Using Disqus without any plugins

At TurnGeek we recently had the task to include Disqus (which is great by the way) into our site, so readers of our books can leave comments for each chapter.

For a couple of reasons we couldn’t use their WordPress plugin although the site is running on WordPress. If you’re running in the same issue or you just don’t want the dependency of another plugin, you can paste the following snippet in your WordPress posts (by the way, this also works with non WordPress sites):

Using the data-name attribute you have to set the shortname you’re using on Disqus. This means you have to replace my_disqus_shortname with this shortname, in our case it is turngeekpress, so our snippet looks like this:

Have fun using this and let me know your thoughts.

Cloud Tutorial – Java EE

If you know standard Java and want to quickly learn something more about the core components of the Java Enterprise Edition (Servlets, JSP, JSF, CDI and EJB), you should have a look at this new tutorial I have written with Martin called Cloud Tutorial – Java EE.
We call it a cloud tutorial, because you learn everything step by step using an Online IDE. That way you don’t have to struggle with any software configuration and you can directly start learning.
You can work yourself in one day through the tutorial – if you now a quicker way to learn that much about Java EE, let us know. Happy coding!

Securing Your Play 2.1.1 Web Application Using a Filter

After deploying my Play 2.1.1 based application to Cloudbees, I had the problem that everyone could access it. Not very ideal if you want to restrict your program to only a single audience.

To solve the problem you would usually write a complicated user-based authentication system. Slightly an overkill, if you don’t need different users accessing your program at all. My idea was more that the user has to add an URL parameter with a secret key, the first time the application is called. For later requests the key would just be stored in the session object.

That way you basically access the program via the following URL:
http://myapp.cloudbees.net/?access_key=secret
instead of just using:
http://myapp.cloudbees.net

The solution is quite simple. You just have to add a Filter that is checking every request. If the desired URL parameter is passed the request will be processed as usual. If not, we just log the potential threat and return a 404 (IMHO way better than returning a 401 and motivate the intruder that way to hack your site).
Let’s have a look at the following object called AuthFilter:

Don’t blame me if the code above is not ideal – it’s not only my first program using Play but also using Scala.

To activate the filter, you have to enhance the Global object (store it in the default package):

You may wonder about the method validSession in the AuthFilter. It’s purpose is to add a valid token in your unit tests. Here’s an example with a FakeRequest to /:

Have fun hiding your applications! Don’t forget that the secret key is transferred unencrypted. So if you need some extra security, add SSL. Unfortunately this cost something on Cloudbees….

Storing large images RESTful in the cloud using Google App Engine

In my last article I showed how to store files in the cloud using Google app engine.
Problem there was that the maximum size of the files was 1MB. Not that much for images.

To improve the situation, we just shrink the images with this very simple algorithm by factor 0.9 until the size is less than 1MB:

This FileTransformer class is then just called in the storeFile method of the FileServerResource in the case the file size is large than 1MB:

Remark: So far this only works with JPEG media types, otherwise an exception is raised. Feel free to add different compression cases for other media types (e.g. using GZIP on texts). As I said, it is a good idea to store
the media type 😉