Saturday, February 12, 2011

Too Many open files in Alfresco

This is related to facing the situation where alfresco deployed in UNIX environment gives the error of "Too Many Opened Files". This is more often related to File handles and Lucene. UNIX systems is configured by default to allow users a maximum of only 1024 open file handles, which is often not sufficient for the file structure used by the indexes. Thus while setting up Alfresco on UNIX do the following check and configuration to get over this issue.

 Verify that the global settings for maximum number of file handles is large enough.
As a user used to run Alfresco run :
ulimit -n

You can check the number of open files allowed per user with the command

cat /proc/sys/fs/file-max

This gives the number of file handles that can be opened by user at a time.
To increase this number, go to/etc/security/limits.conf file in edit mode and the below lines
username soft nofile 4096
username hard nofile 65536


where username is the name of user to run Alfresco.




And finally restart your Alfresco for the changes to become active.



Check the original issue here.



Other references

http://www.xenoclast.org/doc/benchmark/HTTP-benchmarking-HOWTO/node7.html

http://ironman.darthgibus.net/?tag=too-many-open-files











Vocabulary:




No comments:
              



























          

        

          

        

Friday, November 26, 2010


          

        







Create Java SSL certificate












                                      



1 Create the SSL key for your machine using Java's keytool program. When asked to specify your first and last name, use the name of the machine running the CAS Tomcat server. For example, on my machine, I used localhost:



                 keytool -genkey -alias tomcat -keypass mycertificate -keyalg RSA 



2. You now have a keystore in the current user's home directory. Now you need to add the certificate to your JRE's cacerts file. Export the certificate you just  generated:



                 keytool -export -alias tomcat -keypass mycertificate -file server.crt



3. Now, add the exported certificate (server.crt) to your JRE's cacerts file again using Java's keytool program, as follows: 



                keytool -import -file server.crt -keypass mycertificate -keystore ..\jre\lib\security\cacerts



4. The last step in setting up SSL is to tell Tomcat about the keystore. Edit the server.xml file again. Modify the SSL connector definition with the lines           highlighted below. Note that the keystoreFile is the full path to the current user's home directory where the keystore resides:



                                <Connector port="8443" maxHttpHeaderSize="8192"



                                maxThreads="150" minSpareThreads="25"



                                maxSpareThreads="75"



                                enableLookups="false" disableUploadTimeout="true"



                                acceptCount="100" scheme="https" secure="true"



                                clientAuth="false" sslProtocol="TLS"



                                keystoreFile="/root/.keystore"



                                keystorePass="mycertificate"



                                truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/



                                security/cacerts" />











Vocabulary:
,




No comments:
              



























          

        

          

        

Thursday, November 25, 2010


          

        







Alfresco and CAS Integration












                                      



1.            You can set up CAS on separate tomcat or same tomcat running alfresco. you need to make couple of changes to tomcat's conf/server.xml file for separate tomcat regarding SSL/AJP/server port:



                                ...



                                <Server port="8006" shutdown="SHUTDOWN">



                                ...



                                <Connector port="8081" maxHttpHeaderSize="8192"



                                maxThreads="150" minSpareThreads="25"



                                maxSpareThreads="75"



                                enableLookups="false" redirectPort="8444"



                                acceptCount="100"



                                connectionTimeout="20000" disableUploadTimeout="tru



                                e" />



                                ...



                                <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->



                                <Connector port="8443" maxHttpHeaderSize="8192"



                                maxThreads="150" minSpareThreads="25"



                                maxSpareThreads="75"



                                enableLookups="false" disableUploadTimeout="true"



                                acceptCount="100" scheme="https" secure="true"



                                clientAuth="false" sslProtocol="TLS"



                                ...



                                <!-- Define an AJP 1.3 Connector on port 8010 -->



                                <Connector port="8010"



                                enableLookups="false" redirectPort="8443"



                                protocol="AJP/1.3" />



                2. Start up new Tomcat instance. and it should run smoothly along with alfresco tomcat.



                3. Download the CAS server from JA-SIG at http://www.ja-sig.org/products/cas/.



                4. CAS-protected URL redirects, the browser to the CAS authentication page. For security reasons, the CAS URLs are protected with SSL. Creating the certificate and adding it to the JRE's keystore requires below steps. 



                5. Use Java's keytool program to create the SSL key for your machine. When asked to specify your first and last name, use the name of the machine running the CAS Tomcat server. For example, I used localhost:



                 keytool -genkey -alias tomcat -keypass changeit -keyalg RSA 



                6. We have a keystore in the user's home directory. Now need to add the certificate to your JRE's cacerts file. Export the certificate generated:



                 keytool -export -alias tomcat -keypass changeit -file server.crt



                7. Adding the exported certificate (server.crt) to JRE's cacerts file, as follows: 



                keytool -import -file server.crt -keypass changeit -keystore ..\jre\lib\security\cacerts



                8. The last step in setting up SSL is to tell Tomcat about the keystore. Edit the server.xml file again. :



                                <Connector port="8443" maxHttpHeaderSize="8192"



                                maxThreads="150" minSpareThreads="25"



                                maxSpareThreads="75"



                                enableLookups="false" disableUploadTimeout="true"



                                acceptCount="100" scheme="https" secure="true"



                                clientAuth="false" sslProtocol="TLS"



                                keystoreFile="/root/.keystore"



                                keystorePass="changeit"



                                truststoreFile="/usr/lib/jvm/java-1.5.0-sun/jre/lib/



                                security/cacerts" />



                9. Copy the CAS webapp WAR to the webapps directory of Tomcat instance. The          CAS webapp WAR is in the directory where you expanded CAS under "modules". The file is called cas-server-webapp-3.3.3.war.



                10. Start CAS Tomcat. CAS screen can be seen at https://[machine name]:8443/cas. Add the following entry to the Alfresco web.xml 



                                <!-- cas client filter -->



                                <filter>



                                <filter-name>CAS Filter</filter-name>



                                <filter-class>



                                edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>



                                <init-param>



                                                <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>



                                                <param-value>https://localhost:8443/cas/login</param-value>



                                </init-param>



                                <init-param>



                                <param-name>



                                edu.yale.its.tp.cas.client.filter.validateUrl</param-name>



                                <param-value>https://localhost:8443/cas/serviceValidate</param-value>



                                </init-param>



                                <init-param>



                                <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>



                                <param-value>localhost:8080</param-value>



                                </init-param>



                                </filter>



                11.          Next, add the filter mapping.This will cause Tomcat to redirect the browser to the CAS login if anyone without a valid ticket attempts to run. For Alfresco, the                 URL pattern should be:



                                <filter-mapping>



                                <filter-name>CAS Filter</filter-name>



                                <url-pattern>/faces/*</url-pattern>



                                </filter-mapping>



                12.          Save the web.xml file. At this point, you could restart Alfresco Tomcat and open the web client and you'd be redirected to the CAS login page. But Alfresco                 doesn't yet know how to extract the credentials from CAS to use to start an Alfresco session. To do that, you have to write an AuthenticationFilter. Look at Alfresco Wiki at http://wiki.alfresco.com/wiki/Central_Authentication_Service_Configuration for same. 



                13.          You need to tell Alfresco to use the new Authentication Filter in place of the out of the box Authentication Filter. Do that by editing web.xml and modifying               the Authentication Filter filter as follows:



                                <filter>



                                <filter-name>Authentication Filter</filter-name>



                                <!--



                                <filter-class>



                                org.alfresco.web.app.servlet.AuthenticationFilter



                                </filter-class>



                                -->



                                <filter-class>



                                com.someco.servlets.AuthenticationFilter</filter-class>



                                <init-param>



                                <param-name>cas.user.label</param-name>



                                <param-value>



                                edu.yale.its.tp.cas.client.filter.user</param-value>



                                </init-param>



                                </filter>



                15.          Start Alfresco. You should now be able to log in to Alfresco . Remember that at this point, CAS is still using its default adapter, which grants successful logins when the username and password match.















Vocabulary:
,




No comments:
              



























          

        

          

        

Thursday, September 02, 2010


          

        







Jsp Include Directive vs Action












Jsp Include directive

At JSP page translation phase, the content of the file mentioned in the include directive is included/added as it is, in the place where the directive is used. Then the total JSP page is translated into a java servlet class. The included file is a static resource like html or a JSP page. Generally JSP include directive is used to include header banners and footers content.



The JSP compilation process is that, the JSP page gets compiled only if that page has changed. If the change is only in the included file, the source JSP file will not be compiled and therefore the modification will not get reflected in the browser output.







Jsp Include action

The jsp:include action element works like a function call. At runtime, the included file will be compiled & executed and the resulted output is included with the source page. When the included JSP page is called, both the request and response objects are passed as parameters.



In case we need to pass any values to the included file, then jsp:param element can be used. If the resource is static, its content is inserted into the calling JSP file, since there is no processing needed. 



















Vocabulary:




No comments:
              



























          

        

          

        

Wednesday, September 01, 2010


          

        







Salman Khan's Dabangg 2010












Salman Khan's Dabangg is coming next week. And I was among all those die hard Salman fans who want to know what dabangg means. Well, Dabangg, or dabang, as it used to be  spelled earlier, means someone who has a dabdaba, a control over a  specific area and people there.



The word dabangg is generally used to address people who have good deal  of control or influence over the other powerful people of the area.  Hence, Dabangg also means Powerful.












No comments:
              



























        

      









Subscribe to:
Posts (Atom)