This week's book giveaways are in the Jython/Python and Object-Oriented programming forums.
We're giving away four copies each of Machine Learning for Business: Using Amazon SageMaker and Jupyter and Object Design Style Guide and have the authors on-line!
See this thread and this one for details.
Win a copy of Machine Learning for Business: Using Amazon SageMaker and JupyterE this week in the Jython/Python forum
or Object Design Style Guide in the Object-Oriented programming forum!

Drenriza Housen

Greenhorn
+ Follow
since Nov 14, 2019
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
1
Received in last 30 days
1
Total given
2
Given in last 30 days
1
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Drenriza Housen

Thanks for the answers!
2 weeks ago
JSP
Thanks for the feedback @Paul and @Tim!

Paul Clapham wrote:
But I'm just making assumptions here. Perhaps you could clarify your question? What would be helpful would be an actual example of the generated form and a description of how and where it might be harmfully changed during the process.



An example could be, in my HTML i have a <form> element that contains my questions (totally random questions)
Question1: How likely are you to recommend us?
Answer: 1 (never) to 9 (extremely likely)

Question2: (select all that apply) How would you describe yourself?
<input type="checkbox" ...

The first question only has one answer, the second question can have many answers.

Lets for the sake of the argument say i hardcode all questions and answers by hand in my .jsp and send this page to the client.





There is nothing to stop the client from inspecting the <select> element and changing Q1 to Q8 and the values to something like "farting king".
Lets say i by chance have a Q8 question that also is a single answer question, so it would be possible to save the answer.

How would i at the server when i receive the response be able to determine
"I sent this client a Q1 question (or a series of questions Q1, Q2, Q7, Q4 ...) but got back a Q8 question, this is wrong, dont save data"

or
"I sent this client Q1 that i know has answers ... but i received an answer that Q1 does not have, this is wrong, dont save data"

Thanks for all the feedback!
2 weeks ago
JSP
Hi all!

I have a form.jsp that is located in the /WEB-INF/ section of my project.
My form is generated dynamically and i have been researching for a way or method to check that,
from i generate and send my form to the client, and to the server receives it again, has any questions or answers been changed by the client or in transit?

For example, i send the questions
1. Happy?
2. Neutral
3. Angry

1 = good
3 = bad

If the client either changed the value 1 to 3 or the text of the questions i imagine that the integrity of the form has been broken and the client should be redirected back or to an error page,
and the data of the form should not be saved (SQL).

I was imagining that maybe somehow you could make a serverside checksum of the form when sending and receiving it, if these dont match = discard, else save.

Is there a 'best practice' way of solving such a task?

I have been trying to Google any resources / articles / other on the subject, but have not been able so far to find anything i could use.

Thanks in advance!
Best regards!
3 weeks ago
JSP

Tim Holloway wrote:The log4j.properties file must reside in /WEB-INF/classes. It's found via the application classpath. I prefer the XML version myself. It's more flexible.

Since you're using Docker, even if the logfile was created you'd only be able to see it if you had exported the /usr/local/tomcat/logs directory. Which depends on how the Dockerfile was set up.



Thanks Tim! When i create the container i also declare a mountpoint so i can access the application.log file that i create with log4j on my host system.
I connect /var/log/webapps/appName to Docker /usr/local/tomcat/logs/application

And everything works, i have evolved!

Thanks @Tim and @Paul!
Thanks for all the feedback!

I have created a log4j2.properties file


Imports


I (try) get and write to the logger by


But the logging file is not created in the path (that exists) when the application starts.
I have read that log4j automatically creates files as necessary as long as the parent path exist.

my log4j2.properties file is located in /WEB-INF/

in my pom.xml for maven i have entries for log4j2 as follows


web.xml log4j configuration


EDIT - START
The solution was to check
https://logging.apache.org/log4j/2.x/manual/configuration.html
https://logging.apache.org/log4j/2.x/manual/appenders.html

And correct the 1.x to 2.x configuration
log4jConfiguration -> log4j.configurationFile

log4j2.xml configuration (example)

EDIT - END

Any advice as to why log4j does not create the log file described in its properties file nor seems to run / start is MUCH appreciated.
Thanks in advance
Best regards!
Hi @Paul Clapham Thanks for your reply!

You said this was a "JSP web" project. So regardless of that logging issue, where do you expect System.out to point to?



I am expecting System.out to point to Dockers container log "catch" mechanism. Which in the Tomcat image should be implemented per default through catalina.sh

the catalina 'run' command is designed to redirect all logs to stdout



Hi @Tim Holloway! Thanks for your reply!

I understand that logging to a file is considered best practice, instead of logging to stdout (Linux).
Though for my understanding of how logging to stdout works i would very much like to get my current project to work, where i can use log4j to log messages of different level to stdout.

So i have been digging in it a bit to try and understand what is going wrong.

To run my JVM i am using Docker, which as i understand has a series of logging drivers that Tomcat's image from Docker hub uses to use a "de-facto" way to log to the Docker container the image runs in,
from there Docker saves the log to a file that you can determine the size of and rotate when necessary.

In my Java-EE project i have not directly used a logging framework or implemented one before, i have just always used System.out and never really given it much thought.
Currently i'am using Quartz library (API) that under the hood uses slf4j.

The problems i have are currently
1. Quartz starts a scheduler that has a series of tasks that executes different methods. If i in these methods use System.out, messages are written to the console no issues.
But if i use System.out in a method not managed by Quartz, nothing is written to the console.

2. I have tried to implement log4j and slf4j by themselves, and also followed this guide https://www.codejava.net/coding/how-to-initialize-log4j-for-java-web-application to make sure that the log4j configuration was loaded properly.
But trying to log anything to the console is a no-go, and we are back to problem #1.

I think it's super weird, Docker has a standardlized way of getting receiving console logging, and Tomcat's upstart logs along with System.out inside Quartz methods are logged fine.
But everything else is not.

Hope someone has an idea as to what i could look into or try to learn what is going wrong.
So i have been reading a bit about why system.out is bad in web applications, and there is many examples.

After reading some more about log4j and trying out different things i still cannot log message statements to the console.

In my /WEB-INF/classes/log4j.xml i have following


I have been trying to get the logger object to actually log messages by


and



I have also tried to log with warn, debug, error and fatal without luck.

You do have stdout (console) defined as a log4j logging channel, and that's kind of OK, but not recommended, because while the JVM that runs the webapp server does have stdout and stderr, there's no telling where it might redirect them - and that include straight to the bit-bucket.  


What is the recommended way, is that logging to a file?

Thanks in advance
Best regards
Hi all!

I have created a very basic Quartz configuration for how Quartz should act and log.

quartz.properties


log4j.xml


And it's probably something silly, but can anyone tell me why, when i use System.out in methods that aren't executed by the Quartz scheduler, nothing is written to System.out?
Does the log4j.xml value="System.out" (or something else) hijack the System.out process?

Thanks in advance
Best regards!
I was thinking on how i could implement a <security-constraint> to secure a section of my site, that will require authentication and authorization.
I have tried to define this in my web.xml file



But when i navigate to survey.local/Anything i am not presented with the login page for the site.
my <login-config>


In my /META-INF/context.xml file i have my realm defined as


I was thinking that the realm would work by testing if a user with the username + password + role existed and return 'true' or 'false'


But so far i am not even presented with the login page.

Any and all advice is greatly appreciated!
Thanks in advance to all
best regards.
2 months ago
Hi @Tim Holloway Thanks for the reply and the insight, i learned a ton!

I will think about what you have said and how i can use it to solve my login check.
2 months ago
Hi all!

I am playing around with a survey application
"Hello will you give us feedback on your experience" type of thing.

And i was thinking that i would try and add some security to "take the survey" section, to avoid
1. Bots filling out surveys by just browsing all thinkable URL combinations, ect.
2. If someone found an active survey for a user they cannot fill it out without the password

I was thinking i could do this with using Tomcat's DataSourceRealm with
userNameCol, userCredCol and roleNameCol.

As i understand, the roleNameCol is like a group name, to give access to a given section of your site.
Q1. Is the roleNameCol necessary for the DataSourceRealm? Or can you skip it.

Q1.2. If you can skip it, what is the downside to this?

Q2. I was thinking that i could use my survey name/ID, as the roleNameCol value, but would i than need to explicitly define all these values in my web.xml or context.xml as the
<auth-constraint>, <role-name> ? This would be manual work to keep up-to-date, and i was hoping that there would be a more dynamic (automatic) approach i could use to achieve the same thing.

Any and all advice / suggestions are most welcome.

Thanks to all in advance
Best regards.
2 months ago
Thanks for the reply @Tim Holloway and @Stephan van Hulst !
You were spot on, the issue was the TIMESTAMP value, i created a 'real' PK and the issue was solved.
Also thanks for letting me know it was 'bad practice' so i could read up on it.
Hi Martin! Thanks for your reply.
Well that makes sense

Hi all!

I have a table as follows



Field Type        Null        Key Default        Extra
-------------------------------------------------------------------------------------------------------------------------
id      int(11) NO PRI NULL auto_increment              
xxxx varchar(4) YES NULL STORED GENERATED            
sent tinyint(4)        NO 0                                              
xxxx varchar(45) NO NULL                                          
date timestamp        NO MUL CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP



Inserting data into the table works as expected, and is done through a AFTER INSERT trigger on another table.

But when ever i try and update sent in the table, through
'UPDATE tableName SET sent = 1 WHERE id = 1;'

I get the following error
'ERROR 1452 (23000): Cannot add or update a child row: a foreign key constraint fails'

The FK (date) exists is inserted correctly in the table, and it matches its parent table record, it is also possing to get records from the parent through an INNER JOIN on the date column no issues.

The table is created through MySQL workbench EER diagram as an export (Forward engineer).

I have tried and Google the issue, but all the posts i can find only refer to that you need to have a matching FK in the parent when inserting into the child, which i have.
I have also tried to only insert one record in parent and child tables, but still the update fails with a single record in each.

I am probably missing something obvious, but i cant see it.
Hope someone can point me in the right direction.

Best regards.
Hi Stephan van Hulst!

Thanks for your reply! I will definitely look into your suggestions.

I had not thought about putting a proxy infront of the application, that ofcourse makes alot of sense.
A solution here could be a Nginx proxy with a rate limit and burst configuration connected with Zabbix for monitoring and notification.

Thanks for the great feedback.
3 months ago