Skip to main content

lindner
 

Sunday Streets are pretty cool, it helps you to see what things would be like without cars crowding out everything.

1 min read

Sunday Streets are pretty cool, it helps you to see what things would be like without cars crowding out everything.

Also, consider following Spare the Air, Bay Area if you live in the Bay Area -- you get Google+ events like this and the latest pollution alerts. 

Originally shared by Spare the Air, Bay Area

We hope to see you this weekend at Sunday Streets. Visit our booth to learn how to Spare the Air and improve the health of your community.

http://www.sundaystreetssf.com/

events/cj53rart464bjbikrqp43frflqg

0 stars 0 comments

lindner
 

Tomcat and SSL Accelerators

3 min read

Using an SSL Accelerator like a Netscaler is really useful, you can offload a lot of work to a device that supports this in hardware and can use SSL session affinity to send requests to the same backend.  In the simplest setup the SSL Accelerator accepts the request and proxies it to your internal set of hosts running on port 80.

However, code that generates redirects and URLs works poorly because the servletRequest.getScheme(), getSecure() and getServerPort() will return http/false/80 for SSL and non-SSL connections.
One way to solve this is listen on multiple ports.  Create a Connection on 80 and 443, but do not run SSL on either port.  Then for the 443 port you configure it with secure="true" and scheme="https".  This is suboptimal however as then you have to manage yet another server pool in your load balancer and you end up sending twice the health checks.  Not so good.
You might try to solve this by using a ServletFilter.  You can use an HttpServletRequestWrapper instance to change the scheme/port/and secure flag.  Sadly this doesn't work, because of the way tomcat implements HttpServletResponse, it uses the original request object to ascertain the scheme/secure flag/port.  Overriding these will allow application logic to see the updated values.  You get into trouble when you call encodeRedirectURL() or sendRedirect() with non-absolute URLs.
Lucky for us Tomcat supports a way to inject code into the connection handling phase via Valves.  A valve can query and alter the Catalina and Coyote request objects before the first filter is run.  
To make your Valve work you'll need to configure your load balancer to send a special header when SSL is in use.  On the Netscaler this can be done by setting owa_support on.  With that enabled the http header Front-End-Https: On is sent for requests that use SSL.
Once we have these pieces in place the Valve is fairly straightforward:

import java.io.IOException;

import javax.servlet.ServletException;

import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;

public class NetscalerSSLValve extends ValveBase {

        @Override
        public void invoke(Request req, Response resp) throws IOException, ServletException {
                if ("On".equals(req.getHeader("Front-End-Https"))) {
                    req.setSecure(true);
                    req.getCoyoteRequest().scheme().setString("https");
                    req.getCoyoteRequest().setServerPort(443);
                }
                if ( getNext() != null ) {
                        getNext().invoke(req, resp);
                }
        }
}

Compile this, stick it in the tomcat lib directory, add an entry in your server.xml and away you go.

0 stars 4 comments

lindner
 

A Visit to St. Francis

4 min read

I'm not one to share too much or go off writing long expositions, but sometimes events just do that to you.. 
My visit to the emergency room at St. Francis Hospital was that type of event.

The Situation:  After finding a stabbing pain in my chest making it difficult to breath and impossible to drive,  Julie and I cabbed over to the closest emergency room:  St Francis at Pine and Hyde.  Right on the edge of San Francisco's Tenderloin neighborhood.  Of course if I'd been able to get an appointment within a reasonable amount of time with the clinic I'm at this could have been avoided, but that's another story.......

The Scene:  Baby faced doctor in clothes that look two sizes too big.  Panes of glass more at home in a check cashing establishment.  Scattering of beat up vinyl chairs and a TV tuned to really awful ABC sitcoms.  Give my medical infomation, sign away my rights and waiting.  No clue how long.

Enter two tourists.  Overhear about their cable car incident, Palm frond stabbed in the eye.  Next up a crazy confused guy doesn't know why he's there and no one cares.  He's followed by a woman who has that prune-like junkie face with sunken eyes.  That stuff will artificially age you.

"According to Jim" is playing their Halloween episode.  It is truly awful.  The volume is way too loud.

Next, get triaged after about 30 minutes.  Nurse has no clue about what it is and no idea how long I will need to wait.

In the meantime orderlies are moving beds up and down the hallways containing people living on the lowest rungs of society.  It's a mystery why they're there, where they're going and where they came from.  Up and down the hallway.

The George Lopez show comes on.  It's laughtrack is ineffective.  Not funny.  A half hour passes.......

Some student types drop by.  They're talking excitably about star trek holodecks and a specific episode and what they'd change.  And oh wouldn't it be great to have a 24 hour holodeck you could just drop by whenever... And wasn't there an evil Data and a good Data in one of those episodes...

An woman comes by in a wheelchair pushed by her young daugher, her bleached hair contrasting with her ebony skin.  Parenting doesn't become her.

An alarm goes off.  No one blinks, no one moves.  I look at the blinking booping annunciator and notice the little man running from flames and ask if we should evacuate.  Blank stares from the people waiting and no movement from the staff.  We all wait....  It stops about five minutes later.

A "regular" comes in and says his teeth hurt like hell, and says hiya doing my friend, what brings you down here behind a pair of wide dilated eyes that just signal danger.

ABC's "The One" comes on.  Badly dyed facial hair and people who can't sing.  We walk out to the door, considering just leaving since I feel a little better.

Then major drama three people drop in.  A woman says she's been stabbed.  Another prunish faced woman and helps the woman in.  She has the suntan that comes from being forced to live outdoors and is weak.  The kid behind the glass gives her the papers, which she weakly tries to fill out. 

While she's doing that I get called in.  The Doc with the accent you can't quite place says that it's all just a muscle pull in my ribcage, and that it sure hurts doesn't it?  Gets the nurse to jab my butt full of painkiller, gives me a prescription for more and sends me on my way.  Try to ask him about the stabbed woman, but he just goes on about his business.  Then we're done.

The stabbed lady is sitting there, still vacant look on her face.  Dilated eyes guy with the dirty black hair rushes out saying "I mean nothing to these people" while an orderly tells him to not come back.  Bad signing and even worse commercials are still pounding out of the TV.
 
We leave and get a cab home.


0 stars 3 comments