268 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
The XPages EL Directory
Wed, Jul 8th 2015 10
XPages: Bindings, SSJS, EL and Bindings
Thu, Jul 2nd 2015 15
XPages: An optimized JavaScript Resource Renderer
Sun, Jun 21st 2015 10
xsp.application.context.proxy
Wed, Jun 17th 2015 11
XPages: Running Google’s Chrome V8 Javascript Engine (2)
Fri, Apr 10th 2015 8
XPages: Empty HTML5 Attibutes & PassThroughTags
Tue, Mar 10th 2015 14
REST & Security: Why HTTP GET is insecure (and the other methods too)
Thu, Feb 26th 2015 8
Top 10
Security: Usefull HTTP Response Headers
Wed, Jan 14th 2015 18
Hardening SSH vs. Eclipse RSE
Tue, Jan 13th 2015 15
XPages: Bindings, SSJS, EL and Bindings
Thu, Jul 2nd 2015 15
REST & Security: CSRF Attacks
Tue, Dec 30th 2014 14
IBM Bluemix: Creating Buildpacks
Thu, Feb 5th 2015 14
XPages: Empty HTML5 Attibutes & PassThroughTags
Tue, Mar 10th 2015 14
HowTo: Vaadin on Domino (3)
Sun, Jan 25th 2015 12
HowTo: Vaadin on Domino (2)
Sat, Jan 24th 2015 11
xsp.application.context.proxy
Wed, Jun 17th 2015 11
XPages: WebContent Files (3) – Create a Minimizer Servlet
Thu, Nov 27th 2014 10


Sven Hasselbach
Blog Title blog@hasselba.ch
Blog URL http://blog.hasselba.ch
RSS Feed http://hasselba.ch/blog/?feed=rss2
Validate Feed feedvalidator.org or validator.w3.org
Feed Last Checked Jul 08, 2015 7:40:23 AM EST. Realtime Update:
Location Wiesbaden, Hessen, Germany


Recent Blog Posts
10
The XPages EL Directory
Wed, Jul 8th 2015 7:39a   Sven Hasselbach
I am currently working on an overview of availaible objects and properties for XPages Expression Language. A first incomplete and horrible designed version can be found here.
15
XPages: Bindings, SSJS, EL and Bindings
Thu, Jul 2nd 2015 3:01a   Sven Hasselbach
Because of reasons you should already know I avoid the use of SSJS in my XPages applications, but there are still some parts which can be easy realized in SSJS, but with EL only with a lot of effort. One of this things is accessing properties of a component which has only a getter or a setter – this will not work when using a binding. Let’s look for example at repeat control which is bound to the variable repeat. It can be easily accessed everywhere in SSJS, EL or Java, and it i
10
XPages: An optimized JavaScript Resource Renderer
Sun, Jun 21st 2015 5:27a   Sven Hasselbach
Ferry Kranenburg created a nice hack to solve the AMD loader problem with XPages and Dojo, and because of the missing ability to add a resource to the bottom of an XPage by a property, I have created a new JavaScriptRenderer which allows to control where a CSJS script will be rendered. The renderer has multiple options: NORMAL – handles the CSJS resource as always ASYNC – loads the script in an asynchronous way (with an own script tag) NOAMD – adds the no amd scripts around th
11
xsp.application.context.proxy
Wed, Jun 17th 2015 4:59a   Sven Hasselbach
Just a reminder for myself: To use a CDN for XPage resources, you can add a leading slash to the xsp.application.context.proxy property. xsp.application.context.proxy=/cdn.hasselba.ch
8
XPages: Running Google’s Chrome V8 Javascript Engine (2)
Fri, Apr 10th 2015 12:51p   Sven Hasselbach
A while ago I tried to run Google’s V8 Javascript engine on top of XPages, and today I found the reason why my server crashed after the first click: I have tried to load the engine only once (statically), and that killed Domino completly. Today I moved the code back into the processAction method, and now it works without problems. package ch.hasselba.xpages.jav8; import javax.faces.event.AbortProcessingException; import javax.faces.event.ActionEvent; import javax.script.ScriptEngine;
14
XPages: Empty HTML5 Attibutes & PassThroughTags
Tue, Mar 10th 2015 4:28p   Sven Hasselbach
A while ago I developed some HTML5 XPages applications, but the development process was a little bit frustrating because of the missing possibility to add empty attributes to a PassThroughTag.  A single empty attribute is not allowed, because this would result in invalid XML, and you cannot use “xp:attributes” with “UIPassThroughTag” components. A simple example like this… … always ended up in something like this: To fit my requirements, I had
8
REST & Security: Why HTTP GET is insecure (and the other methods too)
Thu, Feb 26th 2015 5:22a   Sven Hasselbach
Yesterday René commented that submitting username and password with HTTP GET is insecure, because they are submitted in clear text over the wire as part of the URI. At the first moment, I did not give some thought about it, because it is known fact that data added to an URI are less secure. They are added to the browser history, are logged in the requests on servers, and every proxy between the user’s browser and the requested server are seeing (and maybe logging) these URI’s
4
Rest & Security: More about the DominoStatelessTokenServlet
Wed, Feb 25th 2015 6:01a   Sven Hasselbach
During the last days I have refined the DominoStatelessTokenServlet a little bit. It is now a pre-beta release, and I think it is time to explain some details about it. While it is still a proof-of-concept, it demonstrates how a stateless authentication can easily be implemented. A lot of testing is still required until it is ready for production use, but I think it provides really cool things for the domino environment. First, it fixes the problematic 200er HTTP response code when an authentica
7
Rest & Security: A Stateless Token Servlet
Tue, Feb 10th 2015 8:25a   Sven Hasselbach
I have uploaded some of my projects to GitHub, including an alpha version of a stateless token servlet. The servlet has it’s own authentication mechanism (the password is currently not validated), and for developing purposes it uses HTTP GET. In a future release, the token will be transfered as a HTTP header. Additionally, the HTTP method will be changed to POST. Last but not least must the code be optimized. For example there is no recycling implemented at this moment, and there is a dubi
14
IBM Bluemix: Creating Buildpacks
Thu, Feb 5th 2015 10:11a   Sven Hasselbach
When creating your own build pack for IBM Bluemix applications (or other Cloud Foundry based solutions), it is required to set the correct file mode for the executables before initially pushing them to GitHub. Otherwise the compilation will fail, and it seems to be a known bug for GitHub based repositories that the mode cannot be changed later. The command for this is git update-index --chmod=+x You can see the result when you commit the files to your respository: > git commit -m "first com
6
REST & Security: Same-Origin Policy / CORS
Mon, Feb 2nd 2015 9:07a   Sven Hasselbach
The “Same-orginin policy“ is an important concept for protecting web applications. In short, only resources from the same domain are allowed, everything else is permitted. To allow access other domains in your application, you have to enable “CORS“, a tutorial how to enable this on a Domino server was written by Mark Barton a while ago. It works fine for protecting an applications against DOM manipulations and/or injection of malicous script code, but this client side sec
5
Raspberry Pi vs. IBM Bluemix – 1:0
Wed, Jan 28th 2015 1:50p   Sven Hasselbach
I had some time last night (the whole family had gone to bed early), so I spent some to look at the XPages integration into Bluemix. I found the Greenwell Travel Expenses Demo: But after clicking a link, the page returned an error: Hmm…But I wanted to see the application! That’s why I checked, if the datasources are protected. I recommend this for years. Fredrik Norling wrote a little snippet for this. Or better use the “ignoreRequestParam“. Then all your problems are g
8
HowTo: Vaadin on Domino (4)
Mon, Jan 26th 2015 7:50p   Sven Hasselbach
Now, let’s access some Domino resources. I have created a database named “VaadinResources.nsf“, containing a normal image resource, and an image added via package explorer to the “WEB-INF” folder: Vaadin provides stream resources, which allows creating of dynamic resources. These resources handle “InputStream” objects, which we can grab from Domino via Java NAPI. To do this, it is first required to add some plug-ins to the dependencies of the “He
12
HowTo: Vaadin on Domino (3)
Sun, Jan 25th 2015 1:16p   Sven Hasselbach
Let’s create another application, based on Vaadin’s AddressBook example. You can download the source code directly or grab the code from the repository; it is a single class file named “AddressbookUI” only. After importing (or manually creating) the class in the HelloVaadin plug-in, the servlet configuration in “web.xml” must be updated:   Addressbook             Vaadin production mode         productionMode         false
11
HowTo: Vaadin on Domino (2)
Sat, Jan 24th 2015 1:07p   Sven Hasselbach
When running your own servlet, you eventually want to access the Domino environment. To do this, some changes has to be made to the HelloVaadin plug-in. 1. Open the “MANFIFEST.MF” and open the “Dependencies” tab 2. Add the plug-in “com.ibm.osgi.domino.core” to the list of required plug-ins Save the “MANIFEST.MF” 3. Now we can use “com.ibm.domino.osgi.core.context.ContextInfo” to access the Domino environment in HelloVaadinUI package
3
HowTo: Vaadin on Domino
Sat, Jan 24th 2015 6:42a   Sven Hasselbach
This example requires a valid XPages Plugin Development Environment. The execution environment used is the XPages Domino JRE. 1. Create a new plug-in project and select “Equinox” as OSGi framework 2. Set the name of the acivator class to “ch.hasselba.vaadin.Activator” 3. Open the MANIFEST.MF file 4. On Tab “Overview“, activate the option for lazy loading and the singleton property 5. Go to “Dependencies” tab and add the required plugin “c
4
Der Letzte macht das Licht aus!
Tue, Jan 20th 2015 1:28p   Sven Hasselbach
Es ist schon faszinierend, wenn mans sich den Wandel in der Lotus Notes Welt näher vor Augen führt: Wäre man für das Einreichen von Themen ausserhalb der Domino-Welt vor ein paar Jahren noch geteert und gefedert worden, stehen dieses Jahr auf der Agenda vom Entwicklercamp 2015  nicht nur vereinzelte Session, die sich mit Migration befassen, sondern es widmet sich dem Thema praktisch gleich ein ganzer Track. Zwischenzeitlich (2013/2014) haben sich einige führende Technologie-Köpfe der
18
Security: Usefull HTTP Response Headers
Wed, Jan 14th 2015 9:04a   Sven Hasselbach
Here is a list of usefull HTTP headers for responses you should know about: X-Content-Type-Options When set to “nosniff“, this header will prevent browsers from MIME-sniffing a response away from the declared content-type. While this header is more relevant for “normal” web applications (it protects against some types of drive-by-downloads), it does not hurt to add it to your REST service, if See http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-
15
Hardening SSH vs. Eclipse RSE
Tue, Jan 13th 2015 10:06a   Sven Hasselbach
After hardening the SSH configuration on a Debian server by removing unsecure ciphers and MACs I got in trouble with Eclipse Remote System Explorer. When trying to open the server, I always got an “Algorithm negotiation fail” message: Even installing the missing Unlimited Strength version of Java Crypto Extension which allows key sizes larger then 128 bit doesn’t helped me out. The problem was the allowed KexAlgorithms and the list of MACs in the configuration: Ciphers aes256-
10
Yii: GridView’s selectionChanged not working on iOS
Tue, Jan 13th 2015 3:45a   Sven Hasselbach
I had a strange issue with TbGridView‘s (YiiStrap‘s version of CGridView) selectionChanged event: In all browsers, the defined function was executed when a row was selected, but not on devices with iOS 7 & 8. While trying to hack around the issue, I found a simple solution by adding 'htmlOptions' => array( 'onclick' => '' ) to the declaration of the grid. This little hack kills the inherited event handler from the body element by adding an empty onclick event to the g
14
REST & Security: CSRF Attacks
Tue, Dec 30th 2014 6:58a   Sven Hasselbach
In this post I will demonstrate how a do a CSRF attack against a XPages REST service. Let’s assume that we have a custom REST service on a XPage. To keep the example as simple as possible, this service returns the posted data back to the requesting browser only, nothing more and nothing less:                                                            On my web server, I have created a simple HTML page with a form:               
4
REST & Security
Tue, Dec 23rd 2014 7:33a   Sven Hasselbach
I am currently wearing my white hat and doing some pen and vulnerabilty tests for a RESTful API. While this is actually a hot topic in the Domino world, here are some resources CSFR & REST: Stateless CSRF Protection Stateless Session IDs: REST and Stateless Session IDs REST Security Cheat Sheet:
6
Domino-Migration: Der frühe Vogel fängt den Wurm
Tue, Dec 16th 2014 6:47p   Sven Hasselbach
Wenn die Entscheidung erst einmal gefallen ist, dass mittel- oder langfristig die Domino-Infrastruktur aus dem Unternehmen verschwinden wird, lässt die Investitionsbereitschaft der einzelnen Fachabteilungen in Domino-basierte Applikationen verständlicher Weise spürbar nach. Aber auch aufkommende Gerüchte oder durchgeführte Studien (auch wenn diese zu einem gegenteiligen Ergebnis kommen) können den Willen der IT- oder Geschäftsleitung nach einem Systemwechsel zu entsprechender Aussage verh
2
Amazon Instant Prime: Es nervt
Tue, Dec 16th 2014 4:15a   Sven Hasselbach
Jeden Sonntag das gleiche Spiel: Ab 20.00 Uhr bricht das Streaming regelmäßig zusammen. Trotz sehr guter Internetverbindung (hier ein Screenshot vom Smartphone, per WLAN in einer “miesen” Ecke in meinem Haus): Einer der größten Cloud-Anbieter der Welt bekommt es einfach nicht gebacken, hoch zu skalieren. Es gab Zeiten, da hatte ich diese Problem nicht: Anklicken, runter laden, in Ruhe anschauen. In bester Qualität, kurz nach Kinostart. Seit ich für diese Leistung bezahle, fun
3
XPages: Auf’s falsche Pferd gesetzt
Thu, Dec 11th 2014 3:39p   Sven Hasselbach
Gerade eben ist mir klar geworden, dass das letzte XPages-Projekt (eine Mini-Entwicklung) schon ein halbes Jahr zurück liegt. Und wenn ich mir das Gesamtvolumen in 2014 mit knapp 30 Tagen Entwicklungsleistung für diese Technologie anschaue, muss ich mir wohl eingestehen, auf das falsche Pferd gesetzt zu haben. In anderen Regionen Deutschlands scheint die Situation etwas anders zu sein, doch als Freiberufler kann man sich seinen Markt leider nicht aussuchen. Schade eigentlich. Wenn ich allerd
4
Migration der Domino-Infrastruktur
Fri, Dec 5th 2014 5:51a   Sven Hasselbach
In den nächsten Wochen werde ich mich intensiv mit der Migration bestehender Domino Infrastrukturen und den vorhandenen Applikationen befassen. Mich interessieren die unterschiedlichen Wege und die möglichen Fallstricke, die es zu beachten gilt, und da ich im letzten Jahrzehnt den einen oder anderen Einblick hatte, ist es an Zeit, ein Resume zu ziehen und die gesammelten Erfahrungen aufzubereiten. Wer jetzt allerdings erwartet, dass es dabei um die Aufzählung von negativen Erlebnissen geht, m
3
MongoDB for DBAs
Thu, Dec 4th 2014 10:00p   Sven Hasselbach
After receiving my confirmation for MMDS today, I also received the confirmation for successfully completing the “MongoDB for DBAs” course: Here is the link to verify the certificate.
6
Mining Massive Datasets
Thu, Dec 4th 2014 8:32p   Sven Hasselbach
I am very proud that I have successfully accomplished the MMDS course from Stanford University. It was unbelievable interesting to learn the theories and the mathematical basics of  topics like MapReduce, Web-link analysis, Data-streams, Locality-sensitive hashing, Computational advertising, Clustering, Recommender systems, Analysis of large graphs, Decision trees, Dimensionality reduction, Support-vector machines, and Frequent-itemset analysis. It was really hard for me to follow all the
10
XPages: WebContent Files (3) – Create a Minimizer Servlet
Thu, Nov 27th 2014 1:25a   Sven Hasselbach
Because of Stefano Fois comment I decided to write an example about how to create a minimizer servlet for Domino which cmpresses JavaScript resources on the fly. This is, again, a simple Proof-Of-Concept, nothing more and nothing less. First, I downloaded the YUICompressor, a Java based minimizer for JavaScript code from the project page. There are other compressors outside, I decided to use this one because it was the first result in my StartPage.com search. The project is a single jar file
4
XPages: WebContent Files (2) – Manipulate exitsting files using the Java NAPI
Wed, Nov 19th 2014 8:54a   Sven Hasselbach
In this article, I will shortly give an overview how you can edit existing file from the WebContent folder (Don’t miss the first article on this topic). First, let’s create a view to display the design elements of the WebContent folder. To do this, I have an old school LotusScript Agent which updates the selection formula of a view (Some details about this technique can be found here). Sub Initialize     Dim session As New NotesSession     Dim doc As NotesDocument     D
6
XPages: WebContent Files (1) – Create a file using the Java NAPI
Tue, Nov 18th 2014 8:44a   Sven Hasselbach
The great Marky Roden has written an interesting article about using the WebContent folder instead of standard domino design elements. To create or manipulate these files programmatically, you can use the Java NAPI. The first example demonstrates the creation of a file using a Java Agent. Before you can compile the code, you have to import the required jars as described here. import lotus.domino.AgentBase; import com.ibm.designer.domino.napi.NotesConstants; import com.ibm.designer.domino.nap
4
XPages: Running Google’s Chrome V8 Javascript Engine
Sun, Nov 9th 2014 6:38a   Sven Hasselbach
After answering a question on Stackoverflow.com about the Prototype problematic in the XPages SSJS engine, I thought of running another Javascript engine on top of Domino. While you can use the JavaScripting API JSR223, I choosed the jav8 project for a test how this can be realized. So I downloaded the Windows binaries to get the required DLL and imported it into a new database. I also imported the source files of the lu.fler.script package to recompile all required classes. Then, I registered t
3
GDL, Streik & der deutsche Michel (2)
Fri, Nov 7th 2014 12:11p   Sven Hasselbach
Da ja der eine oder andere zürnt, der Streik würde tagtäglich “immensen volkswirtschaftlichen Schäden anrichten”, sollte sich vielleicht doch besser mal den Schaum vom Mund abwischen und die Zahlen mal in die passenden Relationen bringen: Jeder Streiktag kostet geschätzte 50 bis 100 Millionen Euro, je nachdem, wer da so gefragt wird. Die Lokführer müssten also mindestens ein halbes Jahr am Stück streiken, um den gleichen Schaden anzurichten, die uns die letzte Krise der WestL
2
GDL, Streik & der deutsche Michel
Wed, Nov 5th 2014 3:19a   Sven Hasselbach
Wenn ich mir die Kommentare in den unterschiedlichsten Foren rund um das Thema “GDL & Streik” durchlese, frage ich mich ernsthaft, in was für einem Land ich eigentlich lebe: Man ist ja viel gewohnt von den “Berufstrollen“, die sich den ganzen Tag den Lebensfrust von der Seele schreiben. Und man findet natürlich auch die eher zur Erheiterung beitragenden Formulierungen, wie zum Beispiel den, dass man “wegen dem Sch…ß Ossi nicht zu den Feierlichkeiten des
3
Eine neue Zwiebelschicht
Thu, Oct 30th 2014 4:04a   Sven Hasselbach
Es sind manchmal die kleinen Dinge, die einen auf die großen Probleme aufmerksam machen: Eine kleine, zusätzliche Bitte im “Projekt-Anbahnungsgespräch” zum Beispiel. Nichts wildes – nur eine freiwillige Angabe, die aber – wenn sie denn Schulung macht – in meinen Augen für alle IT Freiberufler in Deutschland dramatische Auswirkungen haben wird. Was war geschehen? Am gestrigen Tag habe ich eine Projektanfrage erhalten, die ich – wie immer – gerne bean
6
Krautreporter sind online
Fri, Oct 24th 2014 5:16a   Sven Hasselbach
Das Warten hat ein Ende! Mit dem heutigen Tag ist das Krautreporter-Projekt endlich online gegangen. Ich bin gespannt, was sich aus diesem Versuch alles entwickelt. Es ist erfrischend, das man beim Besuch der Seite nur auf einen einzigen Tracker stößt, und nicht wie bei manchen anderen Online-Magazinen die Ghostery-Warnungen die halbe Seite blockiert.
3
MongoDB for Java Developers
Mon, Oct 6th 2014 12:31p   Sven Hasselbach
Today I have got the confirmation for successfully completing the “MongoDB for Java Developers” course:
6
XPages: Execute Events with HTTP Get
Tue, Sep 30th 2014 10:06a   Sven Hasselbach
To execute an event on the server, you normally have to send a POST request, because actions will be executed in the Invoke Application phase of the JSF lifecycle. A GET request will only process the Restore View and the Render Response phase, that why you can not execute an event with a GET request. But with the help of a PhaseListener, the execution can be done earlier in the Restore View phase: package ch.hasselba.xpages.util; import javax.faces.event.PhaseEvent; import javax.faces.event.
5
Apple: Ganz großes Kino!
Tue, Sep 9th 2014 1:19p   Sven Hasselbach




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition