Kishor Gandham's personal blog

In many ATG implementations, ATG storefront application server instances will be load balanced behind a web server (ex: Apache, Nginx etc…). In some cases the web server is also used as an SSL accelerator (SSL certificates are deployed on web server instead of app server) to offload processor intensive public-key encryption algorithms from the application server. In such scenarios, one of the issues we face is that the application server code is unaware that a request is SSL request unless it examines the URL (http vs https) or the protocol (as SSL tunnel is terminated at web server). To compound the problem, different application servers have different logic to determine if the current request is a secure request or not.

Most ATG formhandlers include code to redirect to a JSP after business logic and the general practice is to provide the relative path of the JSP and not provide the entire URL with the http/https protocol indicator. In such cases, the application server is expected to determine the protocol of the redirect URL based on the protocol of the originating request.

In a specific ATG implementation, I was using Weblogic as the application server and in this scenario if the formhandler POST was done on SSL, ATG was redirecting back to non-secure URL (http instead of https). After going through weblogic documentation, it turns out that Weblogic expects a specific header to be added to the request when SSL request termination happens before the request reaches weblogic.

Following is the change to be done on nginx webserver for adding the header needed by Weblogic:

server {
    listen 443;
    location /myapp {
        proxy_pass http://weblogic-inst:7001/myapp;
        proxy_set_header Host $host;
        proxy_set_header WL-Proxy-SSL true;
     }
 }

I have skipped most of the other configuration in nginx as that is beyond the scope of this post.
Similarly, for apache the config change would look as follows:

<Proxy balancer://myapp>
    RequestHeader set WL-Proxy-SSL true
    BalancerMember http://weblogic-instance:7001
</Proxy>

If you are using Big-IP as your SSL accelerator, a similar change will be needed on Big-IP.

Other application servers like IBM Websphere may have a different way of identifying secure request. I will cover that in a different post.

Update 30-Apr-2013:

Just found this link from IBM support site on handling this condition in Websphere server

http://www-01.ibm.com/support/docview.wss?uid=swg21221253

One of the issues faced in any Java/JEE project using JSPs is the excess amount of whitespace and newline characters in the generated HTML. The whitespace/newline characters are introduced in the HTML by JSP tags that don’t generate any HTML output. For example if you use a <c:forEach> tag to loop, the <c:forEach> opening and closing and ending tags do not generate any HTML. For source code readability, if the <c:forEach> opening and closing tags are added on two different lines in the JSP, the generated HTML will have two blank lines. This problem is further compounded if other tags like <c:if> is included inside the forEach tag.

A typical solution for this is to remove whitespaces and new line characters in the source JSP and align all tags in the same line. While this minimizes the amount of whitespace/newlines in the generated HTML, it impacts source code maintainability and readability.

If Maven is being used to assemble the war/ear package, an alternate solution to the problem is to remove the whitespace during the war generation in the “target” folder. An open source plugin replacer automates this process.

Following is a pom.xml snippet that uses the replacer plugin to remove whitespaces from JSPs:

<build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-war-plugin</artifactId>
            <version>2.3</version>
            <configuration>
                <useCache>true</useCache>
            </configuration>
            <executions>
                <execution>
                    <id>prepare-war</id>
                    <phase>prepare-package</phase>
                    <goals>
                        <goal>exploded</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>com.google.code.maven-replacer-plugin</groupId>
            <artifactId>replacer</artifactId>
            <version>1.5.2</version>
            <executions>
                <execution>
                    <phase>prepare-package</phase>
                    <goals>
                        <goal>replace</goal>
                    </goals>
                </execution>
            </executions>
            <configuration>
                <basedir>${project.build.directory}</basedir>
                <filesToInclude>${project.artifactId}/WEB-INF/jsp/**/*.jsp</filesToInclude>
                <token>&gt;\s*&lt;</token>
                <value>&gt;&lt;</value>
                <regexFlags>
                    <regexFlag>MULTILINE</regexFlag>
                </regexFlags>
            </configuration>
        </plugin>
    </plugins>
</build>

The above configuration assumes that the JSP files are located in WEB-INF/jsp folder in the generated war file. If this is different for your project, you would have to change this.

On an average, depending of the nature of the JSP source, the replacer plugin brought about 20% to 50% reduction in the HTML payload generated. Try it out in your project and see if it helps.

When accessing ATG 9.1 documentation stored offline from Chrome browser, you may get an “Unsafe JavaScript attempt to access frame with URL” error. The browser essentially will display a blank page and the developer console will show this error. Unlike some of the other browsers, Chrome treats every file path as its own origin and hence the error.

One solution to resolve the error is by adding the following parameter to chrome startup path:

–allow-file-access-from-files

After Google Chrome, Mozilla Firefox is the latest browser to move to a rapid release development cycle. This accelerated development cycle is expected to deliver new features and bug fixes to users much faster than the older development model. With every upgrade, Firefox will disable Add-ons it thinks are incompatible for the current release. This can be pretty painful if your favorite add-on is not compatible with the latest release of the browser. You will have to wait for the add-on developer to release an upgraded version of the add-on that is compatible with the latest version of the browser.

A lot of times, the add-on that is disabled by Firefox may be compatible with the browser and might just need a manifest update by the add-on developer. In such cases, you may want to remove the compatibility check in Firefox and continue to use the add-on.

To remove the compatibility check, open Firefox type “about:config” (without the quotes) in the url bar and hit enter. Click the I will be careful button. Firefox will display the preference list. Right click in the window and choose New->Boolean. Enter the preference name as “extensions.checkCompatibility.5.0″ (without the quotes) and choose the value of preference as false. (5.0 is the version of Firefox as of 21-June-2011… replace 5.0 with your current version). Restart Firefox and enjoy all your add-ons.

Tesco.com has released public APIs for accessing their grocery online system. These public APIs let developers create applications to shop at Tesco.com from a variety of channels/devices. Tesco.com has released shopping applications for iOS, Windows mobile 7 and Symbian devices. However, an official app for android devices has not yet been released.

I have been thinking about developing an Android app using the public APIs for a while. The first beta version of the app is now ready. In the initial version, the app will have the following features:

• Product catalog browse
• Search (text search, voice search, search by scanning EAN/UPC bar codes)
• Customer login/logout
• Add to basket
• Delivery slot selection
• Checkout

I have tested the application on Nexus One and would be releasing the application to Google Android market place in the next few days. Tesco.com APIs currently do not support user registration, hence the application doesnt have user sign-up option. Users of the app will have to register at Tesco.com. Over the next few weeks, I intend to add additional functionality like displaying current deals, order history and  favourites.

If you are a Tesco.com customer and would like to use the application or a help me in testing the application, you can download the beta version of the apk here.

Update 24-Feb-2011: I have added the application to Android market place with name Grocery Shopper. You can download the market place app from here.

Update 26-Mar-2011: Grocery shopper is now on getjar marketplace. You can download from this mirror here.

Update 07-May-2011: Favourites, offers and UI enhancements added to latest version of app.

Update 02-Jun-2011: Fixed issue with payment page during checkout. The earlier version of the app was only showing  01, 02 for credit card expiration months. New version of the app shows all months.

A common problem with using corporate/office laptops/desktops is the restrictions imposed by system administrators. One common issue faced by most people is the restriction on connecting USB flash drives or USB hard drives to corporate laptops. System admins see usage of mass storage devices as a threat to intellectual property (IP) and use a variety of measures to stop users from using such devices.

One simple technique used by many admins is the usage of Windows 7/Vista group security policy setting. Using the group policy in Windows, a system admin can control the device drivers that can be installed on a system. In this list, a system admin would typically include USB mass storage device drivers. If you happen to have administrative privileges on the laptop, you can change this setting. To change this:

• Click start->run and type gpedit.msc. Click OK to open the local group policy editor.
• In the left pane of the window that opens, navigate to Local Computer Policy->Computer Configuration->Administrative templates->System->Device installation->Device installation restrictions
• In the right pane, locate a setting that says “Prevent installation of devices that match any of these ids”.
• Right click on the setting, choose edit, select “disabled” and click OK.

This should remove any device id/device driver based restrictions imposed. You can now connect your favorite USB storage device.

A couple of years back, when I was using a Sony W810 mobile phone, I used to charge the mobile phone once in a week. Depending on the talk time, the battery even used to last for 8-9 days. However, due to the limited capabilities of the phone, I used it primarily for making calls. Over the last 9 months, I have been using a Nexus One and like any other android powered smartphone, this device lets me do a whole bunch of tasks apart from making phone calls. While the Nexus One offers a host of capabilities, the battery life is not comparable to some of my older phones. There a good number of articles on how you can conserve battery on the Nexus One and other android smartphones. Following are a few techniques I tried out and seem to work for me:

• Battery usage by application: Android provides a decent split up of the applications/processes that are consuming battery in the Battery use application. To access this navigate to Settings->About Phone->Battery use. This would be good starting point to check the apps that are draining the battery and need to be turned off.
• Screen brightness: Navigate to Settings->Display->Brightness to locate the brightness controller. Change the brightness controller to your liking. However, remember that running the device in high brightness provides a great user experience while draining the battery. An alternate option is to keep the brightness in “auto” mode to let android determine the brightness of the screen based on whether you are in bright sunlight or in a dark room.
• 3G Vs 2G network: I have been using a 3G connection fr quite some time now and I personally haven’t noticed any call quality difference while using 3G connection when compared to 2G connection. 3G does offer faster data downloads, but for making voice calls, it doesnt seem to do any better than 2G. However, 3G does drain your battery significantly when compared to 2G. So, I keep my mobile in 2G-only mode most of the time and turn on 3G only when accessing internet. By default, Nexus One operates in “WCDMA preferred” mode and changing it to “GSM only” conserves battery. To change this navigate to Settings->Wireless networks->Mobile networks and tick the “Use only 2G networks” check box. Alternately, go to dial pad and dial *#*#4636#*#* and click “Phone information” scroll down to “Preferred network type” and choose “GSM Only”
• While travelling or at work, if not using wireless connections, it makes sense to turn them off. Nexus One has a widget that lets you turn off Wifi, Bluetooth and satellite GPS. If the widget is not available, you can turn these off from Settings->Wireless networks
• Background data Auto-sync: Quite a few android apps (Facebook, gmail, twitter clients etc…) sync contacts, email, messages etc… in the background. While this is a nice feature that pops up emails as soon as they reach your inbox, this drains the battery quite a bit. To turn off, navigate to Settings->Accounts & sync and turn off “Background data” and “Auto-sync”
• Background services and running applications: A lot of OEMs (Samsung, Motorola, HTC etc…) ship custom apps along with the stock android OS on their phones to differentiate themselves from the competition. Some of these apps can be annoying if you dont find a practical use. The Nexus One is shipped with stock android and minimal application set and hence doesnt have major issues on this front. However, if you have an app/background service that you wouldnt use, it is worth turning off. To do this, navigate to Settings->Applications and click “Running services” and “Manage Applications”. I kill all running services apart from required services like “Android keyboard”. Similarly, locate the apps that you dont use and “Force stop”. There are a good number of apps available on the Android market place that help you kill/manage applications better.
• Turn off data plan: Navigate to Settings->Wireless networks->Mobile networks and check off “Data enabled”. (If you are running android 2.1 or lower OS, this option will not be available. You would need to download one of the free apps from marketplace to turn off data plans/APNs)

Apart from the above stated options a simple google search leads to multiple articles on additional hacks. You can choose what options suit your needs better.

BSNL has recently changed the GPRS settings for accessing internet from mobile devices over 2G/3G. The easiest way to get the updated settings is by sending a SMS to 58355 with the make and model number of your device (ex: send SMS “NOKIA 6600″ or “SONYERICSSON W810″). Unfortunately, BSNL does not recognize some of the new mobile phones available in market. If you own a device that has arrived in the market recently or if you are using a mobile phone purchased overseas and not yet available in the Indian market (like Nexus One), then you will have to change the GRPS settings manually. The menu options to change settings will vary by device, but the setting parameters will be the same.

To change GPRS access settings on Nexus One (or similar Android powered phones):

• Navigate to Settings->Wireless & Network Settings->Mobile Networks->Access Point Names
• You will reach a screen which lists the APNs setup in your device. Delete the existing APNs.
• Create a new APN and set the name to bsnlnet and APN to bsnlnet. (In the earlier configuration, the APN would have been set to gprssouth.cellone.in or something similar)
• Make sure that there is no user name/password/proxy/port parameters filled in. Change Authetication type to None (it defaults to PAP)
• Save the new APN and you should now be able to access internet over 2G/3G

I got these settings from BSNL support technical staff. I have tested them in Andhra Pradesh. If you are in a different part of India or these settings dont help, try getting the settings via SMS (if you have an alternate phone that is supported by BSNL) or try reaching out to BSNL customer care.

While I was using a Sony Ericsson W810i mobile phone, I used it primarily for making phone calls and listening to MP3 songs. After purchasing a Samsung B7320 and subsequently the Google Nexus One, I realized that a mobile phone can be a handy device for playing videos. Movie viewing through mobiles phones is not comparable to viewing movies on television, but it can be a pretty good while traveling by bus/train.

I tried a few open source software to convert VCDs and DVDs to MP4 format, but had issues with audio and video synchronization. Finally, using a combination of MPlayer and Avidemux, I figured out a procedure to convert movies to MP4 format.

1. Download MPlayer either in installable format or in portable format. MPlayer is a pretty good player for playing a variety of video formats. Apart from playing videos, MPlayer can also be used as a command line tool to convert streaming videos to mpeg format.
2. Download Avidemux portable or installer. Avidemux provides a variety of tools for video editing and conversion across multiple formats.
3. To convert a VCD to mpeg format, use the following command from command line: mplayer vcd://1 -cdrom-device e: -dumpstream -dumpfile rip.vob
4. If you are trying to rip a DVD, the command will be slightly different: mplayer dvd://1 -dvd-device e: -dumpstream -dumpfile rip.vob
5. vcd://1 or dvd://1 in the above command indicates the track to be picked from the VCD/DVD. Avoiding the -dumpstream -dumpfile arguments will play the video instead of converting to mpeg format and you can determine the track to convert. Most of the Indian VCDs have advertisements in the initial tracks and you may want to start at track 3 or 4.
6. The above command creates a mpeg file with name rip.vob. This file size would be approximately 600 Mb in case of VCD and 7 Gb in case of DVD.
7. Now, convert the video to MP4 format using Avidemux. Open the .vob file from Avidemux.
8. Most smartphones support MP4 format these days. So, convert the video to MP4 format. Choose the Video and Audio output formats.
9. If you want to convert specific parts of the video choose the starting and ending sections by selecting the starting and ending markers (represented as “A”, “B” buttons in the bottom section of Avidemux.
10. The final step is to choose the video resolution and other video formatting options. This primarily depends on the target device on which you would play this video. For example, Samsung B7320 screen supports 320 * 240 resolution where as the Nexus one support 800 * 480 resolution.
11. To change the target video resolution, click the “Filters” button in the video section. Avidemux offers a variety of video filters including filters to re-size the video, crop existing black borders or add new black borders.
12. Depending on the resolution needed, choose the resize parameters. If you have a video at 320 * 260 resolution with top and bottom black borders, you may want to choose the crop tool to remove the black borders to bring change the video to 320 * 240 resolution instead of re-sizing it. Be cautious with the aspect ratio while re-sizing as this would distort the video. You may preview the changes by clicking the preview button.
13. Once the appropriate filters are applied and you are happy with the preview, click the Save button to save the video in Mp4 format.
14. Copy the video to your mobile phone through USB/bluetooth transfer and enjoy the video.

You can try and experiment with alternate video encoding options that Avidemux offers and choose the best one that conserves spaces and offers the best possible resolution for your smartphone. There may be other open source/proprietary software that may provide easier options to create videos instead of going through the above steps or your mobile phone manufacturer may provide software that makes it easier to convert VCDs/DVDs to MP4 format.

If you watch a lot of YouTube videos, there are multiple Firefix and Chrome addons to download YouTube videos in MP4 format. However, some of YouTube videos use MP4 H.263 and H.264 encoding and this encoding is not supported by all mobile phones. In such cases, remove the H.263/H.264 encoding using Avidemux (follow stpes from #7 onwards in the above section).