[Performance Tuning] - HMAC_SHA1 encryption using TOTP (javax.crypto.MAC) performance problems in SPARC
by Daniel Jimenez Becerra
Daniel Jimenez Becerra [http://community.jboss.org/people/danielfjb] created the discussion
"HMAC_SHA1 encryption using TOTP (javax.crypto.MAC) performance problems in SPARC"
To view the discussion, visit: http://community.jboss.org/message/603738#603738
--------------------------------------------------------------
Hi, I'm trying to implement a method to synchronize TOTP cards. In case the server clock and the card clock were different. So I generate a lot of TOTP keys in case to compare it with the real key so at the end I get both of the times in the server. That works in x86 (Sunfire x2200) perfectly and does not take a lot of time doing that (like 2 minutes generating 800000 keys). But when I test it on Oracle BM SPARC (T1000 LDOM 1.1) takes I lot of time. I did all kind of profiling stuff but all point to the method of the generation the TOTP in the HMAC_SHA1.
here is the code (based on JBoss 6 OTP implementation)
*
*
public synchronized static String generateTOTP(String key, String time, int returnDigits, String crypto) throws GeneralSecurityException {
String result = null;
byte[] hash;
// Using the counter
// First 8 bytes are for the movingFactor
// Complaint with base RFC 4226 (HOTP)
while(time.length() < 16 ) {
time = "0" + time;
}
// Get the HEX in a Byte[]
byte[] msg = hexStr2Bytes(time);
// Adding one byte to get the right conversion
byte[] k = hexStr2Bytes(key);
hash = hmac_sha1(crypto, k, msg);
// put selected bytes into result int
int offset = hash[hash.length - 1] & 0xf;
int binary =
((hash[offset] & 0x7f) << 24) |
((hash[offset + 1] & 0xff) << 16) |
((hash[offset + 2] & 0xff) << 8) |
(hash[offset + 3] & 0xff);
int otp = binary % DIGITS_POWER[ returnDigits ];
result = Integer.toString(otp);
while (result.length() < returnDigits ) {
result = "0" + result;
}
return result;
}
private static byte[] hmac_sha1(String crypto, byte[] keyBytes, byte[] text) throws GeneralSecurityException {
Mac hmac;
hmac = Mac.getInstance(crypto);
SecretKeySpec macKey = new SecretKeySpec(keyBytes, "RAW");
hmac.init(macKey);
return hmac.doFinal(text);
}
I need help either to use another library or finding the right configuration for the SPARC.
It is supposed the code runs max. one time per user in production, that depends in the synchronization between the server clock and the OTP card clock.
Basically the algorithm takes two consecutive keys (each 30 seconds the password changes) from the user, saving the time (server clock) for each one when the user clicks next. With both keys the server look up at what time (in server clock) the key has been generated. Performing a simple subtraction I can get the difference of times when the user generates the otp and when the server generates it.
The algorithm simply look up five days ago, and five days further the same key each 30 simulated seconds, and reports the time when it founds an equal key. It's a brute force search, but in this case I really don't know how to do it differently.
So the problem is in the type of server, because in the x86 runs the synchronization in 3 minutes or less, but in the SPARC takes 30 minutes or maybe more. It should be some native code that has problems with this implementation of javax.crypto.Mac
Hope I do make my self clear
Thanks in advance to everybody.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/603738#603738]
Start a new discussion in Performance Tuning at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 6 months
[jBPM] - A question on the jBPM 5 Multi-Tenancy
by byungwoojun
byungwoojun [http://community.jboss.org/people/byungwoojun] created the discussion
"A question on the jBPM 5 Multi-Tenancy"
To view the discussion, visit: http://community.jboss.org/message/592497#592497
--------------------------------------------------------------
Does the jBPM 5 support multi-tenancy? Typically, from the database perspective, there are three multi-tenancy strategies: 1) separate database, 2) shared database but separate schema, and 3) shared database and shared schema. By looking at the jBPM 5 database schema, it seems to me that it does NOT handle the # 3 case because it does not have the tenant id colume (except the human-task related database tables that have the actor id).
Howe about the #2 case? If I create a separate schema (through hibernate or so) per tenant and give the schema pesmission to the tenant, will the jBPM 5 support it with some hibernate-related configuration?
How about the guvnor? The guvnor stores resources (bpmn2, rules, etc.) to its repository storages (db, file?). Can I store the process definitions per tenant? Is it possible to control visibility of the process definitions for a certain tenant when the resources are added into the knowledge builder using the resourcefactory guvnor URL by providing the tenant id?
Thanks,
bwj
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/592497#592497]
Start a new discussion in jBPM at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 6 months
[jBPM] - jBPM 5-Asynch Notification/Receiving Task?
by Rama Kaldindi
Rama Kaldindi [http://community.jboss.org/people/k.ramaraju] created the discussion
"jBPM 5-Asynch Notification/Receiving Task?"
To view the discussion, visit: http://community.jboss.org/message/603099#603099
--------------------------------------------------------------
Hi All,
Iam in process of exploring/evaluating jBPM 5 and BPMN 2.0. And one of the use cases that iam really interested in is:
- Create a business process where each task/activity invokes a REST WS.
- The process should proceed to next task/activity only when an Asynch notification is received (probaly via receiving WS) on completion of business operation ( Note: Here business operation completetion does not mean the REST WS Synchronous http response. But rather completion of a business activity that was originally triggered byinvoking the REST WS in bpm activity).
Now, I understand that a process can block for external messages using events but since events (event types) cannot be defined dynamically, Iam looking for a way to block the process until some external (dynamic) message is received. And such received message be evaluated for certain conditions. If conditions are satisfied, then the process should proceed to next task/activity/node. If not, then it should go back to the 'waiting' stage again until appropriate message for that task is received (kind of conditional loop).
So:
- How do I achieve the above?
- 'Receive Task' looks close to what Iam looking for but since the eclipe plugin for BPMN 2.0 does not seem to support it, I did not find a way of 'plugging' my condition or Java code in the task.
- Does JBPM 5.0 engine continue to support 'Receive Task'?
- Are there other alternatives to achieve the same in the current jBPM 5 implementation?
Please advice.
Regards
Rama
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/603099#603099]
Start a new discussion in jBPM at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 6 months
[JBoss Web Services] - Error trying to create web service in JBoss Developer Studio
by Steve Singer
Steve Singer [http://community.jboss.org/people/stevesinger] created the discussion
"Error trying to create web service in JBoss Developer Studio"
To view the discussion, visit: http://community.jboss.org/message/603709#603709
--------------------------------------------------------------
Not sure if this is the correct forum, but I figured since it's JbossWS based, someone here has a good chance of having a similar error.
I am having an error trying to create a web service in JBoss Developer Studio 3.0.1. I am performing the following steps:
* Verified that the JBossWS is installed and running on my instance of JBoss 5.0
* Create a dynamic web project that is tied to my instance of JBoss 5.0
* Go into the project and set the project facets to point to the JBoss Web Services Core
* Create a simple class -- here is the complete source code:
package com.ws.test;
import javax.jws.WebMethod;
import javax.jws.WebService;
@WebService
public class HelloWorld {
@WebMethod
public String sayHello(String name) {
return "Hello " + name;
}
}
* I then select the class, click New > Other... > Web Services > Web Service
* I select "Bottom Up Java Bean Web Service" and leave all the other defaults.
* Click "Next"
* Choose "Generate WSDL' and "Update web.xml" then click "Next" and I get the following window --
Error: Could not generate. (use --show-traces to see full traces)
Error: Failed to load: org.jboss.ws.core.jaxws.CustomizableJAXBContextFactory
Any idea what I am doing wrong? Thanks in advance
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/603709#603709]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 6 months
[JBoss AOP] - Passing MetaData through Invocations
by Steven Op de beeck
Steven Op de beeck [http://community.jboss.org/people/stevenodb] created the discussion
"Passing MetaData through Invocations"
To view the discussion, visit: http://community.jboss.org/message/603708#603708
--------------------------------------------------------------
I'm trying to use the JBoss AOP *Invocation structure to pass metadata between two advices on the same Jointpoint (one call, the other exection). I read this in the documentation of JBossAOP:
You can attach untyped metadata to the invocation object, or even to the response. This allows advices to pass contextual data to one another in the incoming invocation or outgoing response for instance if you had advices running on a remote client that wanted to pass contextual data to server-side aspects. This method on invocation gets you access to a org.jboss.aop.metadata.SimpleMetaData instance so that you can attach or read data. SimpleMetaData getMetaData()
So I was hopeful that I could push some metadata on in one advice, and pull it of in a later advice. However, I don't seem to be able to get it to work. All I'm pulling off at the receiving end are null-pointers.
Some example code:
Caller side aspect:
@Aspect(scope=Scope.+PER_INSTANCE+)
*public* *class* HelloWorldCaller {
@PointcutDef("call(java.lang.String $instanceof{backend.HelloBackEndRemote}->getValue(..))")
*public* *static* Pointcut +getValueCallerPointcut+;
@Bind(pointcut="hello.HelloWorldCaller.getValueCallerPointcut", type=AdviceType.+AROUND+)
*public* Object helloAdv(CallerInvocation invocation) *throws* Throwable {
Object invResult = *null*;
SimpleMetaData md = invocation.getMetaData();
md.addMetaData("pom", "appel", "peer", PayloadKey.AS_IS);
*try* {
invResult = invocation.invokeNext();
} *catch* (Exception e) {
e.printStackTrace();
}
*return* "[caller " + invResult + "]";
}
}
Callee side aspect:
@Aspect(scope=Scope.+PER_INSTANCE+)
*public* *class* HelloWorldCallee {
@PointcutDef("execution(java.lang.String $instanceof{backend.HelloBackEndRemote}->getValue(..))")
*public* *static* Pointcut +getValueCalleePointcut+;
@Bind(pointcut="hellocruel.HelloWorldCallee.getValueCalleePointcut", type=AdviceType.+AROUND+)
*public* Object helloAdv(MethodInvocation invocation) *throws* Throwable {
Object invResult = *null*;
SimpleMetaData md = invocation.getMetaData();
Object obj = invocation.getMetaData("pom", "appel");
Object obj2 = invocation.getResponseAttachment("appel");
*try* {
invResult = invocation.invokeNext();
} *catch* (Exception e) {
e.printStackTrace();
}
String result = "";
*if* (invResult != *null*) {
result = (String)invResult;
}
*return* result + " [callee Goodbye World.]";
}
}
Even when I'm debugging the respectitive MetaData fields in the MethodInvocation object are null.
Is this supported behaviour? Am I doing something wrong?
Thanks in advance.
Steven.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/603708#603708]
Start a new discussion in JBoss AOP at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 6 months
[JNDI and Naming] - Re: lookup a session bean inside a servlet
by Andrzej Goławski
Andrzej Goławski [http://community.jboss.org/people/andi-g] created the discussion
"Re: lookup a session bean inside a servlet"
To view the discussion, visit: http://community.jboss.org/message/603699#603699
--------------------------------------------------------------
No problem :)
Try to use:
@Stateless
*@LocalBinding(jndiBinding = "myProject/OperazioniUtenti/local")*
public class +OperazioniUtentiBean+ implements +OperazioniUtenti+
then you'll be able to write in your servlet:
*lookup("myProject/OperazioniUtenti/local")*
For remote:
*@Remote*
@Stateless
*@RemoteBinding(jndiBinding = "myProject/OperazioniUtenti/remote")*
public class +OperazioniUtentiBean+ implements +OperazioniUtenti+
Remember to use @Remote while using @RemoteBinding.
Good idea (in my opinion) is to create two separated jars:
1. BookShop.jar or BookShopImpl.jar to keep Beans' implementations (EJB)
2. BookShopApi.jar to keep only interfaces
After that you can safely put BookShopApi to WEB-INF/lib dir or include to other client's application.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/603699#603699]
Start a new discussion in JNDI and Naming at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 7 months