Monday, 31 August 2009

NetBeans Maven Wep Application Internationalization

As you know NetBeans 6.7 supports Maven projects. And you must also know what Maven is. Both are great products. Especially together. With IceFaces.
If you know both Maven and NetBeans you have most probably already tried to create a web application - a facelets based one - in NetBeans using Maven webapp archetype. This is what I tried together with IceFaces. ( By the way here is my icefaces-webapp-archetype if you have no other. )
But that is enough of free advertisement of REALLY GREAT PRODUCTS. ;)

My point is now internationalization of a Facelets based web application under a Maven based NetBeans project. As hopefully you know the standard/one way of JSF/Facelets internationalization is using f:loadBundle - or in case of IceFaces the better ice:loadBundle tag. But the location of the properties file is a bit tricky with maven based on my experience. Previously this must be located in the same directory as the java sources. But things are changing over time? Forget the old ones and learn new ones. The new location is "Other Sources->src/main/resources" directory. If you build a war with Maven then you can find the properties file in WEB-INF/classes and this is the right root directory. So do not put properties file under "Source Packages" anymore if you are using Maven and NetBeans together since Maven does not take those from there as I have seen many time.


( Versions: NetBeans 6.7.1 , Maven 2.2.1 )

Saturday, 9 May 2009

Create CVE links on Oracle CPU Page

As you probably know oracle releases CPUs (Critical Patch Updates) in every 3 month now. If you have ever read any of these CPU Advisories you know it does not make too much sense to read these. But they exist. Since CPUJul2008 Oracle replaced its internal numbering (like DBnn) with CVE (Common Vulnerabilities and Exposures) numbering. Does it make any sense? In my opinion it would but it does not in this way. These CVEs does NOT contain any really useful information. The CVE database is an open database anybody can access. If they are using CVE numbers why Oracle not creating links from the Advisory page to the CVE pages? Would not it be more comfortable just to click on a link if you are interested in details instead of searching for CVE numbers manually? I think the missing link is the confession of how useless this numbering is in case of Oracle. If you read a CPU Advisory released after Jul 2008 you will find CVE numbers before every identified security bug but if you want to check the CVE you have to find it by hand and you will find no more info even on that page. So it does not make much sense because the CVE has NO useful info in it but here is a VERY SIMPLE GreaseMonkey script which inserts two links after the CVE you can click on and immediately check the "details" of the CVE.
But I repeat the CVE links are not in the CPU Advisory because the CVE does NOT contain any relevant info about the security problem.
I hope it will change in the near future and CVE or CPU will give us some useful detail.

// ==UserScript==
// @name Oracle CPU Risk Matrix CVE- Link Creator
// @namespace http://tamastarjanyi.blogspot.com/
// @description Replaces simple CVE text on Oracle CPU pages (Like http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html ) to links
// @include http://*.oracle.com/*
// ==/UserScript==


if (!GM_xmlhttpRequest) {
alert('Please upgrade to the latest version of Greasemonkey.');
}
var tds=document.getElementsByTagName("td");
var cve=false;
for (i in tds){
if (tds[i].innerHTML.match("CVE-[0-9][0-9][0-9][0-9]-") ){
cve=true;
var cvetext=tds[i].innerHTML;
tds[i].innerHTML=cvetext+" (<a target=_blank href=http://cve.mitre.org/cgi-bin/cvename.cgi?name="+cvetext+">mitre</a> | <a target=_blank href=http://nvd.nist.gov/nvd.cfm?cvename="+cvetext+">nvd</a> )";
}
}