Deleting items in a Map

Suppose we want to delete some items from a map based on indices, which is passed as an array. We can’t delete them by iterating through the array, because each time when we delete an item, the hash map shrinks by one. So the new index will be different from what we expect. We can use the following code to perform the operation without any delays.

public void deleteItemFromMap(String[] indexArray){
List beanList = getMap();
MyBean myBean = null;

int index = 0;
int newIndex;

if(indexArray!=null){
for (String indexString : indexArray) {
newIndex = Integer.parseInt(indexString) – index;
myBean = beanList.remove(newIndex);
if(null != myBean){
index = index + 1;
}
}
}

}

A very good Java Decompiler

JD|Java Decompiler is one of the best decompiler I have used. Visit them here.

This can be used as a stand alone application as well as an eclipse plugin. This works like achieve application in case of of jar files.
The site url to be used is http://java.decompiler.free.fr/jd-eclipse/update

Need help in installing it in MyEclipse?. Download the word(docx) file here.

Give it a shot.

White Space problem in ATG Application

We had an issue in one of the previous projects. The problem is that the html page getting generated has more white spaces and the resulting html size is too much. We can avoid this thing by modifying the deployment descriptor.

<init-param>
<param-name>trimSpaces</param-name>
<param-value>true</param-value>
</init-param>

Also we can use the following pattern to reduce white spaces alternatively in dsp pages.

<dspel:page
><dspel:droplet name=”/test”
><dspel:oparam name=”output”
>Name: <dspel:valueof param=”test”
/></dspel:oparam
></dspel:droplet
></dspel:page>

Another approach is to use JSP comments instead of new lines.

<dspel:page><%–
–%><dspel:droplet name=”/test”><%–
–%><dspel:oparam name=”output”><%–
–%>Name: <dspel:valueof param=”test”/><%–
–%></dspel:oparam><%–
–%></dspel:droplet><%–
–%></dspel:page>

NB:- I know the code fragments provided in the topics are very low in readability. Please blame WordPress….

Reference:
1. http://betweengo.com/2008/08/22/trim-white-space-from-jsp/
2. http://www.caucho.com/resin-3.0/jsp/faq.xtp

XSS – Cross Site Scripting Security Issue

Websites get complex day by day with lot of dynamic content to display. So the vulnerability is also proportionate. Cross Site Security Issue is one of them. Let me explain this in terms of what I had faced.

So in an e-Commerce site, we normally have an option to search. Now we search for a term say “ffddjkl” . There is no result associated with that search term. So we display a message indicating that similar to following.

There are no results associated with the term ffddjkl.

Now suppose you have given <EMBED SRC=”http://www.htmlcodetutorial.com/graphics/sounds/1812over.mid” AllowScriptAccess=”always”></EMBED>in the search text field. Obviously there is no results for this term. So we display the the above message, with the new search text. Here comes the vulnerability, when you get the search results page, the midi file gets started to play. So you get the security catch, right?

Here we use the following code segment to display the message.

<fmt:message key=”resourceBundleKey”>
<fmt:param value=”${param.searchText}”/>
</fmt:message>

To avoid the vulnerability, we should have something like this.

<fmt:message key=”resourceBundleKey”>
<fmt:param>
<c:out value=”${param.searchText}” escapeXml=”true”/>
</fmt:param>
</fmt:message>

When you have a tag that doesn’t allow you to set the value by tag body rather than by attribute, use the following.

<c:set var=”myEscapedVar” scope=”page”>
<c:out value=”${param.someRequestParameter}” escapeXml=”true”/>
</c:set>
<some:tag value=”${pageScope.myEscapedVar}”/>

For more information on XSS information, visit the http://www.cgisecurity.com/xss-faq.html
Reference: http://michaelstudman.com/fullfathomfive/articles/2004/05/31/el-and-cross-site-scripting-attacks-jsp-2-functions-to-the-rescue

Encryption in ATG

The Out of the box implementation uses the MD5 encryption algorithm.  Suppose we need to have some other encryption algorithm over MD5. My requirement was to add SHA-256 over the already encrypted value with MD5. The following are the changes I had done to get it done.

The component which does the encryption is DigestPasswordHasher. We need to override the encryptPassword() method.

The attached is the code fragment used . The copy and paste of the code seems weird. So I am attaching the file.

See it here.

ATG User Input Sample Code

The attached file contains the code for getting the user inputs. The jsp file gets the input from user in various forms.

1. Text field
2,. Checkbox
3. Dropdowns
4. Radio buttons

The zip file contains the FormHandler other than the jsp file.
Download it

Linux Help2 – File system

Read more about the file system here.
http://linuxconfig.org/Filesystem_Basics

Linux Help 1

My Windows Xp system had a virus attack. That was horrible. I lost all of my data.
So started thinking Linux as an alternative. As a first step I had ordered for free CD of Ubuntu. Do it here

The following are the the useful and interesting things I have come across.

Ubuntu Pocket Guide and Reference
http://www.ubuntupocketguide.com/index_main.html

Unique Penguin
http://www.100mb.nl/

Bash command index
http://www.ss64.com/bash/

Linux Crashed.( i know its rare, but it happened.)
Ctrl+Alt+Del won’t work.

Find and press Alt and PrtSc buttons together. Then type REISUB,while
holding the above two buttons. The system will restart.
http://en.wikipedia.org/wiki/Magic_SysRq_key

Security FAQ
http://www.linuxsecurity.com/docs/colsfaq.html

Software Directory for GNOME
http://www.gnomefiles.org/

Popular Live CD List
http://www.livecdlist.com/?pick=All&sort=Purpose&sm=0

Online System Information

Why wasting the hard disk space by downloading applications to get the system information? Try this.
It will fetch a number of properties associated with the system online.

http://www.computerhope.com/cgi-bin/systeminfo.cgi

Better lighting…for your computer

People are nowadays working on computers for long hours. Health experts say that this can lead to many problems. One of the most affected parts of the human body is eyes. People say the new LCD/TFT monitors are better in comparison with the old CRT monitors. But staring that object for long hours can definitely be harmful, I believe.

Recently I came  across a software(f.lux) which helps to adjust the display setting based on the time. I have been trying f.ux for sometime. I feel it wonderful. I would recommend f.lux to anyone who sits in front of computer for long time. Moreover it costs you only few megabytes of hard disk space and some RAM space.

http://www.stereopsis.com/flux/