Friday, June 25, 2010

Tracking cookies

What is it
Cookies used for tracking your browsing habits.
How they work:

I have a website say and have some advertiser ads placed in it. When I access the wesite I will be making a request to advertiser to get the ads. Advertises knows that the request is coming from a partner site . That time advertiser places a cookie. stores this website URL and associate it with cookie.

Now I visit one more site say which also has the same advertiser ads. When I access this website I will be making the request to advertiser. but this time browser will send the cookie set in the previous request.Now advertiser gets the cookie and checks the stored previously based on that delivers the content and adds this URL also to the visited sites.

Will be used by advertising companies to advertise based on your browsing habits.

Is it harmful?

Can I block them?
Yes. check your browser settings.

Thursday, June 24, 2010

javax.servlet.forward AND javax.servlet.include

from servlet spec

requestURI = contextPath + servletPath + pathInfo


When you include a servlet the following attributes will be set by the calling servlet
the attributes will be derived from the string you passed to include the servlet


first.jsp code
rd = request.getRequestDispatcher("/myapp/second.jsp?pname=pvalue");
assume the context for your webapp is "myapp"

javax.servlet.include.request_uri : /myapp/second.jsp
javax.servlet.include.context_path : /myapp
javax.servlet.include.servlet_path : /second.jsp
javax.servlet.include.path_info : null
javax.servlet.include.query_string : pname=pvalue


when you forward to a servlet the following attributes will be set by calling servlet

javax.servlet.forward.request_uri = request.getRequestURI() value in the calling servlet
javax.servlet.forward.context_path = request.getContextpath() value in the calling servlet
javax.servlet.forward.servlet_path = request.getServletpath() value in the calling servlet
javax.servlet.forward.path_info = request.getPathInfo() value in the calling servlet
javax.servlet.forward.query_string = request.getQueryString() value in the calling servlet

first.jsp code
rd = request.getRequestDispatcher("/myapp/second.jsp?pname=pvalue");
assume the context for your webapp is "myapp"

Access URL is: http://localhost:8080/myapp/first.jsp?first=first

javax.servlet.forward.request_uri : /myapp/first.jsp
javax.servlet.forward.context_path : /myapp
javax.servlet.forward.servlet_path : /first.jsp
javax.servlet.forward.path_info : null
javax.servlet.forward.query_string : first=first

Is path_info is null always?

This will come into picture when your servlet is matched by /* pattern in web.xml

your appication context is myapp and have 1 entries in web.xml for  a servlet with following mapping

Servlet Mapping Pattern: /lawn/*

and the request from client is


here path info : /greetings/d.html
Servlet path   : /lawn

Friday, June 18, 2010

SelfSigned certificate creation in java

Keytool file will be shipped with JDK

1. Goto %JAVA_HOME/bin
2. Run the following command

keytool -genkey -keypass mykeypass-keystore d:\apps\myproj\cacerts -storepass mystorepassword -keyalg rsa-alias sreddy
keypass : Your public/private key pair will be protected with this password
KeyStoreFilename : path to the keyStore file (default: JAVAHOME%\lib\security\cacerts)
storepass : password for the key store (default: changeit)
alias : this unique name will be used to identify the certificate. U can delete or modify with this name later
keyalg : Algorithm to be used. Use rsa

Thursday, June 17, 2010

Trust vs Identity keystore in weblogic

Identity keystore:

This will be used to store the server certificate(private key/digital certificate pairs). When the client contacts server the digital certificate presented in this keystore will be sent.

Trust Keystore:

This will contain the certificates whom weblogic trust( ie root CA certificates like VeriSign,GoDaddy etc).When a client presents their certificate it checks the issuer of the certificate. If it is issued by CA whose certificate is in the trust store then the validation passes. otherwise weblogic detects it as an invalid certificate.

more details