Michael Cropper

Ranch Hand
+ Follow
since Sep 30, 2009
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Michael Cropper

Had a test of a few different options with this, wasn't possible using mod_proxy as planned. iFrame was also a no-go as was changing DNS settings on a sub-domain, both due usability issues when navigating and requesting resources etc. So had to build a RESTful JSON API with a couple of lines of code that could be included on the 3rd party websites which then pulled in all the content with jQuery and pushed the data into the DOM. Still in progress, but results looking very positive so far.
5 years ago
Ok, with this in mind. It's more of a way of achieving the end result. Does the above outline sound like a good plan, are there any better options with these requirements?

5 years ago
I'm just in the process of thinking through a design pattern for a specific feature and wanted to bounce a few ideas off other people who may have implemented this before.


https:// www.main-website.com/api/ is to power all of the functionality in the background. Java based web application
http:// something.another-website.com is to pull in content from www.main-website.com/api/something.another-website.com/
something.another-website.com may or may not be https, as such, nothing more than basic information will be being served which is publicly accessible anyway
My thoughts on this currently are;

http:// something.another-website.com, use .htaccess (or equivalent for Nginx / IIS) to set up a proxy redirect along the lines of;

RewriteEngine on RewriteRule "^(.*)$" "https:// www.main-website.com/api/something.another-website.com" [P] ProxyPassReverse "/" "https:// www.main-website.com/api/"

Ref: https:// httpd.apache.org/docs/2.4/rewrite/proxy.html

This way, whenever someone accesses http:// something.another-website.com, then this is passed over to https:// www.main-website.com/api/something.another-website.com to handle and serve the content, all while appearing to the user that they are still on the http:// something.another-website.com website at all times.

The concept being that many websites will be using the API to pull in basic content into their own website which is all managed through a central platform at https:// www.main-website.com/.

A few questions on the topic;

Does this sound like a solid design pattern?
Are there likely to be any challenges related to a http website proxying through to a https website to request content?
Is there anything else I should be thinking about?

This framework is going to be the basis of a larger API as things scale, so I'm trying to foresee any challenges and make sure this is designed as best as possible from the start.

Regards, Michael
5 years ago
Hi all,

So I'd like to think that I'm a relatively experienced Java developer, yet the more I do and read, the more I realise there is an enormous discrepancy between what is talked about compared to what is actually implemented compared to what is best practice in general. While I've certainly got my own idea of what is best practice from a design patter perspective based on a lot of experience, I'd be interested in discussing as a general topic about what others also think is a general best practice setup. No right or wrong answers, more of just a general discussion about the best practices of a Java based web application which caters for the majority of cases.

Topic: Pure Web Application, with focus on an API in the future. Designed to access www.example.com which clearly does lots of cool and functional things, has multiple levels of functionality and login system (basic user, advanced user who manages multiple users as an administrator, and a super-administrator who can control the whole system) and lots of other exciting features and functionality in the future which cannot be foreseen.

The questions being;
* What would you do?
* How would you do it?
* How would you handle login / login style functionality?
* Would you choose to implement a specific framework such as Spring2, Hibernate or other?
* Would you go down the Enterprise Java Beans route?
* Would you use <%= request.getAttribute() %> functionality, and why, if not what would you prefer?
* Would you use JSTL, and why, if not what would you prefer?
* Would you create your own tag libraries, if yes then why, if not then why not?
* Would you use an MVC in framework in general?
* Anything else?
* What should you be thinking about and why?

There is an enormous discrepancy between the theoretical design patterns specific to Java web applications included within books, compared to the practicalities of dealing with real world applications, compared to reading the tips/advice on forums about specific implementations which often result in quite significant design patterns and overarching systems thinking. When you bring things into the real world the ideal situation from a development perspective is rarely that from a practical perspective due to the pressures of the business world and delivering on time and to budget.

I'm keen to open discussions around a best practice type of setup which is designed to make Java web applications specifically designed to work extremely effectively. Collectively I believe it's important to discuss the theoretical and practical implications of these types of topics rather than just jumping into project, building something that is functional and works, opposed to building something on an extremely solid foundation. Likewise, we all have to work with often legacy systems of sorts which are far from perfect and often the right solution is to rebuild the setup using solid design patterns rather than continually patching poor frameworks and systems. Lots of contributors on this topic would be useful as everyone has a different experience and background on Java web application development which is often significantly different that Java development for other platforms, so I want to keep the discussions for this topic specific to Java web application development.

6 years ago
Perfect, thanks AJ. Good to know we're on the right track with everything :-)
6 years ago

I want to check with the experts to make sure that I'm going down the right route for security purposes.


- 3x logged in user groups each with access to their own set of pages, /user-group-1/*, /user-group-2/* and /user-group-3/*
- All users to login at /login/, or alternatively, /login-group-1/, etc.
- Need to be able to style the login page as a JSP
- All usernames / passwords stored in the database
- Redirect the user to a single /login/ page if they try to access a restricted URL

Thoughts so far;

So after doing an enormous amount of reading on the topic both in multiple books and online, I have come to the conclusion that this is an extremely under-documented setup. The usual methods of authentication, BASIC, FORM etc. only appear to work if you have all usernames / passwords stored in the tomcat-users.xml file which is no good for scalable applications.

As such, this essentially leaves only one option which is to use sessions and session attributes to track what user group is logged in, their username and everything else can then work as normal with the servlets as all functionality can run off these two pieces of information to ensure that no-one can access anything they shouldn't be doing. The current setup that is in place on the project and appears to be working as expected is as follows;

- URL Filter in web.xml which automatically fires off users to UserGroup1Filter etc. if they try and access /user-group-1/* pages when their session information isn't present
- Single login JSP
- Single login submit servlet, which connects to the database to decide which group this username / password belongs to and makes sure that these details are correct before forwarding the user on
- For access to restricted pages, assuming the session information is valid, all functionality to behave running off this data. For example, getMyProfileDetails.java would take an input of "username" which has been pulled from the session.

The question being, is this the only solution to this problem? If not, what alternatives are there? And if so, is this method 100% secure to ensure that it is not possible for someone else to hijack someones session by somehow spoofing their username when sending session information to the server?

The application needs to extremely secure and scalable, hence the requirements above.

Would be interested in hearing your thoughts on the topic.


6 years ago
It really was that simple! It's working perfect now.

Previously I had the following code within my servlet;

So I removed that and simply had the following code instead (the variable 'xmlsitemap' is the long String that was built as I explained easlier)

It really was as simple as that to fix - took me ages the other night trying different things.

What I can take from this is that is appears that JSP files override any 'Content Type' headers that have been set within the JSP and default back to "text/html". I guess this is one of the ways Java tries to simplify the process of outputting content by having one less thing to think about as the JSP handles this. Good to know for future at least.

Thanks for all the help as usual :-)

9 years ago
That is my version of pretty :-) As I am comparing it to what I am seeing which is just purely the data within the tags and not with the nodes wrapped around.

So I am seeing for example;

Whereas what I would expect to see is;

I have removed the setContentType line of code from the Servlet and just put the <%@page contentType="text/xml"%> into the JSP and it is still the same error.

This is very strange. It is getting late now so I will pick this one back up over the weekend when I can create a mini version to test with as it may be something with the way that the data is being placed on the request attribute which is causing the browser difficulty in reading it.

Will keep you updated.

9 years ago
Just found a train company I use that has one (this was surprisingly hard to find one when needed lol) http://www.tpexpress.co.uk/sitemap.xml - if you open this up in say Google Chrome you can see the sitemap looks pretty as the browser is rendering visuals.

I have also tried setting the content type in the JSP file although I get the following error message when loading the page;

This page contains the following errors:

error on line 2 at column 6: XML declaration allowed only at the start of the document
Below is a rendering of the page up to the first error.

This is the code behind the page;

<%@page contentType="text/xml"%>
<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">

So basically the issue is with the first line of the code which is setting the content type within the JSP

9 years ago
I originally added new lines, tabs etc. for making it structured correctly whilst I was testing outputting the String variable into a <textarea> element when outputting to the JSP - although I have since tried removing this and this has made no difference. What I am looking for is for the browser to render the tags into correctly formatted XML Sitemap visually like it does when I check on other websites.

I have a feeling that it is something to do with the response type being set incorrectly since when I access the page which has generated the XML sitemap then the actual ContentType response (when checking via a browser tool - LiveHTTP Headers for FireFox) is still set to "text/html" which isn't what is specified within my Servlet using the code in the previous post.

9 years ago
I have created an XML sitemap by parsing data from a form then generating all of the relevant nodes and placing that into a large String variable then sending this attribute to the JSP to render.

The issue I have got is that it isn't formatting like an XML document should do within the browser, instead it is simply displaying as normal text and I am a little unsure why.

I have set the ContentType as "text/xml" and I have also tried "application/xml" although none of these work. Using the following code....... response.setContentType("text/xml;charset=UTF-8");

I have also began trying to build a document tree although from my initial tests this was exhibiting the exact same behavior.

Any ideas? I'm sure I must be missing something blindingly obvious but I can't figure it out (yet)

9 years ago
Thanks for the quick reply. Good to have it confirmed that it wouldn't have any impact.

As for if it is a good idea or not... at the moment it doesn't harm performance as the web app hasn't got high traffic. As traffic / load increases then I will likely look at placing this long running program on a separate web server (e.g. long-running-program.website.com). Not got experience with the Daemon stuff at the moment, but it is good to know that is an option as well (I'll add it to the reading list :-) )

9 years ago
Hi all,

Wondering what would happen in the following circumstance. What I am about to describe has just been set up so looking for a better understanding of what would happen.

1) Access www.website.com/mypage from my personal computer (the website is hosted on a server in some distant land somewhere)
2) 'mypage' maps to MyPageServlet.class
3) This Servlet then calls 'MyPojo.class' in another thread as the full duration of this tasks is ~10hrs.

What would happen if I was to close my browser and my personal computer? Would the additional thread within 'MyPojo.class' stop running? I am guessing not, since once this has started then it has started and needs to finish.

Just wanted to check with the experts since I don't want this process to stop half way through if I turn my computer off :-) (would have been ideal for me to think through this before running the program mind... but hey)

9 years ago
I have just come across the Java Speech API which looks like fun to have a play around with. Not read anything about it yet, but will be reading whatever I can find on the subject over the next few months.

Has anyone else had any experience with this before or managed to do anything cool? Any pointers?

9 years ago
Great, thanks for all the help / information / examples that has been really useful.

I believe that should give me enough to go off now and give things another go. I will no doubt be back either asking a few more questions or letting you know that it worked :-)

Thanks again.

9 years ago