Wednesday, September 25, 2013

JBoss 7 AS / JBoss 6 EAP spring-security triggers login-config.xml fix


After migration of our web application with spring-security 3.1.4 from JBoss 4 we got the following warning and could not login. Other web application without spring-security worked with the JBoss security config from standard.xml

Logging:
21:39:09,921 WARN [org.jboss.security] (ServerService Thread Pool -- 43) PBOX000231: End loadConfig, failed to load config: file:/D:/tools/appserver/jboss-eap-6.1/bin/login-config.xml: java.io.FileNotFoundException: D:\tools\appserver\jboss-eap-6.1\bin\login-config.xml (The system cannot find the file specified)
at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_25]
at java.io.FileInputStream.<init>(FileInputStream.java:138) [rt.jar:1.7.0_25]
at java.io.FileInputStream.<init>(FileInputStream.java:97) [rt.jar:1.7.0_25]
at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90) [rt.jar:1.7.0_25]
at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188) [rt.jar:1.7.0_25]
at java.net.URL.openStream(URL.java:1037) [rt.jar:1.7.0_25]
at org.jboss.security.auth.login.XMLLoginConfigImpl.loadSunConfig(XMLLoginConfigImpl.java:416) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:384) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:360) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
at org.jboss.security.auth.login.XMLLoginConfigImpl.refresh(XMLLoginConfigImpl.java:113) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
at org.springframework.security.authentication.jaas.JaasAuthenticationProvider.configureJaas(JaasAuthenticationProvider.java:159) [spring-security-core-3.1.4.RELEASE.jar:3.1.4.RELEASE]
at org.springframework.security.authentication.jaas.JaasAuthenticationProvider.afterPropertiesSet(JaasAuthenticationProvider.java:132) [spring-security-core-3.1.4.RELEASE.jar:3.1.4.RELEASE]


One solution is to add a login-config.xml and set the system-property as in  https://community.jboss.org/thread/213122
standalone.xml
<property name="java.security.auth.login.config" value="${jboss.server.config.dir}/login-config.xml"/>

Create a login-config.xml with you're config (duplicated from standalone.xml)... That's not the solution we want. We want to configure the security only in standalone.xml

After investigation the source XMLLoginConfigImpl I discovered a refresh is triggered and the JBoss security config from standalone.xml is removed.
After I read the source code of JaasAuthenticationProvider : http://grepcode.com/file/repo1.maven.org/maven2/org.springframework.security/spring-security-core/3.1.4.RELEASE/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java#JaasAuthenticationProvider.0refreshConfigurationOnStartup

*The solution* https://jira.springsource.org/browse/SEC-1320
refreshConfigurationOnStartup could be disabled:

Change in spring-security.xml refreshConfigurationOnStartup to false:
<beans:bean id="jaasAuthenticationProvider" class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider">
<beans:property name="refreshConfigurationOnStartup" value="false"/>

Now spring-security does not trigger the refresh and you can use the JBoss security config now :-)

Wednesday, September 18, 2013

JBoss 7 AS / JBoss 6 EAP : Could not create connection to MBean server: : java.net.MalformedURLException: Unsupported protocol: remoting-jmx

I want to gather jmx mbean information from a remote Jboss 7.2 AS from my application WAR deployed on an other JBoss instance.

When I tried to connect with service:jmx:remoting-jmx://servername:9999 the following error occured:
Could not create connection to MBean server: :  java.net.MalformedURLException: Unsupported protocol: remoting-jmx
The first test is a connection from jconsole with the remoting-jmx url. The connection was successful, this verified my jboss configuration is correct.
  Tip: Start from your jboss/bin/jconsole.bat or sh so the correct jars are on the classpath. Use the username/password that is used for the administration console.

I knew about the jboss modules so I added the remoting-jmx module, still no success. Then after a lot of searching and wrong answers I found the solution at:
The most important part is services="import" otherwise the unsupported protocol still occur.

Note:
In JBoss 7.2 AS / JBoss 6.1 EAP the org.jboss.remoting3 is changed to org.jboss.remoting-jmx

Also tried it with services export in standalone.xml without success
<subsystem xmlns="urn:jboss:domain:ee:1.1"><global-modules> <module name="org.jboss.remoting-jmx" services="export"/></global-modules>

Example correct solution:
The jboss-deployment-structure.xml in the WEB-INF dir:
<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.1">
  <deployment>
  <dependencies>
    <module name="org.jboss.remoting-jmx" services="import"/>
  </dependencies>
  </deployment>
</jboss-deployment-structure>


Thursday, October 25, 2012

Volkswagen (polo) slot reparatie set


Vorige week bleef de sleutel in de polo vast zitten. De sleutel kon er niet meer uit omdat het slot niet meer helemaal draaide. Uiteindelijk na veel gedraai kwam de sleutel eruit. Vervolgens het slot eruit gehaald: 1 torx schroefje losmaken bij het portier en vervolgens het handvat van het schoefje afduwen. (deurpaneel hoeft er niet af). het bleek dat er in de cilinder van het slot wat onderdelen afgebroken waren. Bij de volkswagen dealer een reparatie set gehaald voor 17 euro.
Installeren van de volkswagen slot repartie set kan nogal lastig zijn. De veer is nogal lastig erin te krijgen. Met de volgende video is het toch gelukt :

Ik heb alleen een kleine schroevendraaier gebruikt om de veer op zijn plek te krijgen.

Friday, March 25, 2011

Slow .Net performance in IIS when memory hungry app on multi core processor (>=8)

Case:
.Net actions uses lot of memory (50+mb) cause to run very slow in IIS

Symptoms:
.Net application standalone is fast, in IIS running 10 times slower on a multi core processor (>=8)

Garbage collector is running all the time 40% (Performance monitor .Net CLR Memory -> %Time in GC)
Choosing Which Garbage Collector to Use

The CLR has two different GCs: Workstation (mscorwks.dll) and Server (mscorsvr.dll). When running in Workstation mode, latency is more of a concern than space or efficiency. A server with multiple processors and clients connected over a network can afford some latency, but throughput is now a top priority. Rather than shoehorn both of these scenarios into a single GC scheme, Microsoft has included two garbage collectors that are tailored to each situation.
Server GC:
  • Multiprocessor (MP) Scalable, Parallel
  • One GC thread per CPU
  • Program paused during marking
Workstation GC:
  • Minimizes pauses by running concurrently during full collections
The server GC is designed for maximum throughput, and scales with very high performance. Memory fragmentation on servers is a much more severe problem than on workstations, making garbage collection an attractive proposition. In a uniprocessor scenario, both collectors work the same way: workstation mode, without concurrent collection. On an MP machine, the Workstation GC uses the second processor to run the collection concurrently, minimizing delays while diminishing throughput. The Server GC uses multiple heaps and collection threads to maximize throughput and scale better.



Workstation or Server Garbage Collection

Determine if you are using the correct type of garbage collection. If your application uses multiple threads and object instances, use server garbage collection instead of workstation garbage collection. Server garbage collection operates on multiple threads, whereas workstation garbage collection requires multiple instances of an application to run their own garbage collection threads and compete for CPU time.
An application that has a low load and that performs tasks infrequently in the background, such as a service, could use workstation garbage collection with concurrent garbage collection disabled.

how server and workstation gc work
Workstation garbage collection can be concurrent or non-concurrent. Concurrent garbage collection enables managed threads to continue operations during a garbage collection.
If you specify server garbage collection, the CLR uses workstation garbage collection with concurrency disabled.
  • Server garbage collection can be resource-intensive. For example, if you have 12 processes running on a computer that has 4 processors, there will be 48 dedicated garbage collection threads if they are all using server garbage collection. In a high memory load situation, if all the processes start doing garbage collection, the garbage collector will have 48 threads to schedule.
If you are running hundreds of instances of an application, consider using workstation garbage collection with concurrent garbage collection disabled. This will result in less context switching, which can improve performance.

Workstation Concurrent garbage collection enables interactive applications to be more responsive by minimizing pauses for a collection. Managed threads can continue to run most of the time while the concurrent garbage collection thread is running. This results in shorter pauses while a garbage collection is occurring.
To improve performance when several processes are running, disable concurrent garbage collection.



Solution:
Aspnet.config

<configuration>
<runtime>
<gcServer enabled="false"/><!-- false is workstation Gc-->
</runtime>
</configuration>

Considerations: gcServer is configured for throughput, what is the effect on processes that do not use a lot of memory. Is there a performance difference in concurrent call?

Friday, February 4, 2011

SVN “Could not read status line: connection was closed by server”

When I setup op a simple svn server with
svnserve -d -r D:/svn-database --listen-port 12345
My tortoisesvn client replied “Could not read status line: connection was closed by server

Then tried to connect via the web browser and the reply was:
( success ( 2 2 ( ) ( edit-pipeline svndiff1 absent-entries commit-revprops depth log-revprops partial-replay ) ) )

With Google and I found this:
http://www.thinkplexx.com/learn/howto/scm/svn/fix-could-not-read-status-line-connection-was-closed-by-server

Solution
The svnserve protocol was svn and I tried http, duh!
svn://localhost:12345

This fixed the obscure svn message “Could not read status line: connection was closed by server

Saturday, December 11, 2010

How to convert 1 Amp USB car charger to AC charging mode

After ordering "Car Cigarette Powered 1000mA USB Adapter/Charger - Black (DC 12V)" for only $1.99 from http://www.dealextreme.com/details.dx/sku.40470 it only charge my HTC Desire slow at 500mA USB max charge speed.

For AC charger mode (1000mA) you need to connect pin 2 and 3 and remove al connections from the current to pin 2 and 3.
The examples I found on the internet have an other PCB design than the latest, so the connections to remove aren't the same. The other PCB  :
 

Let's mod it to a fast car charger, first open it:

Be carefull it isn't as easy like the video shows, it is clued together.

1. solder pin 2 and 3 together (orange)
2. remove R5, R7, R3, R8 (red)

PCB 06908A-27


Goto Setting -> Battery information аחԁ іt ѕһουƖԁ ѕһοw Charging (AC).  Before the mod it shows Charging (USB). 


This is all on your own risk of course...


Sunday, December 5, 2010

JBoss 5.1 stops responding after 30 minutes HTTP 404

Lately we had a problem. Our JBoss web server stopt after 30 minutes/ 1800 seconds. If there was activity or not the web server did not accept any requests it returned only HTTP 404 not found for servlets that worked perfectly before.

When we put the vfs cache timeout to  45000 seconds and the problem occured after 12,5 hours. Classes are unloaded from the class loader, classes that worked before (spring JdbcTemplate) gave NoClassDeffError / ClassNotFoundException.
There were JBoss servers that worked and servers that stopt responding... After a long search I found a difference in the VFSCache there where duplicate directories (jboss.vfs -> list contextroot).
I thought is this normal? Later on with a consultant we analysed the screen and he noticed: There is a case difference in the dir name!
Hmm the server is started in the windows service with run.bat -contw and the dir is Ontw
After changing the dir to ontw there where no duplicate dirs and the server runs for hours no on the default vfscache settings.

Windows dirs are case insensitive. HashMaps keys in java are case sensitive. This problem would never occur on linux (the jboss server will not start).
Tip: always use lowercase configuration dirs for jboss.

Reported: https://issues.jboss.org/browse/JBAS-8766