[Looking for Charlie's main web site?]

Why you should think twice about leaving on the "public JRE" option of the Java JDK installer

This is a follow-up to a post I did in late 2014, CF911: 'Help! I've updated the JVM which ColdFusion uses, and now it won't start!'. In that post, I listed about a dozen common problems that befall people who try to update the JVM that CF is using (and it and this post apply as well to Lucee or BlueDragon, or indeed any Java application server).

In this post, I want to elaborate on one more common mistake. Well, mistake may be too strong word. It's about a default option when you run a Java JDK installer (see the other post for more on JDK vs JRE options).

In short, I make the case here for why you should NOT let the JDK installer implement its "public jre" option.

[....Continue Reading....]

CF911: 'Help! I've updated the JVM which ColdFusion uses, and now it won't start!'

Has this happened to you? You follow some resource on the web showing how to update the JVM which CF uses, to a new version, and then wham, CF won't start. And now you may be stuck wondering, "what happened? how am I supposed to fix this?"

It's a tragic position to be in. (I was tempted to title this, "Help. My JVM has fallen and CF can't get up", but I fear that dated and veiled 80's reference would go over the heads of many of my readers.)

The thing is, there are several reasons why your attempt to update CF's JVM can fail (all this applies to Lucee, Railo, and BlueDragon as well). And fortunately I can offer several things you can look at to hopefully quickly recover from or undo things. If you're interested, read on.

[....Continue Reading....]

Java now has a built-in expiration date. What that's about (not obvious at first)

If you may have looked at the release notes for the latest (as of this writing) JVM update (Java 1.7 update 21), you may have noticed that it refers to an "expiration date" for this version of the JVM. What's that about, you may wonder?

[....Continue Reading....]

What's the situation with ColdFusion and Java 7, Java 6 updates, Windows 8, and OS X Mountain Lion?

I see the above questions all the time on lists, forums, twitter, etc., and while I point out the following when I see them, I wanted to share them here as well, in case others have missed them or might find them by searching.

[....Continue Reading....]

CF911: Have you updated your ColdFusion JVM to _24 yet? Important security fix for CF 8/9

This isn't new info, but you may have missed it. If you're running CF 8 or 9, did you know you can and should update the JVM that came with it? And that you have Adobe's blessing to do this update? This is because of a serious bug in the JVM that is not fixed until 1.6.0_24.

Both CF 9.0 and 9.01 run on older JVMs (and therefore need this update). And are you on CF8? You're not left out: Adobe even has confirmed this update can be applied to CF 8 and 8.01, too!

Update 1: Since I wrote this blog entry in Oct 2011, Adobe has since come out with a new technote in Oct 2012 saying that you are now permitted to update to any version of Java 1.6 (for CF 8/9/10).
Update 2: Since posting this note, I've realized I should document an important fact to be aware of if you DO update the JVM: after doing so, it may seem that changes you made to allow CFHTTP calls to SSL pages (or other tags in CFML that talk via SSL or TLS) may "seem to have been lost". The issue is likely that you had modified your current CF setup to import specific certificates for such sites, but those changes are "lost" when you change the JVM that CF is now using (which has its own keystore). But these cert changes can be recovered. For more on that, see the next to last section below.
Update 3: In Feb 2013, Adobe did come out with an update that authorizes moving to Java 1.7 in either 9 or 10. You must apply the update first, though. More in this Adobe blog entry.

Old news, but not everyone knows

[....Continue Reading....]

Some code to throttle rapid requests to your CF server from one IP address

Some time ago I implemented some code on my own site to throttle when any single IP address (bot, spider, hacker, user) made too many requests at once. I've mentioned it occasionally and people have often asked me to share it, which I've happily done by email. Today with another request I decided to post it and of course seek any feedback.

It's a first cut. While there are couple of concerns that will come to mind for some readers, and I try to address those at the end, it does work for me and has helped improve my server's stability and reliability, and it's been used by many others.

Background: do you need to care? Perhaps more than you realize

[....Continue Reading....]

Revisiting CF/Java integration

On a mailing list, someone asked about running/integrating Servlets, JSPs, Struts, and EJBs in CF. This is one of those topics that was discussed a lot when CFMX came out, but those who didn't switch at the time may have missed out.

I thought I'd share here my answer to his question (pointing out several resources for him to learn more), in the hope that it may help others also who may only now be considering such integration.

Since he was already familiar with running JSPs on CF, but some readers here may not be, I'll start with just a quick point about that, then I'll offer what I replied to him.

CF and Java Integration

It may be important to clarify that technically, it was CF 4.51 that first afforded the option to integrate with Java (including EJBs). Though CF then wasn't built upon Java, you could point to a JVM in the CF Admin and various CF tags and functions afforded some Java integration.

CFMX 6, however, was not only only built upon Java but the Enterprise (and Developer) edition specifically added the ability to run JSPs and servlets directly within CF. More than that, there's some significant integration possible.

In the case of JSPs, you could just drop them into the same code directory with your CFML templates. Servlets take a little more work, as explained in my reply to the gent's email, below. He had been reading a JSP/servlet book and wanted to know how to run the latter, especially, on CF, as well as how to integrate with the Struts framework:

I hope I can help and I think you'll find I have good news.

You mention looking at a book on JSPs and servlets, and you ask how to implement them (and JSPs) in CF. Of course, that book won't help with that--but neither really will the CFML Reference (or a site like CFQuickdocs), if you may have looked that. You need to look at the ColdFusion Developers Guide in the CF docs (http://livedocs.adobe.com/coldfusion/8/htmldocs/Part_4_CF_DevGuide_1.html), or any CF books out there. The CF manual has a chapter specifically on this topic: Integrating J2EE and Java Elements in CFML Applications.

For instance, that chapter clarifies that to run a servlet called HelloWorldServlet, you put the servlet .java or .class file in the [CFserver]/WEB-INF/classes directory and refer to the servlet with the URL /servlet/HelloWorldServlet. It also discusses sharing data between CFML and such JSPs/servlets. You can even use JSP custom tag libraries directly within CFML, and lots more. And yes, the docs show (briefly) how to enable EJBs and call them from CFML.

That said, the coverage in the docs may leave one wanting more, so you may want to consider other resources that discuss it more. There was at least one book focused on that, Reality Macromedia ColdFusion MX: J2EE Integration. There were also lots of talks and articles back in the 2002 timeframe, when this stuff really took off with CFMX (though Java integration was added back in CF 4.51, which added a means in the CF Admin to point to a JVM that CF would work with.)

For instance, I did lots of presentations on CF/Java integration (as did others, of course). If you visit http://carehart.org/presentations/, and search for java, jsp, or servlet filters.

Doing Struts is not discussed in the CF docs, but there was at least one DevCenter article that discussed it specifically: Streamlining Application Development Using Struts in ColdFusion MX.

It's interesting to see these recent questions about things that came out with CF 6--many shops either didn't move from 4/5 right away, or did but didn't take advantage of the new features. Folks in that position will then not have necessarily followed all the resources (books, technotes, blog entries, user group talks) that came out back then.

This is one of the reasons I keep saying that any topic on the CF Meetup is welcomed. Not everyone needs only to learn new stuff, many need to learn what may seem "old" stuff. It's also the reason why I keep pointing to articles and talks I did in the way past. :-)

Though he didn't ask about it, of course also since CF 6 you 've been able to deploy CFML as a J2EE (or Java EE) web application/WAR or enterprise application EAR. That feature has improved from 6, to 6.1, to 7 (and of course is still possible in 8).

Certainly, if you're a shop that has any Java folks--and especially if there's some strong desire to lean that way, and CF is still seen mistakenly as a proprietary island--it's important to be able to convey to them that your CFML app can be deployed as a pure J2EE web app (WAR/EAR), which is a form they'd expect.

I think all this would be a topic worth my packing together for an upcoming CF meetup session. Until then, again, anyone interested in the topics can see the resources mentioned above that I and others have written.

BlogCFC was created by Raymond Camden. This blog is running version 5.005. (Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting