betweenGo

Double Bows by Nicholas_T

I have been using VirtualBox for awhile and have been pretty pleased with it considering it’s a free solution.  I blogged about wanting to try it over two years ago.

Today I started up Windows 7 on my iMac.  Then I tried to start up Windows XP but got this error.

Failed to open a session for the virtual machine Windows XP Pro Media Center.

PIIX3 cannot attach drive to the Secondary Master
(VERR_SHARING_VOILATION).

Unknown error creating VM (VERR_SHARING_VIOLATION).

Fortunately Google came to the rescue and led me to this article in the VirtualBox forums, Can’t run multiple Instances on OSX Leapord.  Once I unmounted the DVD drive in Windows 7 (Devices –> CD/DVD Devices) I was able to start Windows XP.

Often server applications need to upload or download files using FTP.  But in this age of increasing security awareness vendors are now asking this be done using SFTP (Secure FTP).

Fortunately this is not difficult using the JSch (Java Secure Channel) library.  The downloadable JSch archive includes numerous examples.  I used the Sftp.java to implement SFTP for my server application.

Starting a connection to an SFTP server using JSch is somewhat simple.

JSch jsch = new JSch();

// start session
session = jsch.getSession(username, host);

// specify our own user info to accept secure connection to FTP server
UserInfo ui = new MyUserInfo(host);
session.setUserInfo(ui);

// set password
session.setPassword(password);

// connect
session.connect();

// get SFTP channel
Channel channel = session.openChannel("sftp");
channel.connect();
schannel = (ChannelSftp) channel;

The trick is getting past confirmation of the authenticity of the host. I do this my creating my own UserInfo implementation, MyUserInfo, which knows about the host I am connecting to. The only method I implement is the promptYesNo method which simply checks if the message is asking about the host I want to connect to.

protected MyUserInfo(final String pKnownHost) {
    this.mKnownHost = pKnownHost;
}

@Override
public boolean promptYesNo(final String pMessage) {
    // message looks like this "The authenticity of host 'foo.com' can't be established..."
    final int start = pMessage.indexOf("'") + 1;
    final int end = pMessage.indexOf("'", start);
    final String host = pMessage.substring(start, end);

    // is the host a known host?
    return this.mKnownHost.equals(host);
}

Now uploading is trivial.

schannel.put(src, dest);

For further reading please see Java: What is the best way to SFTP a file from a server.

Keys 1 by ~Brenda-Starr~

This is how I configured JBoss to handle HTTPS requests for secure ATG applications.

1. Create the keystore and private key.

   $ cd /opt/jboss/jboss-eap-4.3/jboss-as/server/atg/conf
   $ keytool -genkey -alias jbosskey -keyalg RSA -keystore server.keystore

2. Generate and store the certificate.

   $ keytool -export -alias jbosskey -file server.crt -keystore server.keystore
   $ keytool -import -alias jbosscert -file server.crt -keystore server.keystore

3. Enable HTTPS.

   $ vi /opt/jboss/jboss-eap-4.3/jboss-as/server/atg/deploy/jboss-web.deployer/server.xml

   Uncomment SSL HTTP/1.1 Connector section and edit. For example:

       <Connector port="8443" address="${jboss.bind.address}"
                  protocol="HTTP/1.1" SSLEnabled="true"
                  maxThreads="150" scheme="https" secure="true"
                  clientAuth="false" sslProtocol="TLS"
                  keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
                  keystorePass="letmein" />

4. Start JBoss with keystore specified. On UNIX you can do this by updating run.conf. For example:

   JAVA_OPTS="-Xms128m -Xmx512m -XX:MaxPermSize=128m -Djavax.net.ssl.trustStore=/opt/jboss/jboss-eap-4.3/jboss-as/server/atg/conf/server.keystore -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.lang.ClassLoader.allowArraySyntax=true"

Note that if you are using service bindings (i.e. uncommented service bindings section of conf/jboss-service.xml) then the bindings in the XML configuration file (e.g. sample-bindings.xml) will take precedence. In this case the secure port becomes 8543.

For further reading please see HOWTO Configure JBoss for HTTPS.