lizongbo at 618119.com 工作,生活,Android,前端,Linode,Ubuntu,nginx,java,apache,tomcat,Resin,mina,Hessian,XMPP,RPC

2009年01月11日

扩展java.net.URL支持自定义协议来优化hessian的调用

Filed under: Java — 标签:, , , , , , , — lizongbo @ 22:51

扩展java.net.URL支持自定义协议来优化hessian调用

hessian是个高性能的java RPC调用协议,但是官方默认只提供了基于http和https两种方式的远程调用。
虽然每天使用http方式调用上千万次也没出现性能问题,(有jdk一份功劳,jdk1.5及以上版本支持了http.KeepAlive,
默认设置为: http.KeepAlive.remainingData=512
http.KeepAlive.queuedConnections=10)
但是如果能够改成tcp纯socket长连接池方式,性能是还可以优化的,因为把http的header头信息给省了七七八八。
由于hessian使用的URL和URLConnection来发送hessian请求和应答的,而URL的协议处理是可以扩展的,
因此可以通过扩展URL支持自定义协议来灵活切换hessian使用http或者tcp或者udp方式进行请求发送和接收应答。

查找相关资料后整理了三种扩展方法:

1.通过用户指定的package名称的最后一位作为协议名称(包名要是小写的)。
例如我自定义了三个协议,hessiantcp,hessianudp,hessiantcpudp;
则需要建立三个继承java.net.URLStreamHandler的Handler类(实现类的名字必须是Handler).
即:
com.lizongbo.hessian.protocol.hessiantcp.Handler.java
com.lizongbo.hessian.protocol.hessianudp.Handler.java
com.lizongbo.hessian.protocol.hessiantcpudp.Handler.java

在运行时,还要指定系统属性java.protocol.handler.pkgs
或者在java命令行里增加启动参数:
-Djava.protocol.handler.pkgs=com.lizongbo.hessian.protocol(多个包名之间用竖线隔开,例如:
-Djava.protocol.handler.pkgs=com.lizongbo.hessian.protocola|com.lizongbo.hessian.protocolb)

或者在代码里调用创建URL之前,先执行:
[code]
System.setProperty(“java.protocol.handler.pkgs”,”com.lizongbo.hessian.protocol”);
URL serviceUrl = new URL(“hessiantcp://618119.com/blog/hessian/service”);
[/code]
这样,用户便能够通过URL对象处理hessiantcp://这样的协议了,
否则,使用hessiantcp://这样的协议会导致异常。

参考:http://www.tuscany.org.cn/index.php/Tuscany与JBoss集成中遇到的问题及排除

http://java.sun.com/developer/onlineTraining/protocolhandlers/

2.设置指定的URLStreamHandlerFactory也可以扩展自定义的协议。
[code]
package com.lizongbo.hessian.protocol;

import java.net.*;
import java.util.Hashtable;

class HessianURLStreamHandlerFactory implements URLStreamHandlerFactory {
private String packagePrefix = “com.lizongbo.hessian.protocol”;
protected static Hashtable handlers
= new Hashtable
();
private URLStreamHandlerFactory otherFactory;
static {
URLStreamHandler handler = new com.lizongbo.hessian.protocol.
hessiantcp.Handler();
handlers.put(“hessiantcp”, handler);
handler = new com.lizongbo.hessian.protocol.hessianudp.Handler();
handlers.put(“hessianudp”, handler);
handler = new com.lizongbo.hessian.protocol.hessiantcpudp.Handler();
handlers.put(“hessiantcpudp”, handler);

}

public HessianURLStreamHandlerFactory() {
this(null);
}

public HessianURLStreamHandlerFactory(URLStreamHandlerFactory otherFactory) {
this.setOtherFactory(otherFactory);
}

public void setOtherFactory(URLStreamHandlerFactory otherFactory) {
this.otherFactory = otherFactory;
}

public URLStreamHandlerFactory getOtherFactory() {
return otherFactory;
}

public URLStreamHandler createURLStreamHandler(String protocol) {
URLStreamHandler handler = handlers.get(protocol);
if (handler != null) {
return handler;
}
try {
String clsName = packagePrefix + “.” + protocol + “.Handler”;
Class cls = null;
try {
cls = Class.forName(clsName);
} catch (ClassNotFoundException e) {
ClassLoader cl = ClassLoader.getSystemClassLoader();
if (cl != null) {
cls = cl.loadClass(clsName);
}
}
if (cls != null) {
handler = (URLStreamHandler) cls.newInstance();
handlers.put(protocol, handler);
return handler;
}
} catch (Exception e) {
// any number of exceptions can get thrown here
}

if (otherFactory != null) {
return otherFactory.createURLStreamHandler(protocol);
}
if (“http”.equalsIgnoreCase(protocol)) {
return null; //返回非null的URLStreamHandler还可以覆盖java默认实现协议的URLStreamHandler
}

return null;
}

}

[/code]

在代码里调用创建URL之前,先执行:
[code]
static{
try {
/**
该行代码只能执行一次,否则会抛出工厂已经定义的错误,错误信息如下:
java.lang.Error: factory already defined
at java.net.URL.setURLStreamHandlerFactory(URL.java:1074)
这样的方式还有个缺点,就是工厂一旦被其它第三方组件占用,那么使用这个方法就只能二者选一,
除非其它组件支持创建URLStreamHandlerFactory实例,
因为java.net.URL是不提供获取已经设置存在的factory的方法的。

*/
URL.setURLStreamHandlerFactory(new HessianURLStreamHandlerFactory());
} catch (Exception ex) {

}
}
URL serviceUrl = new URL(“hessiantcp://618119.com/blog/hessian/service”);
[/code]

早期java没有自带jsse的时候,想要使用到https协议就需要类似的处理,
参考: http://www.javaworld.com/javaworld/javatips/jw-javatip96.html

3.在创建URL的时候,手工识别,并实现自定义协议所需的URLStreamHandler.
代码如下:
public ProtobufRpcChannel(String url) {
try {
if (url != null && url.toLowerCase().startsWith(“hessiantcp://”)) {
serviceUrl = new URL(null, url, new URLStreamHandler() {
protected URLConnection openConnection(URL u) throws
IOException {
return null;//在这里处理
}
});
} else {
serviceUrl = new URL(url);
}
} catch (MalformedURLException ex) {
ex.printStackTrace();

}

可以参考一个jms协议的扩展例子:http://www.ibm.com/developerworks/cn/java/l-jms/index.html

有个注意事项,如果试用了非http方式的发送hessian请求,
接口调用方法的返回值不能够是java.io.InputStream,因为hessian的代码里写死了:
在返回InputStream的时候,连接类别被强行转成HttpURLConnection(但是ResultInputStream里对httpConn并没啥特别的操作,
暂时没看懂作者为何这样写的)

[code]
Object value = in.readObject(method.getReturnType());

if (value instanceof InputStream) {
value = new ResultInputStream(httpConn, is, in, (InputStream) value);
is = null;
httpConn = null;
}
[/code]

2007年10月23日

tomcat启用apr的情况下使用非自签名证书进行ssl双向认证配置

Filed under: Tomcat — 标签:, , , , , — lizongbo @ 08:47

Tomcat的apr组件是使用JNI用来提升Tomcat的系统性能,在启用apr特性之后,Tomcat的 https功能不能使用JSSE的证书配置,
而需要使用OpenSSL,对于clientAuth的双向认证配置,也与一般方式不同,经过试验,摸索出配置步骤如下:

证书文件的制作步骤如下:

下载并安装openvpn,然后在
C:\Program Files\OpenVPN\easy-rsa下根据readme指导的步骤生成根证书,服务器证书(非自签名证书),客户端证书.

我的具体步骤:
1.命令行下进入 C:\Program Files\OpenVPN\easy-rsa
首先运行init-config.bat
当前目录下会生成openssl.cnf和vars.bat
2.编辑vars,bat,修改以下变量,保存文件.
set KEY_SIZE=2048
set KEY_COUNTRY=CN
set KEY_PROVINCE=GD
set KEY_CITY=ShenZhen
set KEY_ORG=zongbo.Inc
set KEY_EMAIL=lizongbo@618119.com

3.命令行下运行
vars.bat
clean-all
4.创建ca证书
1. vars
2. build-ca
5.创建服务器公匙密码
(由于KEY_SIZE设置成了2048,因此可能需要很长的是时间才能创建,此时可以改回1024)
1. vars
2. build-dh

6.创建服务器证书和key.
1. vars
2. build-key-server www

7.创建客户端证书(创建可导入的格式)
1. vars
2. build-key-pkcs12 lizongbo

以下是整个命令执行的过程

C:\Program Files\OpenVPN\easy-rsa>init-config

C:\Program Files\OpenVPN\easy-rsa>copy vars.bat.sample vars.bat
已复制 1 个文件。

C:\Program Files\OpenVPN\easy-rsa>copy openssl.cnf.sample openssl.cnf
已复制 1 个文件。

C:\Program Files\OpenVPN\easy-rsa>vars.bat

C:\Program Files\OpenVPN\easy-rsa>clean-all
系统找不到指定的文件。
已复制 1 个文件。
已复制 1 个文件。

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>build-ca
Loading ‘screen’ into random state – done
Generating a 2048 bit RSA private key
…………………………………..+++
……………………………………………………………………..
……………………………………………………………………..
…………………….+++
writing new private key to ‘keys\ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:CN
State or Province Name (full name) [GD]:GD
Locality Name (eg, city) [ShenZhen]:ShenZhen
Organization Name (eg, company) [zongbo.Inc]:zongbo.Inc
Organizational Unit Name (eg, section) []:lzb.Inc
Common Name (eg, your name or your server’s hostname) []:ca.lizongbo.com
Email Address [lizongbo@618119.com]:lizongbo@618119.com

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>build-dh
Loading ‘screen’ into random state – done
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
………………………………………………..+……………..+…..
……………………………………………………………..+……..
……………………………………………………………………..
………………….+…………………………………………………
……………………………………………………………………..
……………………………………………………………………..
…………………..+…………………………………………..+…..
…………………………………+………………………..+……….
……………………………………………………………..+……..
………………………………………………………….+…………
………………………….+…………………………………………
……………………………………………………………+……….
……………………………………………………………………..
…+…………………………………+………..+……………………
………………………………+…………………………………….
……………………………………………………………………..
.+………………………………………………………………+…..
……………………………………………………………………..
………………………………………………………….+…………
…………………………………………
C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>build-key-server www
Loading ‘screen’ into random state – done
Generating a 2048 bit RSA private key
……….+++
…………………………….+++
writing new private key to ‘keys\www.key
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:CN
State or Province Name (full name) [GD]:GD
Locality Name (eg, city) [ShenZhen]:ShenZhen
Organization Name (eg, company) [zongbo.Inc]:zongbo.Inc
Organizational Unit Name (eg, section) []:lzb.Inc
Common Name (eg, your name or your server’s hostname) []:www.618119.com
Email Address [lizongbo@618119.com]:lizongbo@618119.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:lizongbo
An optional company name []:lzb.cmp
Using configuration from openssl.cnf
Loading ‘screen’ into random state – done
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’CN’
stateOrProvinceName :PRINTABLE:’GD’
localityName :PRINTABLE:’ShenZhen’
organizationName :PRINTABLE:’zongbo.Inc’
organizationalUnitName:PRINTABLE:’lzb.Inc’
commonName :PRINTABLE:’www.618119.com
emailAddress :IA5STRING:’lizongbo@618119.com
Certificate is to be certified until Sep 17 02:27:21 2017 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>build-key lizongbo
Loading ‘screen’ into random state – done
Generating a 2048 bit RSA private key
……………+++
……………………+++
writing new private key to ‘keys\lizongbo.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:CN
State or Province Name (full name) [GD]:GD
Locality Name (eg, city) [ShenZhen]:ShenZhen
Organization Name (eg, company) [zongbo.Inc]:zongbo.Inc
Organizational Unit Name (eg, section) []:lzb.Inc
Common Name (eg, your name or your server’s hostname) []:lizongbo
Email Address [lizongbo@618119.com]:lizongbo@618119.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:lizongbo
An optional company name []:lzb.cmp
Using configuration from openssl.cnf
Loading ‘screen’ into random state – done
DEBUG[load_index]: unique_subject = “yes”
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’CN’
stateOrProvinceName :PRINTABLE:’GD’
localityName :PRINTABLE:’ShenZhen’
organizationName :PRINTABLE:’zongbo.Inc’
organizationalUnitName:PRINTABLE:’lzb.Inc’
commonName :PRINTABLE:’lizongbo’
emailAddress :IA5STRING:’lizongbo@618119.com
Certificate is to be certified until Sep 17 02:28:38 2017 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\Program Files\OpenVPN\easy-rsa>

证书文件的安装步骤如下:

在IE中 :
在资源管理其中,双击easy-rsa\keys\ca.crt,导入根证书.双击www.crt,导入服务器证书,双击lizongbo.p12,导入客户端证书.

在Firefox中:

主菜单–>工具–>选项–>加密,察看证书–>证书机构->导入,选择ca.crt,导入之后,选中刚导入的证书,然后点”编辑”,将三项新任设置全部打上钩.

切换面板到”web站点”,导入,选择www.crt,导入之后,选中刚导入的证书,然后点”编辑”,选择”信任此证书的认证”

切换到”您的证书”,导入,选择lizongbo.p12, 输入生成证书时设置的密码,导入成功.
(Firefox中如果不首先导入根证书,Firefox会提示-12227错误,”接收到错误或未期望的消息,错误号-12227 “, 与IE的表现不同)
(more…)

2007年10月20日

seo

Filed under: — 标签:, , , , — lizongbo @ 23:16

基于Wordpress的搜索引擎步骤

1.使用独立的域名.
2.安装Sitemap插件.
3.添加robots.txt
4.到Google去提交网站地址:
http://www.google.com/addurl/?hl=zh-CN

5.到百度去提交网站地址:
http://utility.baidu.com/addurl/validcode.php
6.到yahoo去提交网站地址:
https://siteexplorer.search.yahoo.com/submit
(提交sitemap)

7.注册feedsky.生成feed.

8.在曾经的blog记录新的blog地址.

参考:

http://www.todocn.com/blog/article.asp?id=671

http://www.adsenser.org/show-607-1.html

安装了 有道相关博文推荐 插件(有道通过分析文章内容,自动推荐相关博客文章)

安装了 Simple Tags 插件。

Powered by WordPress