Freemarker and java.time

I noticed that Freemarker¹ does not yet support the Java SE 8 Date and Time². I noticed this, because I tried it. It just tries to parse the toString() and it fails.

There's already blogs about it.

So I had to add a little dependency to provide this, courtesy of Jakob Vad Nielsen³.

<dependency>
    <groupId>no.api.freemarker</groupId>
    <artifactId>freemarker-java8</artifactId>
    <version>1.1.5</version>
</dependency>

Of course, it's not native support, you still have to call specific methods to parse this. But it works in my case.

It means I have to change some of my templates around, as described below:

Published Date ${blog.createDate?datetime}

Instead should be:

Published Date ${blog.createDate.format()}

References

[1] FreeMarker Java Template Engine

https://freemarker.apache.org/

[2] Java Technical Details - Java SE 8 Date and Time

https://www.oracle.com/technical-resources/articles/java/jf14-date-time.html

[3] GitHUb - Java library adding support for the Java 8 java.time api to FreeMarker.

https://github.com/lazee/freemarker-java-8

Git Worktrees

Since git 2.8 it is possible to work with "Worktrees". These are extra maps you can use to checkout a branch. This is instead of changing your current working directory contents by checking out a different branch (and by extention messing up your build targets and artifacts and stuff).

At work, unfortunately, we are using Fedora Core 25 (a little old, but we are sure to update any day now).

So I decided to install git from source¹. Apparently we're already up to version 2.23.0

At home, I do not use worktrees², and I managed to avoid it at work too. But the situation has progressed in such a fashion that the branches are starting to differ soo much that a reset maven profiles/clean/rebuild/redeploy is required when switching branches, costing me valuable development time.

Creating a new worktree from the master

git worktree add -b feature_branch ../new_folder

Creating a new worktree from the master from an existing branch

git worktree add ../new_folder feature_branch

Use --detach instead of -b branch to create a worktree without a branch.

Gebruik --detach ipv -b branch om een losgekoppelde worktree aan te maken zonder een branch.

Removal of a worktree

rm -rf ../new_folder && git worktree prune

It all seems easy enough.

For some reason the new git also enables me to simply checkout the svn repo (we're still using SVN at the moment) without any pains like in the past (for example bombing out because it takes too long). Perhaps something has changed in our SVN setup, I don't know.

References

[1] Git - see kernel.org link on the page

https://git-scm.com/download/linux

[2] Git - manpage worktree

https://git-scm.com/docs/git-worktree

StackOverflow - What would I use git-worktree for?

http://stackoverflow.com/questions/31935776/what-would-i-use-git-worktree-for

Atomic Object - Parallelize Development Using Git Worktrees

https://spin.atomicobject.com/2016/06/26/parallelize-development-git-worktrees/

Atlassian - Six cool features of the Git 2.x series

https://developer.atlassian.com/blog/2015/10/cool-features-git-2.x/

GAUI.SI - Git worktree feature

https://www.gaui.is/git-worktree-feature/

Hello, production

Recently saw this blogpost¹ among incoming tweets, and it's good enough to mention here.

References

[1] Pete Hodgson - Hello, production

https://blog.thepete.net/blog/2019/10/04/hello-production/

Ref: Filtering a Stream of Optionals in Java

Recently got a little annoyed that I always have to combine a filter with Optional::isPresent with a map with Optional::get.

A quick search on the Internets, found a good resource about how this can be done, and in the future should be done.

See the references. Let me know if you have something better.

References

Baeldung - Filtering a Stream of Optionals in Java

https://www.baeldung.com/java-filter-stream-of-optional

Automating Importing Let's Encrypt Certificates into Payara/Glassfish

Well, I already made a blogpost on letsencrypt certificates in payara¹.

In this blogpost I mentioned a python script that automatically renews certificates for payara². Unfortunately, it's not quite a perfect fit for me, as I do not run payara on port 80, which the script requires.

My setup has an nginx running on port 80, that basically forwards all requests to the https version of the website.

So I could simply turn off nginx, re-certify and turn nginx back on.

This simple bash script is as follows:

Running it will give you:

$ source renew_letsencrypt_certificates.sh
---- Starting.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.mrbear.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.mrbear.org
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/www.mrbear.org/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/www.mrbear.org/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
---- Adding certificates...
/home/payara/payara5/glassfish/domains/production/config/keystore.jks
Private key with alias [s1as] added to keystore /home/payara/payara5/glassfish/domains/production/config/keystore.jks.
Command add-pkcs8 executed successfully.
---- Disabling http listener...
server.network-config.network-listeners.network-listener.http-listener-2.enabled=false
Command set executed successfully.
---- Enabling http listener...
server.network-config.network-listeners.network-listener.http-listener-2.enabled=true
Command set executed successfully.
---- Done.

And your certificate is renewed. I am most pleased that this is soo easy in Payara/Glassfish.

In order to properly automate this, the master password must be stored somehow, and it's possible to do this via the --passwordfile=passwordfile.txt commandline parameter.

I found a good blogpost on how to do this at .Lost in Coding³.

And also the blogpost on [4] to get me started on how to do this.

Verifying that the keystore contains the appropriate stuff, can be done as follows:

# keytool -list -keystore /home/payara/payara5/glassfish/domains/production/config/keystore.jks
Enter keystore password:
Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

glassfish-instance, Jan 22, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA1): WZ:B6:4N:8V:AT:YP:QC:9N:VT:HA:WI:NQ:B[:V8:0W:YT:B8:AW:YT:VQ
s1as, Sep 25, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA1): N8:5Y:AN:SV:N8:9W:4T:Y7:9W:V9:W4:VT:8Y:WV:4N:W4:VT:FB:8S:4E

To get more information, try:

keytool -list -v -keystore /home/payara/payara5/glassfish/domains/production/config/keystore.jks

Or for a specific alias:

keytool -list -v -keystore /home/payara/payara5/glassfish/domains/production/config/keystore.jks -alias s1as

References

[1] Enabling SSL in Payara with certificate from Let's Encrypt.

https://randomthoughtsonjavaprogramming.blogspot.com/2019/01/enabling-ssl-in-payara-with-certificate.html

[2] github - Let's encrypt script to retrieve and upload keys/certificates to Payara

https://gist.github.com/ratcashdev/1b09877d37e02ef5170bf9e60c377f34

[3] .Lost in Coding - Configure Payara Server passwords in Docker

https://ondro.inginea.eu/index.php/configure-passwords-in-payara-server-and-glassfish/

[4] Payara Blog - TLS certificates with Payara Server and Let's Encrypt

https://blog.payara.fish/configuring-ssl/tls-certificates-with-payara-server-and-lets-encrypt