Connect to desktop web server from mobile device

The problem

I hava a Java EE application running in my development enviroment, i.e, in a desktop PC. This PC is connected to my company LAN network by using an ethernet cable.
This application uses some advance signature functions, which requiere a third party app would be installed in the client device. In this case, this application is Autofirma (it can be download from here). In my desktop environment it works fine, but we must certificate it also works in mobile devices, like Android and iOS devices.
The problem is that in order to test this web application you need to must to it from the mobile device. At this time there is not a suitable wirless connection in the company which allows this kind of tests, so you have to come out with your own solution.
I´ve been checking ways to connect my mobile device to the PC via USB cable, but I did not found a valid or easy-to-make solution. So I will propose my low-technology solution.

Target scenario

My solution consists in connect the mobile device and the desktop PC via WI-FI, by using a third mobile device as WI-FI hotspot. It also requires a WI-FI dongle or a WI-FI card in the desktop PC.

This is the whole picture of the solution.

For this simple test, I will access to my Apache Web Server home page from the android tablet.

The full environment elenemts and caracteristis are as follows:

• Desktop PC (Development environment): Windows 7
• WI-FI dongle: Who cares
• Tester mobile device: Samsung Galaxy Tab 3
• WI-FI hotspot: Motorola Moto E

Set up

Wi-Fi hotspot

In Android is very easy to configure your device as a WI-FI hotspot. This is primary intended to let other devices use its 3G/4G connection via WI-FI.

Go to settings > More > Modem and Wi-Fi zone

There you must enable the Wi-Fi hotstpot and, optionally, set up your security settings.

Desktop PC 

In the desktop PC you need to plug the USB dongle and install all required drivers. Unless you are using an extremely cheap chinese dongle, windows will recognize and configure it for you.

In your network manager you will see two networks: the LAN network and the wirless network. For this last one, if you previously enable security settings in your Wi-Fi hotspot, you will have to introduce your password before the connection could be established.

Each network connection will have its own MAC and IP address. In my case, my "ETH IP" is 192.168.1.134 and my "WI-FI IP" is 192.168.43.239.

Tester mobile device

In the android tablet, you just need to select the Wi-Fi hotspot wirless network.

Test

In the desktop PC my Apache Web Server is running on port 80. So, if you go to http://localhost you will see it. But from the tester mobile device point of view, this IP address is 192.168.43.239.
So you need to access to http://192.168.43.239. 

Trouble shooting

In order to this scenario works you may need to disable/configure the desktop PC firewall. 

Oracle - Avoid user password expiration

When you connect to Oracle you see this warning: "The password wil expire within %s days"

Check all profiles:

select * from dba_profiles

Check the profile assigned to one user:

select profile from DBA_USERS where username = 'MyUser';

For this profile, filter its limits:

select resource_name,limit from dba_profiles where profile='DEFAULT';

Check user account status and expiration date for this user:

select username, account_status, expiry_date from dba_users where username='MyUser';

With this information we know that our user is assigned to the Default profile, which has an expiration policy of 180 days. Also, this user´s password will expire on 09/01/2018. To avoid this, just update the profile´s policy.

alter profile DEFAULT limit PASSWORD_LIFE_TIME  unlimited;

The last thing to do is reset the password to its own value, in order to restart the account status to OPEN. Depending on your Oracle version, you can obtain this password by two means:

select password from dba_users where username='MyUser';

select spare4 from sys.user$ where name='MyUser';

Only one of them will return a non NULL value. Then update the user.

alter user MyUser identified by values 'S:9090878D...;T:193A657B...';

Configure Hawtio in JBoss domain mode

These are the steps to configure Hawtio in Jboss EAP 6:

• Create a Management user
• Configure JBoss security
• Disable JBoss logging subsystem
• Test

This was tested with JBoss EAP 6.2, Hawtio 1.4.9 and Java 7 (this is the reason to not use the last Hawtio release).

Create a Management user

The user who will access hawtio console will need to provide a valid credentials, and he must have asociated an specific role (group).

By using add-user.sh script you need to create a Management user, in this case 'hawtio'. Besides, this user will belong to 'roleHawtio' group.

[root@jboss01 bin]# ./add-user.sh

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : hawtio
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: roleHawtio
About to add user 'hawtio' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'hawtio' to file '/opt/jboss-eap-6.2-dc/standalone/configuration/mgmt-users.properties'
Added user 'hawtio' to file '/opt/jboss-eap-6.2-dc/domain/configuration/mgmt-users.properties'
Added user 'hawtio' with groups roleHawtio to file '/opt/jboss-eap-6.2-dc/standalone/configuration/mgmt-groups.properties'
Added user 'hawtio' with groups roleHawtio to file '/opt/jboss-eap-6.2-dc/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no
[root@jboss01 bin]#

After the command is executed, you need to replicate the mgmt-users.properties and mgmt-groups.properties files in all nodes of your domain.

Configure JBoss security

In domain.xml file you need to add the following system properties (the complete list of available properties to configure are in the this link):

<system-properties>
 <property name="java.net.preferIPv4Stack" value="true"/>
 <property name="hawtio.authenticationEnabled" value="true"/>
 <property name="hawtio.offline" value="true"/>
 <property name="hawtio.realm" value="hawtio-domain"/>
 <property name="hawtio.role" value="roleHawtio" />
</system-properties>

The property hawtio.realm is referencing the hawtio-domain, so you need to configure this domain in jboss security subsystem.

<subsystem xmlns="urn:jboss:domain:security:1.2">
 <security-domains>
  
  (...)
  
  <security-domain name="hawtio-domain" cache-type="default">
   <authentication>
    <login-module code="RealmDirect" flag="required">
     <module-option name="realm" value="ManagementRealm"/>
    </login-module>
   </authentication>
  </security-domain>
 </security-domains>
</subsystem>

Is very important to keep in mind that you need to replicate this config in all profiles of the domain.xml file.

Disable JBoss logging subsystem

If you are like me and you think that JBoss logging subsystem is a pain in the ass, probably you would like to disable it. Luckly it´s very esay, just open the hawtio WAR and add the following jboss-deployment-structure.xml file in META-INF folder:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
 <deployment>  
  <exclude-subsystems>
   <subsystem name="logging" />  
  </exclude-subsystems>

  <exclusions>
   <module name="org.apache.log4j" />
   <module name="org.slf4j" />
   <module name="org.log4j" />
   <module name="org.jboss.logging" />
  </exclusions>
 </deployment>
</jboss-deployment-structure>

Test

When these changes are done, you can deploy hawtio WAR in your domain. There you should see the following log trace, where you can check the params you specified before:

[Server:spre-segjava-1] 14:47:45,269 INFO  [stdout] (ServerService Thread Pool -- 77) INFO  | ServerService Thread Pool -- 77 | Starting hawtio authentication filter, JAAS realm: "hawtio-domain" authorized role: "roleHawtio" role principal classes: ""

If you try to access to http://[host]/hawtio/ you will be redirect to the login page and you just need to use the credentials created in the first step.

Centos 7.x - Minimal network setup

This is a continuation of a previous post, but this time dedicated to CentOS 7 (our customer is evolving!!)

Environment:

• Virtualbox 5.1.10
• CentOS 7.4.1708

Before start with the installation, in Virtualbox you have to configure two network adapters:

• Adapter 1: Host only
• Adapter 2: NAT

The first one will be used to communicate host and guest, for example, by using a ssh connection. The second one will be used by the guest in order to gain direct access to the internet.

When CentOS starts for first time, you will already had internet access. But local network will be disabled. Execute the following command to check your network interfaces:

ip add

The result will be something like this:

Here you can see three interfaces:

• lo: Loopback
• enp0s3: Host-Only adapter
• enp0s8: NAT adapter

If you have doubts about which is the host-only, you can check the MAC address and compare it with the Virtualbox adapter.

Once you are sure enp0s3 is your interface, go to /etc/sysconfig/network-scripts/ and edit ifcfg-enp0s3 file, for example with vi. You will have to make two changes:

• Set BOOTPROTO=none
• Set ONBOOT=yes
• Add IPADDR=your IP

Then execute the following command:

systemctl restart network.service

Now you will have your interface up and with the IP address you set before.

Note

As stated in my previous post, remember to configure proxy settings for system and yum configuration:

System config

Edit ~/.bash_profile file and add the following lines:

# The Web proxy server used by this account
http_proxy="http://usuario:password@my.proxy:8080"

export no_proxy=localhost,127.0.0.1
export http_proxy

YUM config

Edit  /etc/yum.conf y add the following lines:

# The proxy server - proxy server:port number
proxy=http://my.proxy:8080
# The account details for yum connections
proxy_username=usuario
proxy_password=password




LibreOffice - Force PDF/A export

I was using LibreOffice to convert documents from disparate formats to PDF. This is done by using the following command:

libreoffice5.3 --headless --convert-to pdf prueba.txt

My problem was that the output file was not int PDF/A format.

LibreOffice, by working with it´s GUI interface, do supports PDF/A conversion, so the problem should be in some kind of default configuration.

There is configuration file called registrymodifications.xcu which contains all settings used by the programa, and during the exportation too. This file is located in  ~/.config/libreoffice/4/user/ directory. For example /root/.config/libreoffice/4/user/registrymodifications.xcu.

This is an xml based file with a lot of (poor/undocumented) preferences. In particular, in order to set PDF/A as default option, you have to insert the following config line:

<?xml version="1.0" encoding="UTF-8"?>
<oor:items xmlns:oor="http://openoffice.org/2001/registry" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 (...)
 <item oor:path="/org.openoffice.Office.Common/Filter/PDF/Export">
  <prop oor:name="SelectPdfVersion" oor:op="fuse">
   <value>1</value>
  </prop>
 </item>
 (...)
</oor:items>

Now, if you launch the conversion again you will get a PDF/A-1A file.

Though registrymodifications.xcu file is quite obscure, you can get mor info by using the GUI version of the program. If you navigate to Tools > Options > LibreOffice > Advanced > Open Expert Configuration, you can check the whole list of settings.