Today I was resizing and cropping some images with ColdFusion when I ran into the following issue. After resizing the image using ImageScaleToFit(), ImageCrop() would throw an error stating that "The rectangular crop area must not be outside the image." I was able to confirm that the crop area was not outside of the image, so I was a little perplexed. Then I found the following listed as a known JAI bug:
Last week I gave a 30 minute introduction to OpenID at our monthly developer tech talk lunch. Soon after the talk my co-worker Tim Allen sent me this article on a recently discovered security vulnerability in most open source OpenID implementations.
I was particularly interested because I maintain OpenID4CF, which is based on the OpenID4Java library. So I did a little more research into the issue and asked about it on the OpenID4Java mailing list. As it turns out OpenID4Java is potentially vulnerable to this attack, but a user on the list was able to give some advice on how to patch the library based on a fix committed to JOpenID.
Now I don't really know how exploitable this vulnerability is, but given how simple the fix was I went ahead and patched the fork of OpenID4Java I package for OpenID4CF and posted it to RIAForge. Hopefully OpenID4Java will be patched shortly, but in the meantime you can use the version I include with OpenID4CF if you want to protect against this potential vulnerability.
Recently I wanted to investigate building an OpenID identity provider in ColdFusion. While there are a few OpenID consumer libraries out there, I didn't really find any ColdFusion implementations for an OpenID server. Plus, given that OpenID is an authentication protocol there are heightened security considerations, so I wanted something that was well tested and widely used. This lead me to the OpenID4Java project. Looking at the documentation and source for the project there appeared to be pretty straight forward implementations for both an OpenID provider and consumer via the ServerManager and ConsumerManager classes so I began to port the sample JSP applications over to ColdFusion. That is were my problems began.
I've been using Ben Nadel's POIUtilty for a while now. I really like the custom tag library he has built for building Excel spreadsheets, particularly the way he has abstracted the POI cell formatting options out to CSS. Last week however, I ran into a strange issue while running the latest release on CFMX 7. Cell styles were not being properly applied and it seemed to be related to the CSS style caching functionality. What was even more strange was that the code ran fine on CF 8. Below are samples of the correctly styled spreadsheet genrated by CF 8 and the incorrectly formatted spreadsheet generated by CF 7.
A while ago I posted about a couple of Java libraries for working with Powerpoint presentations. Looks like Google has acquired one of the companies I mentioned, Tonic Systems, and will be adding presentations to their Docs & Spreadsheets offerings. I think Google has done a great job with their Docs & Spreadsheets. Given the power of the Tonic software I have no doubt Google will come up with another awesome application.
I've posted about DST issues in the past, but we recently had an issue at work so I thought I'd share my findings again. According to the Adobe Technote "Working with daylight savings [sic] time in ColdFusion MX":
The current time is calculated correctly in Macromedia ColdFusion MX and higher, regardless of whether the Automatically Adjust Clock for Daylight Saving Changes option is enabled or disabled in the computer's Control panel Date/Time Properties. In previous versions of ColdFusion, the current time would be offset by one hour when this option was disabled.
Here at work we have a process which indexes content into a special database for concept searching. This process was originally built as a ColdFusion Java CFX using the vendor's Java API. However due to the large amount of data we now need to index the job was taking forever and bringing down our ColdFusion server in the process. So I was asked to take a look and see what could be done. I quickly determined that there was absolutely no reason we needed to run this job in ColdFuision (on our production servers nonetheless) so I decided to build a little desktop utility to handle it. And since I have been messing around with Eclipse plugins I decided to build it in Java using SWT. (SWT is a Java toolkit from Eclipse that lets you access the OS's native UI. It is also what makes Eclipse look and run so much better than most other desktop Java applications written using Swing.)
The other day I posted about the WSDL2Java utility. Well, here is the code for a Windows batch file which will set up the proper classpath to run the Axis WSDL2Java utility.
@echo off
SET TMPCLASSPATH=%CLASSPATH%
SET CFROOT=C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\
SET CLASSPATH=.
SET CLASSPATH=%CLASSPATH%;%CFROOT%axis.jar
SET CLASSPATH=%CLASSPATH%;%CFROOT%jaxrpc.jar
SET CLASSPATH=%CLASSPATH%;%CFROOT%saaj.jar
SET CLASSPATH=%CLASSPATH%;%CFROOT%commons-logging-1.0.2.jar
SET CLASSPATH=%CLASSPATH%;%CFROOT%commons-discovery-0.2.jar
SET CLASSPATH=%CLASSPATH%;%CFROOT%wsdl4j- 1.5.1.jar
SET CLASSPATH=%CLASSPATH%;%CFROOT%xercesImpl.jar
SET CLASSPATH=%CLASSPATH%;%CFROOT%log4j.jar
cls
java org.apache.axis.wsdl.WSDL2Java -v -o %1 %2
SET CLASSPATH=%TMPCLASSPATH%
To use just pass in an output directory and the WSDL URL.
WSDL2Java C:\output http://www.somesite.com/service.asmx?wsdl
It is based on one I saw here. You may need to change the CFROOT variable depending on your ColdFusion installation.
Adobe has a couple of TechNotes on this subject with specific instructions for various CFMX versions and installations:
Last week I posted about some Java alternatives to CFDIRECTORY and ConvertDate. I posted a snippet of code which attempted to show how to get the DateLastModified information for files using Java API calls. One of my readers pointed out that the code I posted may not return the correct time given that I was applying the current DST offset to the lastModified value and not the DST offset in effect when the file was written.
I quickly updated my post to attempt to use the DST offset in effect when the file was modified. However after testing I found that this snippet was not returning the correct lastModified time.
On Tuesday I was having a discussion with a coworker and somehow it came up that he was having issues using cfdirectory on a rather large directory of log files. I pointed him to Mark Kruger's Java Based Directory List blog post which I had just read last week. He took a look and sent back the following snippet:
