2012年9月7日 星期五

Apache Proxy : HTTP Error 502 Bad gateway problem



Description
Around 2-4 times a day, mod_proxy will close the connection and return a HTTP/Bad_Gateway.

For circumstances where mod_proxy is sending requests to an origin server that doesn't properly implement keepalives or HTTP/1.1, there are two environment variables that can force the request to use HTTP/1.0 with no keepalive. These are set via the SetEnv directive.
These are the force-proxy-request-1.0 and proxy-nokeepalive notes.

 
   ProxyPass http://buggyappserver:7001/foo/  
   SetEnv force-proxy-request-1.0 1  
   SetEnv proxy-nokeepalive 1

References
張貼者: 沒有留言:

2012年9月5日 星期三

CAS SSO flow chart



張貼者: 沒有留言:

Java client certificates over HTTPS/SSL

1. Using keytool to import SSL certificates into Sun JDK

A.Download certificate through Firefox. 
B.Create cacerts file.

 keytool -import -keystore "d:/cacerts" -file d:\SERVICE.cer  
 move d:/cacerts to /java-home/lib/security/cacerts  
 keytool -v -list -keystore /java-home/lib/security/cacerts


C.Write Jersey Client to connect https service.
 public class SSLClient {  
   private WebResource baseResource;  
   private final static MediaType RESPONSE_TYPE = MediaType.APPLICATION_JSON_TYPE;  
   public SSLClient() throws Exception {  
     ClientConfig clientConfig = new DefaultClientConfig();  
     clientConfig.getFeatures().put(JSONConfiguration.FEATURE_POJO_MAPPING, Boolean.TRUE);  
     Client client = Client.create(clientConfig);  
     baseResource = client.resource("https://xxx.xxx");  
     // Added Logging filter to make debugging easier.  
     baseResource.addFilter(new LoggingFilter());  
   }  
   public VoObject getService() {  
     return baseResource.type(RESPONSE_TYPE).get(VoObject.class);  
   }  
   public static void main(String[] args) throws Exception {  
     System.out.println(new SSLClient().getService());  
   }  
 }

2.  Create All trust manager
A.Download certificate through Firefox. 

 public class SSLClient {  
   private WebResource baseResource;  
   private final static MediaType RESPONSE_TYPE = MediaType.APPLICATION_JSON_TYPE;  
   public SSLClient() throws Exception {  
     ClientConfig clientConfig = new DefaultClientConfig();  
     // =======================================================SSL  
     SSLContext ctx = SSLContext.getInstance("SSL");  
     ctx.init(null, getAllTrustManager(), null);  
     clientConfig.getProperties().put(  
       HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,  
       new HTTPSProperties(getHostnameVerifier(), ctx)  
     );  
     // =======================================================  
     clientConfig.getFeatures().put(JSONConfiguration.FEATURE_POJO_MAPPING, Boolean.TRUE);  
     Client client = Client.create(clientConfig);  
     baseResource = client.resource("https://xxx.xxx/");  
     baseResource.addFilter(new LoggingFilter());  
   }  
   private HostnameVerifier getHostnameVerifier() {  
     return new HostnameVerifier() {  
       public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {  
         return true;  
       }  
     };  
   }  
   // Trust all the certificates  
   private TrustManager[] getAllTrustManager() {  
     return new TrustManager[] { new X509TrustManager() {  
       public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}  
       public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}  
       public X509Certificate[] getAcceptedIssuers() {  
         return null;  
       }  
     } };  
   }  
   public VoService getService() {  
     return baseResource.type(RESPONSE_TYPE).get(VoService.class);  
   }  
   public static void main(String[] args) throws Exception {  
     System.out.println(new SSLClient().getService());  
   }  
 }

References

張貼者: 沒有留言:
訂閱: 文章 (Atom)