Javascript Engine in Java

Yes you can create your own javascript engine in Java. This is a cool feature I never knew existed. I don’t know how long it’s been around, I’m guessing Java 6.

Basically, you can do something like this:

import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
import javax.script.ScriptException;

public class JavaJS {

  public static void main(String[] args) throws ScriptException {
    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngine engine = manager.getEngineByName("JavaScript");
    String script = 
        "function sayHello(name) {"
      + "  print('Hello ' + name);"
      + "}"
      + "sayHello('tom');";


And it will print Hello tom.

You can even mix and match Java and Javascript, here’s how to have Java calling the Javascript function above:

Invocable invocable = (Invocable) engine;
invocable.invokeFunction("sayHello", "Jim");

Cool eh? Read more about this on the Oracle’s Java Scripting Programmer Guide or google JSR-223.

Unit Testing Using In-Memory MySQL Database On Spring

Well the title lied, there’s no such thing as in-memory MySQL database (or at least I won’t be using it for this article). Instead I will use H2 in-memory database setup to run in “MySQL mode”

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" >
  <property name="driverClassName" value="org.h2.Driver"/>
  <property name="url" value="jdbc:h2:mem:testdb;MODE=MySQL;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE" />

(thanks to joensson for sharing this technique on SO)

If your app just uses plain jdbc then adding above datasource to your test context would be sufficient, but if you use JPA/Hibernate the cost of table setup, scanning etc could be quite significant.

To overcome this you can split the test context using @ContextHierarchy annotation.

In the example below I have unit tests for two DAOs: AccountDAOTest and CustomerDAOTest:

public class AccountDAOTest {
public class CustomerDAOTest {

By doing this Spring test-root-context.xml will be setup once and reused accross all unit tests. Only put components common to all tests in test-root-context.xml. In my case I put the following:

  • DataSource
  • EntityManagerFactory
  • TransactionManager
<!-- JDBC Data Source -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
  <property name="driverClassName" value="org.h2.Driver"/>
  <property name="url" value="jdbc:h2:mem:testdb;MODE=MySQL;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE" />

<!-- EntityManagerFactory -->
<bean class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" id="entityManagerFactory">
  <property name="persistenceUnitName" value="persistenceUnit" />
  <property name="dataSource" ref="dataSource" />

<!-- Transaction Manager -->
<bean class="org.springframework.orm.jpa.JpaTransactionManager" id="transactionManager">
  <property name="entityManagerFactory" ref="entityManagerFactory" />

All test specific components go into their respective context.

Don’t forget to add <tx:annotation-driven/> if your DAO uses it. This can’t be placed on test-root-context.xml because I don’t scan all my DAOs there.

And lastly — ofcourse — you need to make sure your pom.xml has dependency to spring-test, junit and h2




Using Custom Role Populator On Spring Security LDAP

Here’s how you can use Spring Security LDAP just for password authentication, but use your own database for assigning role / authorities.

First on your context xml define an LDAP server context bean as per normal:

<ldap-server id="ldapContext" url="ldap://myldapserver:389" 
    manager-dn="CN=Joe Admin,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=hello,DC=com" 

Then define LDAPAuthenticationProvider bean:

<beans:bean id="ldapAuthProvider" class="">
  <beans:constructor-arg name="authenticator">
    <beans:bean class="">
      <beans:constructor-arg ref="ldapContext" />
      <beans:property name="userSearch">
        <beans:bean class="">
          <beans:constructor-arg name="searchBase" value="ou=Users,ou=MyBusiness,dc=hello,dc=com"/>
          <beans:constructor-arg name="searchFilter" value="(sAMAccountName={0})"/>
          <beans:constructor-arg name="contextSource" ref="ldapContext"/>
  <beans:constructor-arg name="authoritiesPopulator" ref="myLDAPAuthPopulator"/>

If you noticed at the bottom we set authoritiesPopulator into myLDAPAuthPopulator bean which we’ll define next. This is where you can lookup your database using jdbc or other method to populate the roles given an authenticated username:

public class MyLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {

  public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    User user = userDAO.findByUsername(username);
    for(String role : user.getRoles()) {
      authorities.add(new SimpleGrantedAuthority(role));
    return authorities;


And finally register this authentication provider in the authentication manager:

  <authentication-provider ref="ldapAuthProvider"/>

Showing Geographical Location On Google Map (Geocoding)

Translating a geographical location such as “London, UK” into a lat/long coordinate (lat: 51.5085150, long: -0.1254870) is called geocoding. This coordinate can then be used to display the location on google map.

Try putting a location in the box below and hit go:

Register for Google Map API Key

In order to implement the above widget first obtain an API key from Google:

  1. Go to
  2. Select Services on the left menu, ensure Geocoding API, Google Maps Embed API and Google Maps JavaScript API v3 are turned on


  3. Go to API Access, select Create new Browser key

  4. The list of accepted HTTP referers will be asked, if you’re testing on local machine this would probably be localhost/*, otherwise you need to put your website domain name here. Hit Create once you’re done

  5. Take a note of your API key, this will be used in the later part of this tutorial


The HTML Code

This widget only contains 3 elements:

  • A text input box to provide the geographical location
  • A button to submit the address and show it on the map
  • A div container for the map
Enter location (eg: London, UK): <input type="text" id="loc"/>
<button id="go">Go</button>

<div id="map" style="height:300px; width: 300px;"></div>


2 javascript libraries are used: jQuery and Google Map JS. The key parameter on the Google Map JS URL should be the key created above.

<script src=""></script>
<script type="text/javascript"

Firstly let’s initialize the div container so it doesn’t come up with blank map, here I set it into coordinate of San Francisco, CA:

$(document).ready(function() {
	var map = new google.maps.Map($('#map')[0], {
		center: new google.maps.LatLng(37.7749295, -122.4194155),
		zoom: 8

And create a click handler for the ‘Go’ button which sends ajax post into Google Map JS API. The API will return a JSON response with the location if successful.

$(document).ready(function() {
	$('#go').click(function(e) {
		var loc = $('#loc').val();
			url: '//'+loc
		}).done(function(data) {
			if(data.status != "OK") {
				alert("Unable to find location");
			var loc_result = data.results[0].geometry.location;
			map.setCenter(new google.maps.LatLng(, loc_result.lng));

See the widget in action in full screen.

Showing Spring Security Principal and Conditional Logic on JSP

If your app is setup with Spring Security, you can show currently logged in user in JSP by using:


You can also check if the user has enough right to access a resource. This example ensures user has enough rights to access /admin or else the link won’t be rendered:

<sec:authorize url="/admin">
  <li><a href="/admin">Admin Home</a></li>

Make sure you have spring-security-taglibs on your classpath:


And the tag prefix declared on top of the JSP page:

<%@ taglib prefix="sec" uri="" %>

AWS EC2 Nginx Reverse Proxy And localhost Slowness

This is something really odd I yet to fully understand, but for time being I’ve decided using localhost on AWS ec2 is bad. (at least on Windows Server 2008 R2)

I think it might have something to do with internal DNS or address routing, but my nginx-reverse-proxied tomcat is 4-5x slower when I bind it into localhost as opposed of the local IP. We’re talking 1 minute to load a 300kb css file!

Open a command prompt and run ipconfig /all and your local ip should be under IPv4 Address under Ethernet adapter Local Area Connection 2:


On tomcat, edit your server.xml, find your <Connector> element and add address attribute:

<Connector port="8080" protocol="HTTP/1.1"
    redirectPort="8443" address=""/>

And finally update nginx.conf to point the reverse proxy backend to above IP.

After doing this now my reverse proxy is much faster, only few seconds to load 300kb css file.

How To Upload Your Project to Github

Using free Github account will cause your project to be visible publicly

Often you’re solving a very tricky programming problem and it’s hard to describe it on forum. One very useful thing to do is to isolate the problem by creating a small project and share it. This can be done easily using git and github.

  1. Install git if your PC/Mac doesn’t come with one. Use git --version on a terminal shell / command prompt to check.
  2. Sign up for a github account if you haven’t got one
  3. To avoid having to type in password each time you upload / sync code to github, let’s setup public/private key authentication. This only need to be setup once per PC. First check if you already have a ssh keypair. On windows: open explorer > right click > git bash (or just open a terminal shell on OSX / Linux) > check if you have the file ~/.ssh/id_rsa and ~/.ssh/ If you don’t, generate a new one using ssh-keygen (accept all the default setting)
  4. On github go to account settings > SSH Keys > Add SSH Keys. Paste the content of ~/.ssh/
  5. Create new github repository. Give it your project name (eg: foobar).
  6. Back in your computer, point your git shell to the root of your project and run these commands:
    $ git --init
    # You may want to create a .gitignore file before proceeding to
    # next command, see below
    $ git add -A
    $ git commit -m 'initial commit'
    # Change mygitusername and foobar
    $ git remote add origin
    $ git push -u origin master

    It’s a good practice to add a .gitignore to avoid tracking binaries and project metadata. Do this before git add -A. This is my typical .gitignore file for a maven java project:

    # All files paths matching these prefix will not be tracked by git
  7. Congratz, you project is now up in github. It’s also a good practice to add a file to include instruction on how to run your project. Run following commands for subsequent changes you want to push to github:
    $ git add -A
    $ git commit -m 'fixed bugs abcd'
    $ git push

Spring Security Auto Login After Successful Registration

Asking your user to login immediately after he/she registers might be tedious. Here’s how you can log them in immediately using Spring Security (thanks to this SO thread).

Typically you will have some sort of registration form with a backing controller like this:

public class RegisterController {
  @RequestMapping(method = POST)
  public String register(@ModelAttribute User user) {
    // perform registration logic..
    // redirect back to login page
    return "redirect:/login";

But a server-side login can be done by autowiring UserDetailService and AuthenticationManager:

public class RegisterController {
  @Autowired @Qualifier("authMgr") private AuthenticationManager authMgr;
  @Autowired private UserDetailsService userDetailsSvc;

  @RequestMapping(method = POST)
  public String register(@ModelAttribute User user) {
    // perform registration logic..

    // perform login authentication
    try {
      UserDetails userDetails = userDetailsSvc.loadUserByUsername(username);
      UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());

      // redirect into secured main page if authentication successful
      if(auth.isAuthenticated()) {
        return "redirect:/";
    } catch (Exception e) {
      logger.debug("Problem authenticating user" + username, e);

    return "redirect:/error";

Note that in above code the AuthenticationManager injection is qualified by @Qualifier("authMgr"). This is to avoid multiple beans ambiguity. In effect in the xml context configuration (if you use one) an id attribute has to be set:

  <authentication-manager id="authMgr">

  <http authentication-manager-ref="authMgr">
  </http authentication-manager-ref>

Also in order for this setup to work, the registration page has to be filtered by spring security

  <!-- This is wrong, security context will not be available if this path is set to "none" -->
  <!-- <http pattern="/register/**" security="none"/> -->

  <http authentication-manager-ref="authMgr">
    <intercept-url pattern="/register/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
  </http authentication-manager-ref>

See Also

Installing Spring Security On Spring MVC Project

IP Whitelisting wp-admin In Nginx

Similar like Apache, Nginx also has allow & deny directives allowing you to block certain ip. Here’s a config I use to whitelist /wp-admin to certain IP only.

location / {
  try_files $uri $uri/ /index.php?$args;

location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
  access_log off; log_not_found off; expires max;

location ~ \.php$ {
  try_files                $uri =404;
  fastcgi_pass             localhost:9000;
  fastcgi_index            index.php;
  fastcgi_param            SCRIPT_FILENAME  $document_root$fastcgi_script_name;
  fastcgi_intercept_errors on;
  include                  fastcgi_params;

location ~ ^/wp-(admin|login) {
  deny  all;
  location ~ \.php$ {
    try_files                $uri =404;
    fastcgi_pass             localhost:9000;
    fastcgi_index            index.php;
    fastcgi_param            SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_intercept_errors on;
    include                  fastcgi_params;

Apart from any path starting with /wp-admin, this will also restrict /wp-login.php to specified IP only.

Hopefully this come handy when you’re configuring wordpress using nginx php-fpm.

Using HandlerInterceptor or ControllerAdvice to Make Spring MVC Model Attribute Available Everywhere

Often you’ll want a particular model attribute to be available everywhere (eg: application version, name, etc). Doing model.addAttribute() everytime is a really bad idea, if you have to refactor it down the track you could end up with hundreds of line modification scattered everywhere.

Using ControllerAdvice

One simple way to achieve this as outlined by Spring documentation is by using Spring 3.1′s @ControllerAdvice annotation.

Create a new class like this:

public class PopulateGlobalAttribute {
  public String getAppVersion() {
    return "1.0";

And the getAppVersion() will be used to help each handler method in all controllers to add additional stuff to Model object.

However this method poses one problem. If the handler method is returning a redirect view, the model attributes will be exposed as a query string on the browser URL.

Using HandlerInterceptor

Fortunately Josh Kalderimis proposes a nice solution on his blog post using HandlerInterceptor.

This is my own version of HandlerInterceptor which is based from Josh’s:

public class PopulateGlobalAttrInterceptor implements HandlerInterceptor {
  private Map<String, String> properties = new HashMap<String, String>();

   * This method ensures the global attributes are added only for non-redirection view / view name
  public void postHandle(HttpServletRequest req, HttpServletResponse res, Object handler,
      ModelAndView mav) throws Exception {
    if(mav == null) return;

    boolean isRedirectView = mav.getView() instanceof RedirectView;
    boolean isViewObject = mav.getView() != null;
    boolean viewNameStartsWithRedirect = (mav.getViewName() == null ? true : 
    if(mav.hasView() && (
      ( isViewObject && !isRedirectView) ||
      (!isViewObject && !viewNameStartsWithRedirect))){

  private void addCommonModelData(ModelAndView mav) {

  public void afterCompletion(HttpServletRequest req, HttpServletResponse res, Object handler,
      Exception ex) throws Exception {

  public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler)
      throws Exception {
    return true;

  /* getters & setters */

In SpringMVC HandlerInterceptors are similar like servlet filters, it will be used to filter (intercept) through every requests. Similar like ControllerAdvice, the postHandle method will be invoked by all handlers to help populate the model.

Once you have this you need to register this interceptors. If you use xml based configuration you can do something like this:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""


  <bean id="populateGlobalAttrInterceptor" class="myapp.PopulateGlobalAttrInterceptor">
    <property name="properties">
        <entry key="appversion" value="1.0"/>

    <ref bean="populateGlobalAttrInterceptor"/>

Now without any additional code, you’re guaranteed ${appversion} is available everywhere on your jsp view.

Gerry's software development journey of trial, errors and re-trials