Tomitribe’s Jonathan Gallimore (@jongallimore) explains how easy it is to exploit a simple configuration vulnerability in Apache Tomcat and take over your entire server. He also explains how easy it is to prevent this from happening with a simple configuration change. This is an older exploit but one that may not be patched on your own installation. Watch the video to ensure you are protected! Tomitribe’s Enterprise Support service works with Sonatype to monitor all reported vulnerabilities to Tomcat, TomEE, and ActiveMQ to help protect our customers from malicious hackers. Learn more about how we help protect our customers here.
Tomitribe’s David Blevins and Jonathan Gallimore join Sonatype to discuss and explain the top 5 Tomcat security vulnerabilities.
Read More
Following up on his last article, “CRUD with TomEE, MicroProfile, and REST”, Hayri Cicek deploys the TomEE MicroProfile application on Heroku, a cloud provider. Heroku is a cloud platform as a service (PaaS) supporting several programming languages and I've been using it for several years without any problems. Visit https://signup.heroku.com/dc and create a free account. TomEE configuration Inside projects root directory create the Procfile and add the following: web: java -DadditionalSystemProperties=-Dhttp.port=$PORT -jar target/blog-exec.jar The Procfile is used to specify commands executed by the app's Heroku containers, which they call "dynos". Dynos are isolated, virtualized Linux containers designed to execute code…
Read More
Read More
Tomitribe support customers often use Java Singleton EJBs, and while powerful the sequence of startup and initialize can be confusing. This tutorial will help explain how Singleton EJB’s can be eagerly initialized at application startup and how we can define a priority during this process. Review EJB Annotations Before jumping into the code let’s do a recap of the following annotations used in this blog post: @Singleton Component-defining annotation for a singleton session bean. @Startup Marks a singleton bean for eager initialization during the application startup sequence. @DependsOn Used to express an initialization dependency between singleton components. The container ensures…
Read More
In this article, we are going to learn how to create a REST API using Java EE 8, MicroProfile, Hibernate, PostgreSQL and the TomEE application server. It's really easy and fun to develop Java EE 8 applications. Tools You Will Need: Maven 3.3+ JDK 1.8 PostgreSQL Note: We will not go through the process of how to install the needed tools in this tutorial. Generate the Project We will use the MicroProfile starter to generate our application. Go to start.microprofile.io and enter the details as follows: groupId: org.superbiz artifactId: blog MicroProfile Version: 2.0.1 MicroProfile Server: Apache TomEE 8.0.0-M2 Examples for…
Read More
Tomitribe supports many organizations that use Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. Previously we published a MDB tutorial followed by a deeper dive in the article "MBD-to-MDB Messaging: Harness the Power of the River Delta". This week we'll provide an illustrated example of how MDBs can work together to create flexible and powerful messaging system. JMS The Java Messaging Service (JMS) is a standard for sending messages between clients using a messaging broker. The concepts behind JMS, queues, and topics are explained…
Read More
In this article, we are going to learn how to configure on TomEE 7.x or later with the legacy JSON provider used by TomEE 1.7.x. This scenario is useful when you are migrating JAX-RS based applications and want to keep the legacy JSON processing from the Jettison library (v1.3.7) used by TomEE 1.7.x. Since TomEE 7.x, The Johnzon library has been the default provider because it implements the JSON-P_1.1 (JSR-353) and JSON-B_1.0 (JSR-367) specifications. Application and Server configurations In order to enable Jettison as the JSON provider for TomEE 7.x or later you need to execute the following changes: In…
Read More
Tomitribe supports many of organizations that use ActiveMQ, JMS, and Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. The idea behind yesterday's MDB tutorial was to divide up the work of spidering a web page among three different MDBs each with a specific purpose. This division of labor is an important concept in messaging in general and MDBs in particular. This article shows how MDBs can communicate with outside applications as well as other MDBs in a Java EE application server. This latter capability,…
Read More
Tomitribe supports many of organizations that use ActiveMQ, JMS, and Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. When you have finished the tutorial you may be interested in a deeper discussion of what the tutorial is designed to teach you about MDBs. For that, proceed to "MBD-to-MDB Messaging: Harness the Power of the River Delta" which explains how MDBs can be used to create a river delta-like architecture. The tutorial contains three MDBs and one stand-alone JMS client. The purpose of the system…
Read More
Remote debugging is a common practice for troubleshooting issues in software development. If you are using Tomcat or TomEE with Docker containers as part of your stack you can find various techniques to enable debug capabilities in these types of containers: 1. Create a custom Docker image by extending an existing official one 2. Extensive customization of CATALINA_OPSTS However, both approaches require extra steps in some scenarios. Below I share the simplest method I have used to do remote debugging in Apache Tomcat and Apache TomEE with a Docker image: $ $ docker run -it -p 8080:8080 -p 8000:8000 -e…
Read More