weeks later. And I did quite good (93%). Even if it was not easy to prepare, my past experience allowed me to use materials in a smart way (thanks to Katty Sierra for her book, who is, for me, the best book when you plan to pass this certification). And I'm planing to pass the others certifications quite soon, since I would like to take all the Java certification path, thence demonstrate I deserve my Senior Software Engineer role at AFFIXE and I could have it anywhere .
If there is something I could learn from this experience is that, the fault is not only to the others, but firstly ours, since we should prove the world they have to deal now with us, and we could do it by using the tools they use to grade themselves: Getting the best and strongest certifications, and with good scores.
Finally, if I've not blogged since, it's because I was working on it, but I've come back and now I'll introduce you in my everyday job, and you'll find how much challenging and interesting it could be!

Monday 5 September 2011

Too simple way to encrypt/decrypt data using Java Security API

If I write this tutorial, it is because the previous seems to be very complicated for newcomers, since it deals with many aspects at the same time. Therefore, the question I want to responds is: How can I crypt my date in a simpler way, you know, as in some languages, only by giving the text to crypt and a key to use. Is it possible in Java? Don't care, it is possible and even more, it is simple to do, and the aim of this tutorial is to prove you.  

Design
Contrary from the first tutorial, we will no longer generate a random key but create one from the string key the user will give. Therefore, we will only need two methods, one for encryption and another for decryption. 
Implementation
In this implementation we use Blowfish algorithm, but you could change it without efforts. And all this methods have been marked static, since they don’t belong to any context.
The “getEncodedString” method
We'll use this method to encode our string. The code is similar to the one I presented in the previous tutorial, but here the key is not generated but given by the user
    public static String getEncodedString(String text, String key) throws
            Exception {
        SecretKeySpec keyS = new SecretKeySpec(key.getBytes(), “Blowfish”);
        Cipher cipher = Cipher.getInstance(“Blowfish”);
        cipher.init(Cipher.ENCRYPT_MODE, keyS);
        byte[] cipherText = cipher.doFinal(text.getBytes());
        return new String(cipherText);
    }
We first start by indicate which algorithm we’ll use, we therefore initialize a cypher with our key converted to array of bytes. Notice that we initialize our cypher with the encrypt mode (Cipher.ENCRYPT_MODE). We then use the doFinal method of the cypher to encrypt String, and as with the previous method we convert result to String before returning it.
The “getDecodedString” method
This method works as the previous, the only difference is the initialization mode of the cypher.
    Public static String getDecodedString(String text, String key) throws
            Exception {
        SecretKeySpec keyS = new SecretKeySpec(key.getBytes(), “Blowfish”);
        Cipher cipher = Cipher.getInstance(“Blowfish”);
        cipher.init(Cipher.DECRYPT_MODE, keyS);
        byte[] newPlainText = cipher.doFinal(text.getBytes());
        return new String(newPlainText);
    }
As with the first method, we first start by indicate which algorithm we’ll use, we therefore initialize a cypher with our key converted to array of bytes. Notice that we initialize our cypher with the decrypt mode (Cipher.DECRYPT_MODE). We then use the doFinal method of the cypher to decrypt String, and as with the previous method we convert result to String before returning it.
Conclusion
In this very short tutorial, we have presented a way to use Java Security API to encrypt and decrypt data in a very simple way. This tutorial show a simple way to use Java Security API. But you should be asking, why have I started by showing a more complicated method before this one: It is simple due to what my friend wanted to do. He wanted a secure and simple way to encrypt its data. By using a key randomly generated, its security was reinforce. I hope, this tutorial will be helpful...



Thursday 11 August 2011

How to use Java Security API to crypt some data

Recently, I have been asked by a friend of mine a library he could use to crypt credentials (login, pwd and …), therefore I told him he could use Java security API. But the problem is that he was a new Java programmer, and this API seemed very complicated for him, he was wanting a library where he could find two methods with simple signatures (one to encrypt and another to decrypt). Therefore, I implemented a façade that will hide the specific aspects of this library.
I will then use this tutorial to explain how I have done to reach this objective.


Design
As you know, the algorithms used with the Java Security API use a key to crypt data, therefore the very first thing to do is to generate this key, and save it. You could then use this key, later, to encrypt and decrypt your data. To reach our objectives, we have then to provide a method to generate a key, in such manner that it will be very easy for a very beginner to save it (what‘s better than String J?). After we’ll provide a method to encrypt a string with a string key and return a String, and the last method with same signature will be used to decrypt encoded string.
Once we have these methods, how could we proceed to reach our objectives? It’s quite simple. We use a property file for example where we’ll store the key. When, we first generate the property file or when this file is corrupted, we generate the key and save it. Therefore, later when we have to encrypt or decrypt some data, we only read our key and use it. I know, you prefer to see code, no problem, let’s move
Implementation
In this implementation we use DES algorithm, but you could change it without efforts. And all this methods have been marked static, since they don’t belong to any context.
The “generateKey” method
As we have told before, we’ll use this method to generate the key we’ll use later to encode or decode our String.
    public static String generateKey() throws Exception {
        KeyGenerator keyGen = KeyGenerator.getInstance("DES");
        keyGen.init(56);
        Key key = keyGen.generateKey();
        return new String(key.getEncoded());
    }
We first indicate which algorithm we want to use (DES), therefore we generate the key. Since this key is an array of byte, we convert it to a String, before returning it.
The “getEncodedString” method
After having generated our key, we’ll use this method to encode our string
    public static String getEncodedString(String text, String key) throws
            Exception {
        SecretKeySpec keyS = new SecretKeySpec(key.getBytes(), “DES”);
        Cipher cipher = Cipher.getInstance(“DES/ECB/PKCS5Padding”);
        cipher.init(Cipher.ENCRYPT_MODE, keyS);
        byte[] cipherText = cipher.doFinal(text.getBytes());
        return new String(cipherText);
    }
As with the first method, we first start by indicate which algorithm we’ll use, we therefore initialize a cypher with our key converted to array of bytes. Notice that we initialize our cypher with the encrypt mode (Cipher.ENCRYPT_MODE). We then use the doFinal method of the cypher to encrypt String, and as with the previous method we convert result to String before returning it.
The “getDecodedString” method
This method works as the previous, the only difference is the initialization mode of the cypher.
    Public static String getDecodedString(String text, String key) throws
            Exception {
        SecretKeySpec keyS = new SecretKeySpec(key.getBytes(), “DES”);
        Cipher cipher = Cipher.getInstance(“DES/ECB/PKCS5Padding”);
        cipher.init(Cipher.DECRYPT_MODE, keyS);
        byte[] newPlainText = cipher.doFinal(text.getBytes());
        return new String(newPlainText);
    }
As with the first method, we first start by indicate which algorithm we’ll use, we therefore initialize a cypher with our key converted to array of bytes. Notice that we initialize our cypher with the decrypt mode (Cipher.DECRYPT_MODE). We then use the doFinal method of the cypher to decrypt String, and as with the previous method we convert result to String before returning it.
Conclusion
In this very short tutorial, we have presented a way to use Java Security API to encrypt and decrypt data in a simple way. This tutorial has just scratched the surface of this huge library, giving then the opportunity to less experienced Java developer to use a secure and simple way to protect their data. If you want any help to a specific aspect of this library or this tutorial, don’t hesitate to let a comment, I’ll then provide another tutorial dealing with your needs. I hope, this tutorial will be for any help.