I’ve promIsed my next article would be on Spring 3, as part 3 in my series on the web application. However, I’m going to take a little segway to a neat solution I’ve come up with for a common requirement that is a little tricky to solve. Copying data out of a data grid and being able to paste that data into Microsoft’s Excel.

Flex is often used for displaying and calculating many different metrics. Sometimes a new metric, or a one off request will come in to see the data in a slightly different way or with an additional calculation. A lot of times the one off requests don’t illicit a development investment to get the new analytic. Others might be too much of an immediate need and a development cycle would take too long. For this the ability to export the data to a less than friendly(IMHO), but standard and well know tool is a huge plus. Enter stage left…. Copy to Excel.

Copy the entire contents of the grids (both AdvancedDataGrid and DataGrid are supported, I wish these implemented a common interface) by not selecting any rows, or just the selected rows by selecting them (use shift or ctrl with click to multi select/deselect). This will call a static method in a util class (source available) that takes a single parameter, the grid itself. All data conversion from its dataProvider is handled, along with a header row with the headerText and if any of the fields use a labelFunction, that too is called to formate the data.

This is released under the MIT License, and is free for anyone to use/modify/distribute as they see fit. Just give props back here somewhere in the source.

So this has been a long time coming. I’ve put it off time and time again because there was just so much area I wanted to cover. (see previous post) So finally I’ve decided to cut a bunch of scope and just get this done.

This article is part 2 in a series of 3, which I started way back in November. The project herein is a continuation of that project and the updated project files are included here. I won’t be covering the additional Maven issues in hopes that the first article brought you (the reader) up to speed on those. I will say there are some additional dependencies, so it would be best to use the new files and update your eclipse project files by running the eclipse:eclipse target with Maven.

Hibernate

Hibernate is a great tool. It makes my life easier, and that is good. It started out as a Java only technology. After checking the website it appears they have a .NET version too. Hibernate is a persistence manager. Well you say, “Whatever does that mean?” Well it means that I can map my objects to a set of tables and Hibernate will manage their persistence. Hibernate is language agnostic. For the most part you just tell it what database dialect to use and unless you are using some special features not supported by other databases you can pick a code base up and move it from one DB to another with no change. Another great thing about hibernate is its ability to load an entire object graph, eagerly or lazily, just from querying a single object. For instance let’s say you have a person object, and that person has an address object on it (or even several). Issuing a query for that person will automatically load the address. (For lazy loading it will actually proxy the object and then retrieve the address when the getter is called but that is beyond the scope of the project, yet again, so I won’t go there.) And the last big plus Hibernate brings you, all of this being in my opinion, is updating and keeping object references the same for objects which should be the same and are loaded in 2 different places. Imagine doing all of this in straight JDBC, yuck, I don’t even want to think about that.

Let’s get started!

First things first, download and install MySql, my favorite database. Once you have it all installed, create a user, you can name it whatever you like but I choose test, with a password of… password. If you stray from these values you’ll want to change the configuration that we’ll talk about later. For administrating MySql, if you’re not comfortable with the command line, which I admit can be a bit daunting with a DBMS, then I suggest you also install the MySql GUI tools, they are great and work for Windows, Mac, and Linux. After creating the user, also create a database, again I would call it test, and give the user permissions to access it. I had hoped to do this all using an in memory DB like Derby or Hypersonic, but again out of scope.

The next thing you want to do is to execute the DDL I’ve prepared which is in the application’s src/main/resources/ directory. Creatively enough it’s titled DDL.sql. It’s important for me to note that Hibernate can create this file for you based on either your mapping files or your annotations (more on these later), but again it was out of the scope so I went ahead and prepared one for you.

Down to the nitty gritty.

Now our database is set up and we are ready to get going. First thing’s first, we need to tell spring where our data source is and where does our database server live. It won’t always be localhost, in fact most of the time it shouldn’t be. So we are going to create a datasource bean using spring, which we will later provide to our DAO’s for use with Hibernate. For defining our data source we have several options. I hopefully have chosen the simplest one, which is to declare an instance of spring’s DriverManagerDataSource bean in the spring-web-config.xml file like so…

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql://localhost:3306/test</value></property>
<property name="username"><value>test</value></property>
<property name="password"><value>password</value></property>
</bean>

This is the code block you will want to pay attention to if you have used a different username/password than I did. So what is this doing for us? Well this is telling spring to instantiate an object that is a DriverManagerDataSource. On that object it is setting 4 parameters; the JDBC driver to use, the location of the database, the username, and of course the password. Later we will use this bean in our DAO’s so that they can connect to the database. Alternatively we could have used JNDI to locate a defined data source which lives most likely in a server config out there somewhere, but this is out of the scope for what I want to accomplish.

The next thing we need to do is to set up the session factory in our DAO config. We are going to configure our DAO using a file called spring-dao.xml. We load this file in the web.xml file in the context config section.

<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="batch_size">15</prop>
<prop key="fetch_size">30</prop>
<prop key="hbm2ddl.auto">false</prop>
<prop key="hibernate.show_sql">false</prop>
</props>
</property>

<bean id="transactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory">
<ref bean="sessionFactory" />
</property>
</bean>

This does a few things for us. First are the Hibernate properties. We tell Hibernate what dialect to use, some parameters on how to batch queries, and if it should show the SQL being used. After all, Hibernate does still use SQL to communicate with the DB and these statements can be a great way to debug or just learn. Next, we provide the datasource. Remember that datasource bean we just defined, her is where we are using it. Additionally we have a transaction manager, and the location of our annotated classes. For now we only have 1 annotated class in hopes at keeping this simple. Finally we are going to want to set up our JDBC template for our JDBC counterpart. I’ve included a duplicate DAO which uses JDBC instead of hibernate to illustrate the differences.

Domain what?

Lets model our domain. I’m sure by now, especially after applying the DDL you have guessed our domain is a simple object representing a video game. Now we need to model our object in the java world. Take a look at Game.java. At its heart Game has 4 attributes; id, title, platform, and description. What isn’t as clear, perhaps are the annotations marking up the class everywhere. These are JPA standard annotations, which are compatible with Hibernate and tells hibernate what to do with these objects. Let’s take a closer look.

• @Entity – this tells hibernate that this class should be considered an entity. Easy enough right?
• @Table(name=’games’) – this tells hibernate what table in the database this entity maps too, still easy.
• @Id – This tells hibernate that this column/attribute should be considered the primary key of the entity. For composite primary keys you should take a look at the documentation for @EmbeddedId and @Embeddable.
• @GeneratedValue(strategy=GenerationType.IDENTITY) – this is perhaps a more vague annotations, in our case MySql supports auto_increment, this is a good thing, it means that objects inserted will automatically receive the next value for their id column. Other languages (*cough* I’m looking at you Oracle) do not support this, in that case you need to define a sequence, and tell Hibernate to use the sequence with @SequenceGenerator and a different strategy for the @GeneratedValue annotation. Man, I need to stay on topic.
• @Column(name=”id”) – this is hopefully the easiest one to understand, what column in the table does this attribute map to.

There are a ton of other useful annotations, including adding constraints @NotNull, where clauses that are ever present @Where, and mapping @OneToOne, @ManyToOne, @OneToMany, and @ManyToMany relationships.

The DAO Layer

Next we need to write our DAO’s. As a general rule and a good practice, DAO’s should not contain any logic, but merely manage objects persistence to and from the database. This isn’t always possible, but something to think about when writing your DAOs. I’ve started by creating a GameDao.java interface. We want to be able to list all of our games, search our games, and save a game. So these are the 3 methods I’ve defined in my DAO. There is a JDBC implementation of this DAO in GameDaoJDBCImpl.java and a Hibernate implementation at GameDaoImpl.java. Once these are written we need to define them in the spring-dao.xml file, and provide them with the data source or the session factory depending on their implementation. Notice each DAO extends a different spring helper class for providing common functionality.

For the hibernate side there are a few important built in methods for managing your domain. Load and Get are good ones, simply call getHibernateTemplate().load(Class.class, Id); or getHibernateTemplate().get(Class.class, Id); specifying the class you want to load along with the primary key you specified with the @Id or @EmbeddedId anotations in the model class. That’s it, the object will come back, properly typed and everything. The loadAll method is similar but you need not specify an id and you get all the objects of the type Class.class. Save is pretty simple, though in my opinion should not be used. It takes an object and saves it. Easy! But it’s my preference to instead use saveOrUpdate, since this will save a new object or as the name suggest update an existing one, thusly killing two birds with one stone. Update, well, if you read that last sentence you know how I feel about update. Delete, pretty easy this one, it deletes the object.

Now we are getting to some of the fun methods. Find will return a typed list of object that meet the criteria supplied in the HQL statement. Whoah, HQL, what’s that? Well it’s nearly identical to SQL, only you can use the java entity name and attribute name of those entities instead of having to reference the column names directly. This includes automatically joining the attributes that might be joined into the entity using some of the @OneToOne etc… anotations. Last there is Execute. It again does as it says, will execute a statement, usually a ddl statement tough it doesn’t have to be.

Spring Services

Normally here is where I would tell you to create your services, configure them in the spring-service.xml file, and put any logic in these classes. In this simple example however, we aren’t really coding any logic, so we’ll bypass this important layer of the web application.

The Results

Fire up that server and open a browser to http://localhost:8080/WebApplication/test/

Just for funzies I’ve included a JDBC implementation for comparison. If you look in the TestServlet.init() method on line 28, you can toggle the comment to use this implementation instead. Such a contrite example it doesn’t showcase all the greatness that Hibernate is, but with a little imagination I bet you can see your way through to the possibilities.

Next up…the whole reason for starting this series, Spring 3 MVC. It’s gonna be a good’un.

I found a great Javascript image flip function over at Webmuch and wanted to use it, problem was it was only implemented in JQuery. I was using Prototype and script.aculo.us, so I ported it over. I ended up not using it, but for future reference I’ll preserve it here. Enjoy.
//adapted from a jQuery flip function found here.
//http://webmuch.com/image-flip-using-jquery/
var tweenDuration = 0.5;

new Effect.Tween(image2, 250, 0, {duration: tweenDuration}, 'width');
new Effect.Tween(image2, 0, halfWidth, {duration: tweenDuration}, function(p){image2.setStyle({marginLeft: p})});
window.setTimeout(
function(){
new Effect.Tween(image1, 0, 250, {duration: tweenDuration}, 'width');
new Effect.Tween(image1, halfWidth, 0, {duration: tweenDuration}, function(p){image1.setStyle({marginLeft: p})});
}
, tweenDuration*1000);
}
);

Maven

What it is and what it isn’t

Maven is first and probably most agreed on by developers a dependency manager. Public repositories all over the net house project dependencies, as well as files called poms which contain descriptors of other files that the dependency is dependent on. As a dev this can be quite a time saver so that all dependencies are downloaded and placed on the class path instead of manually downloading 1, finding out what jars its missing, then downloading those… so on and so forth.
Secondly maven is a build framework. Maven aims to be a constant for building any java project across all java projects. With a standard life cycle developers can become familiar with the framework and aim for a smoother build process. In order to do this Maven needs to be extend-able. Good thing it is. Maven has oodles of plug-ins for near any task for the build process. Plug-ins can (obviously) build java code, run ant tasks, run automated testing, run sql code, run code coverage reports, deploy artifacts (to a repository or a server), exec os code, pretty much the sky is the limit.

Installation.

Installing maven is not a complicated process but many get confused with it, mostly because of setting the proper environmental variables. First make sure you have java properly installed and the JAVA_HOME environmental variables properly set. Then download the latest version of Maven from http://maven.apache.org/download.html and unzip it wherever you please. From here you need to add a few environmental variables and add maven to the system path.

For Windows

Control Panel > System > Advanced > Environmental Variables
Under the system variables list add a new variable
MAVEN_HOME = C:\... (maven install location)
and append this to your path
;%MAVEN_HOME%bin\

For *nix

export M2_HOME=(Maven install location)
export M2=$M2_HOME/bin
PATH=$PATH:$M2
now at the command line you should be able to type
mvn --version
and get some kind of output like this…
Maven version: 2.0.9
Java version: 1.6.0_11
OS name: "windows xp" version: "5.1" arch: "x86" Family: "windows"

How it works.

Maven uses a file called the POM (http://en.wikipedia.org/wiki/Project_Object_Model#Project_Object_Model), short for project object model. This is an XML file that describes your project. Here you can list what the name of your project is, what is its version, how it is packaged, how it is built, repositories for any dependencies, and last but not least its dependencies. There are many advanced configurations such as specifying profiles that are beyond the scope and necessity of this entry to go into.
Lets dig in shall we?

< ?xml version="1.0" encoding="utf-8"?>
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelversion>4.0.0</modelversion>
<groupid>com.weneck.webapplication</groupid>
<artifactid>WebApplication</artifactid>
<packaging>war</packaging>
<version>1.0</version>
<name>Sample Maven Webapp</name>
<url>http://maven.apache.org</url>
...
</project>

The pom starts out simple enough, you have your XML encoding and versioning information, project declaration and schema information. The modelVersion declared what version of the POM we are using, in this case 4.0.0, not to be confused with the version of your project. Next is the group id of your organization, the name of your artifact (artifactId), how your artifact should be packaged, in this case a WAR file (http://en.wikipedia.org/wiki/WAR_%28Sun_file_format%29). Finally a name and a version number of your artifact should be declared. Simple enough eh?

<repositories>
<repository>
<id>springsource maven repo</id>
<url>http://maven.springframework.org/milestone</url>
</repository>
</repositories>

The next section defines your repositories. Kinda like how it reads. In this case we are specifying springsource’s milestone repository so we can grab the Spring 3 RC artifacts (important for the final segment in this piece). You can also specify these in your settings.xml file locates in the maven home directory. This is usually ~/.m2/ or %USER_HOME%/.m2 depending on your OS.

<build>
<finalname>WebApplication</finalname>
<plugins>
<plugin>
....
</plugin></plugins></build>

The build section is next, here we define the plugins we are going to user, most commonly the compiler plugin, a properties file plugin if needed, and if you’re using eclipse (you should be) the maven-eclipse plugin. (fear not, full source attached at the end of my rant.

<dependencies>
<dependency>
<groupid>javax.servlet</groupid>
<artifactid>jstl</artifactid>
<version>1.1.2</version>
</dependency>
...
</dependencies>

And finally the dependencies section. Here we define each of the dependencies our project is… well… dependent on. Easy peasy huh?

Now the cool part, putting it all together. So there is a common file structure maven expects, as well as few file we need to put in place for this thing to get off the groung. They are all included in the source, but I’ll gloss over them here. Maven expects a src folder with 2 folders within it, main and test. It’s not rocket science, as the names suggest you source code goes here. Inside the main folder goes your main files, and inside the test folder all files associated with your testing process/procedures. (you are testing your code right?) Inside main you have java, resources, and webapp. Inside java is your java code, resources is your resources, and webapp are the files needed for a webapp. Am I sounding redundant here? I also stuck in a nearly blank jsp for good measure. Hey, when its all done we want to see something other than a 404, amiright?

Using Maven

You can use maven from within eclipse, which used to work really well, but last time I tried was kinda buggy and bothersome. So I prefer the command line. First things first we need to configure eclipse to use all these wonderful dependencies that maven is managing for you.
mvn eclipse:eclipse
This line will download all your dependencies into that .m2 folder I referenced earlier. It will also write a .project and .classpath file for eclipse’s benefit. This will point java’s build path within eclipse to those dependencies which are not being stored within your project. Be sure to refresh the workspace after performing this command as eclipse does not activley monitor those files and will continue to complain about missing dependencies untill you do so.
mvn clean
This wonderful command performs a clean on your project, simple.
mvn install
Here’s our meat and potatoes. This command does what we really came here for. It creates the target directory structure, builds our code, and packages it all into our pre-defined package structure. In our case the war file. It also puts all the structure in place for eclipse’s WTP so if you have a java server configured in eclipse you can now add the project to the servers hosted projects. (Once added to the web server you dont need to continually build with maven, you can build with eclipse and WTP will pick up the changes and replace the necessary files in the web-server or prompt you for a restart.)
You can also chain these command together.
mvn clean install
That about wraps it up for Maven, but stay tuned for the next segment, Hibernate.

As promised Source

So I was just now tossing and turning thinking about a new series I want to write on web applications when I thought to check my blog, after all it has been too long. Lo-and behold my server was up, but my redirect was down. For a while now I have been taking advantage of no-ip.org’s free dynamic ip resolving DNS service. Circumstances has forced me to move my server to a residential connection to the nets with a dynamic ip. Bad news for trying to be in touch with home. So I transferred all my domains to a new registrar, mainly name.com, because they include DNS in your registration fee, which at the time was 10$, not bad considering I was previously paying 7$. (per year mind you, so affordable on anyone’s income.) This took care of my Google apps ( <3 ) and the like but still did not take care of my dynamic ip problem.

Solution, the CNAME record. A CNAME record in my opinion is far too often overlooked by administrators as a valuable tool. First things first, administrators out there I’m talking to you, your customers should not have to distinguish between www.youdomain.com and yourdomain.com unless there is a very good reason for doing so. CNAME records should be in place for your www name to redirect to the A records for your domain. VIOLA! Instant karma with your patrons. Secondly, and more important to my little rant here is that CNAME records can point to those unsightly domain names that the free dynamic DNS services provide you. For instance I CNAME www.weneck.com to weneck.com (which would normally be my A record) and then CNAME weneck.com to weneck.no-ip.com. BAM! Instant dynamic ip resolution while keeping my pretty domain name. Gotta love that.

Long short, I’m back up and in business, and maybe soon I can get cracking on my 3 part web application rant.

So getting started with Google’s App Engine is a breese, so easy this is probably pointless, but I want to document it none the less.
Getting Started
First things first, if you’re a java developer, get Eclipse. Next install the Google App Engine plugin. This can be done by going to the software updates screen and adding the plugin update site location, either http://dl.google.com/eclipse/plugin/3.4 for Ganymede or http://dl.google.com/eclipse/plugin/3.3 for Europa. Check the boxes to install the plugin and the SDK’s, click the install button in the upper right, then the obligatory next, next, next, accept, next, finnish process we are all familiar with and we are done (except maybe a restart of Eclipse). Images below to help those in need of some visual queues.

Creating a new Project

Now the fun part, we get to create a new project.

1. Click File > New > Web Application Project.
2. Enter a project name, and give it a default package, here I’ve used com.weneck.gaetest.
3. Click finish

You’ll find the sample GWT project is allready set up for you. Simply clicking the run button will launch a modified jetty application server and a custom browser and you can view the application.

Deploying

This is probably the coolest part about the process, deployment is simple as clicking a button. Well it will be once you have registered for an App Engine account. Create your account, sign in, then click the Create an Application button. I’ve entered wenecktest as my application id, and will use this value through the rest of the tutorial.

Back in Eclipse, click the Deploy App Engine Project button, located on the toolbar at the top.

You will be asked for your email address (the one you registered for the app engine account with) and your password. you will also be asked for an application ID for the project, the one we just created, so click the App Engine project settings... link and enter your value.

The application will be compiled, uploaded and deployed, as easy as that(watch the console output). Mine can be viewed at http://wenecktest.appspot.com (disclaimer: I will be using this application id for testing purposes, so some clicks in the future might have a different application parked there.)

Well that is all good and dandy, but what if you have your own domain where you want this application hosted? Well Google has thought of that too. Through the magic of Google Apps, and a CNAME dns record you can access this at any domain you own. In the App Engine console you can click on the versions link in the left nav and then click the Add Domain... button. The rest of the process includes either signing up for Google Apps (which I’ve allready highly reccomended) or signing into Google Apps to prove you own the domain name. Then you have to add a CNAME record to your DNS server to point to ghs.google.com the rest is magic.  For those wondering the CNAME record for that looks like
•   googleappengine.weneck.com.     IN      CNAME   ghs.google.com.
to deploy to http://googleappengine.weneck.com . (same disclaimer applies)

Well, that it, it really is that easy. Now the only thing left to do is to actually write some effective code. I’m going to be looking into persistance using JPA annotations, so stay tuned for that adventure.

**UPDATE**

So I realized I overlooked a few datails on the heat map. First, I hardcoded into the component the starting location and zoom of the map. Second, I did not expose any of the awesome geo-locating code that allowed adding markers to the map from a standard U.S. Address (or most others for that matter). So I added those features, as well as clearing up the add points by click button by changing it to a checkbox. Below is a picture of the newer version with Cincinnati’s City Hall marked on the map and some example data, pretend its sales in the Cincinnati area or something.

So one of my interest is data visualization. Good thing I happen to be proficient in one of the best technologies for displaying data sets in new an interesting way. I first ran across a heat map in the package I use to track statistics on this very site. http://www.phpmyvisites.us/ What they did is take a picture of your page and track user clicks, which can be infinitely useful for someone who is trying to optimize how users navigate their site. (not that I do too much of that here.) Essentially it shows you where many clicks amass, causing certain areas of the site to “heat up”.

I used Google maps, both because this could be used for just a map api wrapper, and because I’m a bit of a cheerleader for Google. Let me know what you think, It’s not the prettiest, but its been a fun little project. Binarys to come…

Source here.

Example here.

SSH is a wonderful tool, one that I think is often undervalued outside of the Linux community. Perhaps its my heritage, having used Linux and SSH for a long time, but i guess I’ve always taken its power for granted. SSH clients are plentiful, under windows the standard is Putty, Cygwin also has a very good version more similar to Linux versions, OpenSSH would have to be the standard on Linux, but that does not mean there are not other implementations. So why is this tool such a fantastic gift to the computer scientist?

First is its security.

SSH was created because older ways of connecting to a remote computer did not provide confidentiality. Telnet for instance sends all of its communications in plain text across the tubes so that anyone in the middle of the client and the server is able to listen to the wire and pick up on all communications, most notably user names and passwords. To some this might sound like science fiction, but its actually quite easy.(Google wireshark, ethereal, or tcpdump) SSH used a public private key system to aid in encrypting traffic between the client and server. (Public-key_cryptography) This not only allows for traffic between the client and server to be encrypted but allows for used to authenticate themselves with keys as apposed to traditional user names and passwords.

Public/Private key authentication

This authentication by using keys as opposed to passwords is an admins friend if he does a lot of hopping from machine to machine where authenticating with user names/passwords could become tiresome. First a personal public/private key pair needs to be generated. This can be accomplished with GNU Privacy Guard (GPG), Pretty Good Privacy (PGP), or PuttyGen under Windows. Next the public key needs to be placed on the server in an authorized_keys file, usually under ~/.ssh/authorized_keys . This can be placed on the server with another great tool I will be talking about later called SCP, alternatively using wget once authenticated on the server, or the good old fashioned way of a floppy, usb thumb drive, or other physical media (though this will require you to have physical access to the machine). Once the key is present on the server the authentication process takes place as follows, (adapted from a lecture from a professor of mine Dr. Scott Campbell)

• Client connects to server,
• Server responds with its public key
• Two parties exchange symmetrical keys for encrypted communication
• Server looks for public keys in .ssh/authorized_keys, if found it generates NONCE and Encrypts nonce with Public Key
• Client Receives Encrypted Nonce and decrypts it using the private key
• Client then sends back clear-text nonce (over encrypted ssh connection)
• Server receives nonce and since it is successfully decrypted, it knows the client has the correct private key

This way once a request to initiate a connection to the server is made, the authentication process is transparent to the user and therefore much more convenient, and still secure. Some might argue that private keys themselves should be locked with a pass phrase and therefore would require a password at every connection, for them I argue back with ssh-agent, Google it.

SCP/SFTP

Perhaps one of the most useful features of SCP/SFTP. Secure Copy Protocol and Secure File Transfer Protocol are invaluable, and I probably use them more than many of the other features of SSH. SCP is for placing files, over a secure, encrypted channel on a remote server. The command is issued as such:

• scp fileToTransfer @hostname:pathToCopyFileTo

The first part is initiating a scp connection, thus the command scp being the first word. the next parameter is the file to transfer. this can be a relative or a full qualified path. The next command is your typical ssh connection string, user name is optional only if the user name of on the client is the same as the user name on the server. The server name, either a local name, or a url should be obvious. following the server name there is a colon, separating the server name from the final parameter, the path that the file should be placed on the remote server. Because I can often times be lazy, I just put :~/ specifying that it should be placed in my home directory on the remote server, then later ill ssh in and move it to where its going. Though oftentimes this is also because my account wont have permissions to place a file in an administrative area. Putty also has a PSCP/PSFTP programs which allow for use of these features, but frankly I’ve never used them and so wont pretend to know what I’m talking about here. I promise, later sections I will provide some features of Putty for my Windows users out there. SFPT is nearly identical to other command line ftp programs however it authenticates over ssh and all traffic therein is encrypted as well.

• sftp userName@hostname
• get filename
• quit

SFTP is not my favorite way of getting a file, especially since I don’t always know the exact path of the file I’m getting or all of the neat cli tricks that a ftp client can do. So instead I usually SSH to the remote server, then SPC the file back to the computer I am working on. It gets convoluted, especially when I’m SSH’d into one box, then to another, then a third because of VPN/Firewall rules, then back to the first machine, so essentially my connections become circular and I have to exit out of 3 machines to get home, but these are the habits I have.

X11 Forwarding

X11 forwarding is another great tool for admins who by chance are not quite as used to the command line as is sometimes required, or for that occasional application which requires a GUI. X11 forwarding takes the X11 display from the server, X11 being the standard by which the windows and the contents within them are drawn on the screen, and forwards those to the client. It also interprets user interactions on the client and sends them to the server for a means of controlling the remote application. The ability to forward X11 sessions the server usually needs to be configures to allow X11 forwarding. This is a fairly simple configuration in the sshd_config file(usually located in /etc/ssh/ under linux). A connection with X11 forwarding is initiated with the command:

• ssh -Y username@hostName

The -Y parameter tells the server to forward any X11 messages to the client. Once the session is connected any gui programs started on the server will be forwarded to the client. It is important that there be an X11 server running on the client machine however. This is usually not the case when using Putty, for these instances I recommend Cygwin .

Once Cygwin is installed you can launch the Bash shell interpreter, then start the X server with startx command. Now that the X server is running, issue the command to connect to the remote server with X11 forwarding enabled.

Port forwarding

There are two main types of port forwarding, forward and reverse port forwarding. These are great tools for securely tunneling otherwise insecure traffic through a secure connection. For a long time these methods were used to push insecure ftp traffic though the secure ssh connection.

Forward Tunneling

Essentially forward tunneling instructs the ssh client to intercept any traffic on the local machine and sends it through the ssh tunnel. It also instructs the server to re-originate the traffic and send it to the specified address and port. The command uses the -L parameter to specify the desired to tunnel traffic through the connection.

• ssh -L localPort:destinationAddress:destinationPort userName@hostName
• ssh -L 8080:www.google.com:80 user@host

The command above will intercept any traffic bound for the local port of 8080 to the remote server www.google.com using the port 80. This will cause any browser that opens http://localhost:8080/ to actually open www.google.com.

Reverse Tunneling

Reverse tunneling on the other hand will do quite the opposite of forward tunneling, as the name suggests. Reverse tunneling will instruct the ssh server to intercept any traffic on a given port to the client on the given port. These instances come in handy when you have a need to establish a connection to the client from another machine outside of a restrictive firewall. The other machine can then just initiate a connection to the ssh server, on the specified port, and in reality be connecting to the ssh client machine. (I’ll admit, some of these situations get complicated to explain in words when one machine is a server to another, but a client to a third, etc. etc. etc…)

• ssh -R localPort:localAddress:remotePort userName@hostName
• ssh -R 8080:localhost:8080 userName@hostName
• ssh -R 22:localhost:2222 userName@hostName

I can only think of one reason to do this. You want access to a machine that is either behind a restrictive firewall or a dynamic ip address. Say for instance you want access to your home computer, but for some reason your IS blocks all incoming requests. A strange situation I know, but possible. You could write a cron job to initiate a ssh connection with reverse tunneling to an accessible host, say on port 2222. Now, from a third machine, you can connect to the addressable host on port 2222 and be reverse-forwarded to the otherwise inaccessible machine. The same would apply to a machine on a dynamic ip, without the use of a dyndns service.

I looked, but for the life of me I could not find out how to do this on putty, so no pictures here. Hey! I already said I was a Linux guy, didn’t I?

Proxying

Perhaps one of the most little known features of SSH is dynamic proxying, or creating a Socks5 proxy. What this does is allows you to create a Socks5 proxy on the client machine, then tunnel all traffic through the Socks5 proxy to the server where it is reinitialized. This is very useful when you are on some insecure wi-fi networks where others might be listening, since it creates a secure encrypted connection from your machine, before ever hitting the airwaves, then pushes the traffic through the tunnel to the server.

• ssh -D localPort userName@hostName
• ssh -D 8022 userName@hostName

Some might ask, why not just use traditional tunneling? Well, traditional tunneling is only good for the specified ports, and the specified remote addresses. This is kinda a catch all for securing a whole browsing session. The downside to this approach is that the other clients on the client machine that intend to use the proxy must be proxy enabled or aware. Many if not most are, however need some settings to tell them to use the proxy.

Useful SSH commands

• ssh -L 3689:localhost:3689 userName@hostName
  • This command will tunnel iTunes lan music sharing over an ssh connection for accessing music on your home computers from outside your lan.
• ssh -D 2222 userName@hostName
  • This command will open a socks5 proxy on the client machine on port 2222.
• ssh -R 8080:localhost:8080 userName@hostName
  • This command will reverse tunnel all connections to port 80 on the server to the localhost on port 80. This is useful for exposing (for instance) a Tomcat server on the localhost which is behind a firewall to any clients which have access to the remote host.

Conclusion

That about sums it up for my input on SSH, as with any topic I don’t claim to know it all, nor do I claim to not have made any mistakes here, but I hope someone finds this information helpful. I find SSH to be an invaluable tool in my administratoring, developing, tinkering, and playing.

So I’ve decided to take the plunge. After seeing a friend/colleague of mine launch his own company SendAlong I’ve began the workings for an idea I’ve had for a long time.

I intend to create an evaluation software, targeted toward the Educational market for online professor/course evaluations. Its an idea thats been buzzing around in my head for a long time, actually a result of an earlier need from the IMS department at Miami University. Years ago I wrote a juvenile application which had a static form and recorded results of that survey into a database. It could then retrieve them and perform simplistic analytics on the results. It has had a long life for how simplistic it was and how naive I was at the time of writing it. The admin interface even had my first delve into AJAX and as a result only worked in Firefox.

Day 1 is complete, and the database is vaguely designed. 32 tables so far, short of my work at DARS perhaps the most complicated database I’ve ever interfaced with. Requirements are also starting to shape up. My biggest debate of the day was how large scale this application would reach. If it were going to be a smaller application, with limited functionality, which was my original intent, I was leaning toward a PHP application. However after considering the scale of my ideas, and my desire to re-acquaint myself with SPRING I decided to work toward a J2EE application. This will allow for bigger scaling and hopefully more value. I know I say I know SPRING on my resume, but while starting this project I’m hitting a learning curve. I know how to work in an existing SPRING environment, and do some complicated web flows and database transactions, with the help of Hibernate. However, I have never been present at the conception of a project which required setting up that working environment. I guess I have my work cut out for me but I’m sure it will happen.

So here it is christmas eve and I find myelf at my parent’s house. When I’m here I usually try to ake sure their computer is working well enough for them. Today’s big task was installing a new printer they bought. My parents have an old computer, I’m talking a P4 1.4 with 256 of rambus ram. OLD. So for a long time now they’ve been running Linux, specifically Ubuntu Dapper. That being said some of the old repo’s for dapper were no longer working and my father’s click spree’s of frustration or impatience have made me decide to put the ol’ distro out to pasture. I’m currently intalling Intrepid Ibex, which will be quite a jump in user-friendlyness compared to Dapper. My parents are power users, they get by quite ok with the hardware they have and hardly use more than a browser and maybe Pidgin once in a while for asking me crazy questions, like whats half of 1/4, at all hours of the morning. (7:00 am on a sunday is early for a college student.) Anyway I think I would group them in the case of the average user. Hear that, the average users, and they’ve been using Linux for years without ever a care, without ever a virus, without ever a slow down, without ever a worry. That just goes to show, Linux really is ready for the deasktop, and you dont need a $2k machine to run it, like Vista.