同源策略与跨源资源共享以及替代解决方案

1. 事实上，所有现代Server端脚本语言都支持远程请求，但在Client的脚本语言，如javascript，这一功能被禁止因为“同源策略”(Same Origin Policy)。

1.1 同源策略参考：http://en.wikipedia.org/wiki/Same_origin_policy

1.2 In computing, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site to access each other’s methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.

在计算机领域，同源策略对于众多浏览器端编程语言，例如javascript，是一非常重要的安全概念。这策略容许运行页面来源于同一网站的脚本没有特别限制的访问彼此的方法、属性，但禁止访问跨越不同网站的页面的大多数方法、属性。

1.3 The term "origin" is defined using the domain name, application layer protocol, and (in most browsers) TCP port of the HTML document running the script. Two resources are considered to be of the same origin if and only if all these values are exactly the same.

术语“源”用域名、应用层协议、TCP端口来定义。两个资源被认为是同源的当且仅当所有这些值相同。

2. 跨源资源共享(Cross-Origin Resource Sharing)， 参考： http://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing 和 http://www.w3.org/TR/cors/

2.1 Cross-Origin Resource Sharing (CORS) is a browser technology specification, which defines ways for a web service to provide interfaces for sand boxed scripts coming from a different domain under same origin policy. CORS is a modern alternative to the JSONP pattern. While JSONP supports only the GET request method, CORS also supports other types of http requests. Using CORS enables a web programmer to use regular XMLHttpRequest which supports better error handling than JSONP. On the other hand, JSONP works on legacy browsers that do not have CORS support built into them. CORS is supported by most modern web browsers

跨源资源共享是浏览器技术规范，它定义了在同源策略下来源于不同域的沙箱脚本提供web服务的接口方式。跨源资源共享是JSONP模型的现代替代方式。对于JSONP支持GET方法，跨源资源共享则支持各种其它类型的请求。使用跨源资源共享技术让web开发者使用XMLHttpRequest，它比JSONP有更好的错误处理方式。另一方面讲，JSONP可以工作在那些不支持跨源资源共享的旧浏览器。跨源资源共享被支持大多数现代浏览器支持。

2.2 当前支持跨源资源共享的浏览器有： Internet Explorer 8+, Firefox 3.5+, Safari 4+, and Chrome 。 参考：http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/

3. 跨源资源共享替代方案

3.1 JSONP方案，参考：http://en.wikipedia.org/wiki/JSONP#JSONP

3.2 使用Web代理，参考：http://developer.yahoo.com/javascript/howto-proxy.html

3.3 使用IFRAME，参考：http://msdn.microsoft.com/en-us/library/bb735305.aspx 和 http://blog.joycode.com/saucer/archive/2006/10/03/84572.aspx

家庭装修小记1

现代生活，一个房子的空间不再只是满足遮风挡雨，有个温暖的家的需求了，而更多的是追求舒适、安逸，希望能在家庭空间找到更多的属于自己的温馨。

我们新家马上要交房了，也要经历家庭装修这一步了，所以先收集一些家庭装修的资料供学习参考。

• 土巴兔装修大学：http://www.to8to.com/yezhu/
• CCTV2_交换空间_2009 http://www.verycd.com/topics/2731564/
• 室内设计教程装修新宝典 http://www.jiazhuangpeixun.com/nl06.html

SSL证书操作相关的命令

生成证书：keytool -genkey -keyalg RSA -alias tomcat_sso -dname "cn=fy" -storepass changeit
导出证书：keytool -export -alias tomcat_sso -file "%JAVA_HOME%/jre/lib/security/tomcat_sso.crt" -storepass changeit
导入证书：keytool -import -alias tomcat_sso -file "%JAVA_HOME%/jre/lib/security/tomcat_sso.crt" -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
查看证书列表：keytool -list -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit

删除证书：keytool -delete -alias tomcat_sso -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
删除证书：keytool -delete -alias tomcat_sso -storepass changeit

VS2003 试图运行项目时出错，无法启动调试。没有正确安装调试器。请运行安装程序安装或修复调试器。

1、在命令行中尝试重新注册mscordbi.dll(regsvr32 mscordbi.dll)文件，该文件位于（C:\WINNT\Microsoft.NET\Framework\v1.1.4322请找到你本机的这个对应的目录）。
2、在命令行中尝试重新注册oleaut32.dll（regsvr32 oleaut32.dll）
3、运行C:\Program Files\Common Files\Microsoft Shared\VS7Debug下面的mdm.exe /regserver

以上运行的命令都是在visual studio .net 命令提示符中输入，并且要进入到上面所说的目录执行才有效。

大部分问题都是因为，mdm被损坏了导致的，重新运行最后一条命令就行了。

SpringFramework代码学习 [待续]

1. 解析文本中${…} 占位符，替换它们用对应的属性值。

package org.springframework.util;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
* Helper class for resolving placeholders in texts. Usually applied to file paths.
*
* <p>A text may contain <code>${…}</code> placeholders, to be resolved as
* system properties: e.g. <code>${user.dir}</code>.
*
* @author Juergen Hoeller
* @since 1.2.5
* @see #PLACEHOLDER_PREFIX
* @see #PLACEHOLDER_SUFFIX
* @see System#getProperty(String)
*/
public abstract class SystemPropertyUtils {

    /** Prefix for system property placeholders: "${" */
    public static final String PLACEHOLDER_PREFIX = "${";

    /** Suffix for system property placeholders: "}" */
    public static final String PLACEHOLDER_SUFFIX = "}";

    private static final Log logger = LogFactory.getLog(SystemPropertyUtils.class);

    /**
     * Resolve ${…} placeholders in the given text,
     * replacing them with corresponding system property values.
     * @param text the String to resolve
     * @return the resolved String
     * @see #PLACEHOLDER_PREFIX
     * @see #PLACEHOLDER_SUFFIX
     */
    public static String resolvePlaceholders(String text) {
        StringBuffer buf = new StringBuffer(text);

        // The following code does not use JDK 1.4′s StringBuffer.indexOf(String)
        // method to retain JDK 1.3 compatibility. The slight loss in performance
        // is not really relevant, as this code will typically just run on startup.

        int startIndex = text.indexOf(PLACEHOLDER_PREFIX);
        while (startIndex != -1) {
            int endIndex = buf.toString().indexOf(PLACEHOLDER_SUFFIX, startIndex + PLACEHOLDER_PREFIX.length());
            if (endIndex != -1) {
                String placeholder = buf.substring(startIndex + PLACEHOLDER_PREFIX.length(), endIndex);
                int nextIndex = endIndex + PLACEHOLDER_SUFFIX.length();
                try {
                    String propVal = System.getProperty(placeholder);
                    if (propVal == null) {
                        // Fall back to searching the system environment.
                        propVal = System.getenv(placeholder);
                    }
                    if (propVal != null) {
                        buf.replace(startIndex, endIndex + PLACEHOLDER_SUFFIX.length(), propVal);
                        nextIndex = startIndex + propVal.length();
                    }
                    else {
                        if (logger.isWarnEnabled()) {
                            logger.warn("Could not resolve placeholder ‘" + placeholder + "’ in [" + text +
                                    "] as system property: neither system property nor environment variable found");
                        }
                    }
                }
                catch (Throwable ex) {
                    if (logger.isWarnEnabled()) {
                        logger.warn("Could not resolve placeholder ‘" + placeholder + "’ in [" + text +
                                "] as system property: " + ex);
                    }
                }
                startIndex = buf.toString().indexOf(PLACEHOLDER_PREFIX, nextIndex);
            }
            else {
                startIndex = -1;
            }
        }

        return buf.toString();
    }

}

2. 使用JSP 2.0 ExpressionEvaluator 或者Jakarta’s JSTL实现的ExpressionEvaluatorManager

package org.springframework.web.util;

import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.el.ELException;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.taglibs.standard.lang.support.ExpressionEvaluatorManager;

/**
* Convenience methods for easy access to the JSP 2.0 ExpressionEvaluator or
* the ExpressionEvaluatorManager of Jakarta’s JSTL implementation.
*
* <p>Automatically detects JSP 2.0 or Jakarta JSTL; falls back to throwing
* an exception on actual EL expressions if none of the two is available.
*
* <p>The evaluation methods check if the value contains "${"
* before invoking the EL evaluator, treating the value as "normal"
* expression (that is, a conventional String) else.
*
* <p>Note: The evaluation methods do not have a runtime dependency on
* JSP 2.0 or on Jakarta’s JSTL implementation, as long as they don’t
* receive actual EL expressions.
*
* @author Juergen Hoeller
* @author Alef Arendsen
* @since 11.07.2003
* @see javax.servlet.jsp.el.ExpressionEvaluator
* @see org.apache.taglibs.standard.lang.support.ExpressionEvaluatorManager
*/
public abstract class ExpressionEvaluationUtils {

    private static final String JSP_20_CLASS_NAME =
            "javax.servlet.jsp.el.ExpressionEvaluator";

    private static final String JAKARTA_JSTL_CLASS_NAME =
            "org.apache.taglibs.standard.lang.support.ExpressionEvaluatorManager";

    private static final Log logger = LogFactory.getLog(ExpressionEvaluationUtils.class);

    private static ExpressionEvaluationHelper helper;

    static {
        try {
            Class.forName(JSP_20_CLASS_NAME);
            // JSP 2.0 available
            helper = new Jsp20ExpressionEvaluationHelper();
            logger.info("Using JSP 2.0 ExpressionEvaluator");
        }
        catch (ClassNotFoundException ex) {
            // JSP 2.0 not available -> try Jakarta JSTL
            try {
                Class.forName(JAKARTA_JSTL_CLASS_NAME);
                // JSP 2.0 available
                helper = new JakartaExpressionEvaluationHelper();
                logger.info("Using Jakarta JSTL ExpressionEvaluatorManager");
            }
            catch (ClassNotFoundException ex2) {
                // neither JSP 2.0 nor Jakarta JSTL available -> no EL support
                helper = new NoExpressionEvaluationHelper();
                logger.info("JSP expression evaluation not available");
            }
        }
    }

    /**
     * Check if the given expression value is an EL expression.
     * @param value the expression to check
     * @return <code>true</code> if the expression is an EL expression,
     * <code>false</code> otherwise
     */
    public static boolean isExpressionLanguage(String value) {
        return (value != null && value.indexOf("${") != -1);
    }

    /**
     * Evaluate the given expression to an Object, be it EL or a conventional String.
     * @param attrName name of the attribute (typically a JSP tag attribute)
     * @param attrValue value of the attribute
     * @param resultClass class that the result should have (String, Integer, Boolean)
     * @param pageContext current JSP PageContext
     * @return the result of the evaluation
     * @throws JspException in case of parsing errors
     */
    public static Object evaluate(String attrName, String attrValue, Class resultClass, PageContext pageContext)
        throws JspException {
        if (isExpressionLanguage(attrValue)) {
            return helper.evaluate(attrName, attrValue, resultClass, pageContext);
        }
        else {
            return attrValue;
        }
    }

    /**
     * Evaluate the given expression to a String, be it EL or a conventional String.
     * @param attrName name of the attribute (typically a JSP tag attribute)
     * @param attrValue value of the attribute
     * @param pageContext current JSP PageContext
     * @return the result of the evaluation
     * @throws JspException in case of parsing errors
     */
    public static String evaluateString(String attrName, String attrValue, PageContext pageContext)
        throws JspException {
        if (isExpressionLanguage(attrValue)) {
            return (String) helper.evaluate(attrName, attrValue, String.class, pageContext);
        }
        else {
            return attrValue;
        }
    }

    /**
     * Evaluate the given expression to an integer, be it EL or a conventional String.
     * @param attrName name of the attribute (typically a JSP tag attribute)
     * @param attrValue value of the attribute
     * @param pageContext current JSP PageContext
     * @return the result of the evaluation
     * @throws JspException in case of parsing errors
     */
    public static int evaluateInteger(String attrName, String attrValue, PageContext pageContext)
        throws JspException {
        if (isExpressionLanguage(attrValue)) {
            return ((Integer) helper.evaluate(attrName, attrValue, Integer.class, pageContext)).intValue();
        }
        else {
            return Integer.parseInt(attrValue);
        }
    }

    /**
     * Evaluate the given expression to a boolean, be it EL or a conventional String.
     * @param attrName name of the attribute (typically a JSP tag attribute)
     * @param attrValue value of the attribute
     * @param pageContext current JSP PageContext
     * @return the result of the evaluation
     * @throws JspException in case of parsing errors
     */
    public static boolean evaluateBoolean(String attrName, String attrValue, PageContext pageContext)
        throws JspException {
        if (isExpressionLanguage(attrValue)) {
            return ((Boolean) helper.evaluate(attrName, attrValue, Boolean.class, pageContext)).booleanValue();
        }
        else {
            return Boolean.valueOf(attrValue).booleanValue();
        }
    }

    /**
     * Internal interface for evaluating a JSP EL expression.
     */
    private static interface ExpressionEvaluationHelper {

        public Object evaluate(String attrName, String attrValue, Class resultClass, PageContext pageContext)
                throws JspException;
    }

    /**
     * Actual invocation of the JSP 2.0 ExpressionEvaluator.
     * In separate inner class to avoid runtime dependency on JSP 2.0,
     * for evaluation of non-EL expressions.
     */
    private static class Jsp20ExpressionEvaluationHelper implements ExpressionEvaluationHelper {

        public Object evaluate(String attrName, String attrValue, Class resultClass, PageContext pageContext)
            throws JspException {
            try {
                return pageContext.getExpressionEvaluator().evaluate(
                        attrValue, resultClass, pageContext.getVariableResolver(), null);
            }
            catch (ELException ex) {
                throw new JspException("Parsing of JSP EL expression \"" + attrValue + "\" failed", ex);
            }
        }
    }

    /**
     * Actual invocation of the Jakarta ExpressionEvaluatorManager.
     * In separate inner class to avoid runtime dependency on Jakarta’s
     * JSTL implementation, for evaluation of non-EL expressions.
     */
    private static class JakartaExpressionEvaluationHelper implements ExpressionEvaluationHelper {

        public Object evaluate(String attrName, String attrValue, Class resultClass, PageContext pageContext)
            throws JspException {
            return ExpressionEvaluatorManager.evaluate(attrName, attrValue, resultClass, pageContext);
        }
    }

    /**
     * Fallback ExpressionEvaluationHelper:
     * always throws an exception in case of an actual EL expression.
     */
    private static class NoExpressionEvaluationHelper implements ExpressionEvaluationHelper {

        public Object evaluate(String attrName, String attrValue, Class resultClass, PageContext pageContext)
                throws JspException {
            throw new JspException(
                    "Neither JSP 2.0 nor Jakarta JSTL available – cannot parse JSP EL expression \"" + attrValue + "\"");
        }
    }

}

MySQL的使用 [待续]

一、存储引擎和表类型

MySQL存储引擎包括处理事务安全表的引擎和处理非事务安全表的引擎：

1. MyISAM管理非事务表。它提供高速存储和检索，以及全文搜索能力。MyISAM在所有MySQL配置里被支持，它是默认的存储引擎，除非你配置MySQL默认使用另外一个引擎。
2. InnoDB和BDB存储引擎提供事务安全表。BDB被包含在为支持它的操作系统发布的MySQL-Max二进制分发版里。InnoDB也默认被包括在所有MySQL 5.1二进制分发版里，你可以按照喜好通过配置MySQL来允许或禁止任一引擎。

InnoDB给MySQL提供了具有提交，回滚和崩溃恢复能力的事务安全（ACID兼容）存储引擎。InnoDB锁定在行级并且也在SELECT语句提供一个Oracle风格一致的非锁定读。这些特色增加了多用户部署和性能。没有在InnoDB中扩大锁定的需要，因为在InnoDB中行级锁定适合非常小的空间。InnoDB也支持FOREIGN KEY强制。在SQL查询中，你可以自由地将InnoDB类型的表与其它MySQL的表的类型混合起来，甚至在同一个查询中也可以混合。

InnoDB是为处理巨大数据量时的最大性能设计。它的CPU效率可能是任何其它基于磁盘的关系数据库引擎所不能匹敌的。

InnoDB存储引擎被完全与MySQL服务器整合，InnoDB存储引擎为在主内存中缓存数据和索引而维持它自己的缓冲池。InnoDB存储它的表＆索引在一个表空间中，表空间可以包含数个文件（或原始磁盘分区）。这与MyISAM表不同，比如在MyISAM表中每个表被存在分离的文件中。InnoDB 表可以是任何尺寸，即使在文件尺寸被限制为2GB的操作系统上。

InnoDB默认地被包含在MySQL二进制分发中。Windows Essentials installer使InnoDB成为Windows上MySQL的默认表。

Log4J代码的学习 [待续]

1.每间隔一段时间检查某一文件是否改变。如果改变则调用doOnChange方法。

package org.apache.log4j.helpers;

import java.io.File;
import org.apache.log4j.helpers.LogLog;

/**
   Check every now and then that a certain file has not changed. If it
   has, then call the {@link #doOnChange} method.

   @author Ceki G&uuml;lc&uuml;
   @since version 0.9.1 */
public abstract class FileWatchdog extends Thread {

  /**
     The default delay between every file modification check, set to 60
     seconds.  */
  static final public long DEFAULT_DELAY = 60000;
  /**
     The name of the file to observe  for changes.
   */
  protected String filename;
  /**
     The delay to observe between every check. By default set {@link
     #DEFAULT_DELAY}. */
  protected long delay = DEFAULT_DELAY;
  File file;
  long lastModif = 0;
  boolean warnedAlready = false;
  boolean interrupted = false;

  protected
  FileWatchdog(String filename) {
    this.filename = filename;
    file = new File(filename);
    setDaemon(true);
    checkAndConfigure();
  }

  /**
     Set the delay to observe between each check of the file changes.
   */
  public  void setDelay(long delay) {
    this.delay = delay;
  }

  abstract   protected   void doOnChange();

  protected  void checkAndConfigure() {
    boolean fileExists;
    try {
      fileExists = file.exists();
    } catch(SecurityException  e) {
      LogLog.warn("Was not allowed to read check file existance, file:["+filename+"].");
      interrupted = true; // there is no point in continuing
      return;
    }

    if(fileExists) {
      long l = file.lastModified(); // this can also throw a SecurityException
      if(l > lastModif) {           // however, if we reached this point this
    lastModif = l;              // is very unlikely.
    doOnChange();
    warnedAlready = false;
      }
    } else {
      if(!warnedAlready) {
    LogLog.debug("["+filename+"] does not exist.");
    warnedAlready = true;
      }
    }
  }

  public  void run() {   
    while(!interrupted) {
      try {
        Thread.sleep(delay);
      } catch(InterruptedException e) {
    // no interruption expected
      }
      checkAndConfigure();
    }
  }
}