Configuring the MyEclipse DB Browser to View the Liferay Portal Database

Assumption: Liferay 5.1.2 on tomcat using default HSQLDB, which comes pre-configured with the download


  • Switch to the MyEclipse Database Explorer perspective
  • In the DB Browser window, right click, and choose New…


  • Fill in the fields with the values shown below:


  • Notes:
  • You can use any name you want for the Driver name.
  • The screenshot assumes the liferay/tomcat bundle is installed at /servers. Change your url to the correct location for your server. Later versions of liferay have the db in a different directory, so if you’re not on 5.1.2, you also may have to change from the bin directory to your db directory (see the connection information in root.xml if you’re not sure where it is).
  • The password is blank.
  • Finally, click Finish, and you can browse your database.


  • BUT… if you see the message below (“Error while performing database login with the Liferay HSQLDB driver: The database is already in use by another process:”), it’s probably because Liferay has locked the file. In that case, you’ll need to stop Liferay to open the database.


Related information:

And if you’d rather use the built in hsql DatabaseManager, you can, with this:

java -cp <path of hsqldb.jar> org.hsqldb.util.DatabaseManager

Posted in Database, Eclipse, Java Development | Leave a comment

Liferay 5.1.2 Web Services with a .Net Consumer

This is a simple step-by-step list of how to access the Liferay UserService from a C#.Net client, using Visual Studio 2010 to generate the proxy classes. I’m including this here because I ran into a number of issues while doing this myself, and want to record it for future reference.



  • Configure Liferay to allow connections from your client. Do this in (webapps\ROOT\WEB-INF\classes). The highlighted IP Address below is the IP address of the machine I was running from. You may only need

##  Web Services

  • In Visual Studio (VS) create the project as a console application.



  • The create project wizard will have created a file named Program.cs. To that, add the lines of code highlighted below, and run in the debugger:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using LifeRayWebServicesExample.LiferayUserService;

namespace LifeRayWebServicesExample
    class Program
        static void Main(string[] args)
            var client = new UserServiceSoapClient();
            var user = client.getUserByScreenName(1, “joebloggs”);

  • You should get an InvalidOperationException with the message, “RPC Message updateUserRequest1 in operation updateUser1 has an invalid body name updateUser. It must be updateUser1”. This is a problem in the proxy classes that were generated. We’ll need to edit these to get past the problem.


  • Right click on the method getUserByScreenName and choose Go To Definition. This will open the file we want, Reference.cs (LifeRayWebServicesExample\Service References\LiferayUserService\Reference.cs).


  • Look for a piece of code that looks like the code below, and change “updateUser” to “updateUser1”. Run in the debugger again.

[System.ServiceModel.MessageContractAttribute(WrapperName=”updateUser“, WrapperNamespace=””, IsWrapped=true)]
public partial class updateUserRequest1 {

  • You should get another InvalidOperationException with the message, “RPC Message updateUserResponse1 in operation updateUser1 has an invalid body name updateUserResponse. It must be updateUser1Response”. We need to make more edits in Reference.cs. On the partial class updateUserResponse1, change the WrapperName from “updateUserResponse” to “updateUser1Response”. Run in the debugger again.

[System.ServiceModel.MessageContractAttribute(WrapperName=”updateUserResponse“, WrapperNamespace=””, IsWrapped=true)]
public partial class updateUserResponse1 {

  • This time you should get a FaultException, with a message that you have a “java.rmi.RemoteException”. This means you’re getting to your Liferay instance. If you look in your tomcat/liferay logs, you might see something like the error showing below. It’s time to fix our authentication.

17:06:29,561 ERROR [UserServiceSoap:60] java.lang.NullPointerException
    at com.liferay.portal.service.permission.UserPermissionImpl.contains(

  • First we should be hitting the secure url for web services, http://localhost:8080/tunnel-web/secure/axis/Portal_UserService?wsdl. Note that this url is different than the one we used to generate the proxy classes. The easiest way to do this is to use the Replace in Files feature of VS. After making this change, run in the debugger again.


  • Next you should see a MessageSecurityException, “The HTTP request is unauthorized with client authentication scheme ‘Anonymous’. The authentication header received from the server was ‘Basic realm=\”PortalRealm\”‘.” We need to change the configuration of our web service to send authorization information. Open the app.config file. Find the section that contains the binding for the web service and replace the security node.


        <security mode=”None”>
            <transport clientCredentialType=”None” proxyCredentialType=”None”
                realm=”” />
            <message clientCredentialType=”UserName” algorithmSuite=”Default” />


<security mode=”TransportCredentialOnly”>
    <transport clientCredentialType=”Basic” />

  • That’s not all though. Go back to the program’s main method and add login credentials. Adjust the UserName (liferay userId) and Password to match an authorized user in your system:

static void Main(string[] args)
    var client = new UserServiceSoapClient();
    client.ClientCredentials.UserName.UserName = “2”;
    client.ClientCredentials.UserName.Password = “test”;
    var user = client.getUserByScreenName(1, “joebloggs”);

If you run now you should see this:


That’s it. It’s not straight forward. This took me hours to figure out, but now that I have this recorded, it won’t take so long next time.

I’ve posted the source code for this on github:

Posted in Portlets, Web Development, Web Services | 8 Comments

Vermont Hackathon aka VTHackathon

I’ve been attending a lot of free developer events over the last few years. I’ve been incredibly impressed at the generosity of speakers to give their time and of sponsors and hosts to donate space, food, swag, and even significant prizes for these events. I’m always trying to keep up with new technologies, and my interests are varied (as you could see from my blog posts or tweets); but it’s hard to find time to do this during work hours and even harder to force myself to do this during off-work hours. After all, there’s always laundry, dirty dishes, sports, and of course classic movies to watch.

Tech meetups, code camps, and hackathons are a great way to do this. Often, as developers, we’re tied into a particular technology or task at our day jobs, and there just isn’t time to try the new tools and technologies that we’re interested in. Hackathons can fill the void. In September I spent a week in Vermont, spending the first Saturday at the Vermont Code camp, and the following Friday-Saturday at the Vermont Hackathon. vthack The Hackathon was a 24 hour event using the MyWebGrocer(MWG) API any way you wanted to. And the various groups used that API in many different ways, including web sites, mobile apps, games, and even a power shell shopping utility! As the groups were presenting, there seemed to be a good number that were stepping outside of their comfort zone and working with some technology that they weren’t already comfortable with.  I think this is great.

Our team, Amazaboston, also chose to step out of our comfort zone, but not too far. Our team of 3, Joan, Bill, and I, chose to create a mobile, HTML5 application, targeted at the iPad. We used a mash up of product data from the MWG API, data from, and the unacceptable ingredients list from Whole Foods to give users a shopping list application that lets them easily choose to include or exclude products that are “healthy, green and socially responsible” (Ref.).

We used SenchaTouch as our front end framework. Although 2 in our team were experienced with ExtJS which is a sibling product to SenchaTouch, none of us had anymore than a passing experience with it (basically walking through sample code). We used .Net, WCF services, and SQL Azure for our back end. By choosing to do the mash up logic on the server, we were able to expose an Odata API that we could access directly from JavaScript via data.js. This made our client-server communication incredibly easy, greatly simplifying our JavaScript code.  Our basic architecture looked like this (we also had some Facebook integration, which is not shown):



Our app is intended to help users filter out products from their shopping lists that they don’t want to consider for various reasons, including:

  • The product contains an ingredient I can’t or don’t want to use (because of allergies, special diets, or I just never want to have that ingredient (like high fructose corn syrup))
  • The product is produced in a manner that I don’t condone. (producers are not paid enough, child labor is used, etc.)
  • The product, its production, or the company that produces it is not ‘green’.
  • The product is not organic or is genetically modified
  • etc.

As with most hackathons, we didn’t leave with a completed application, but we left with the shell of an application that did mash up data with a very crude user interface. We left with more ideas for evolving the app, and a lot of new knowledge and experience. We also made some new friends. As a bonus, we took 2nd place! (First place was a really cool XNA game using MWG product data, and 3rd was an Android app that used the camera as a scanner to allow users to add up the cost of products they were putting in their shopping carts.)

Thanks to the organizers of the first VTHackathon. They were fabulous hosts. And thanks to the sponsors, FairPoint Communications, C2 (Competitive Computing), and Primmer Piper Eggleston & Cramer PC. Without them, this event couldn’t have been what it was. Hackathons are great experience. I think every developer should try to attend at least one.

Posted in Hackathon, JavaScript, Miscellaneous, Mobile, Web Development | 2 Comments

Is JavaScript eval really evil?

You may have heard this before: “eval is evil”. But is it really? And if so, why is it?

I’ll start with a quote:

“The eval function and its relatives (Function, setTimeout, and setInterval) provide access to the JavaScript compiler. This is sometimes useful, but in most cases it indicates the presence of extremely bad coding. The eval function is the most misused feature of JavaScript.” – Doug Crockford, “JavaScript: The Good Parts”

The eval method takes a string containing JavaScript code, compiles it, and then runs it. This one sentence might be enough for you to avoid it when you don’t need it. The compiler will use system resources, such as memory and cpu that will affect your application. If you can achieve the same logic without eval, your application will run faster, so why use it?  Then again, if your application is already screaming fast, a little delay from the JavaScript compiler should be no big deal. IMHO, this does not make eval evil.

Since the eval method executes script, you have to be more careful about user supplied data that may end up in an eval statement. Suppose you have an input field whose value is saved to the database, and that value is later used in an eval call. This code injection could certainly cause all sorts of serious problems for an end user. This is evil, but the real evil is the code injection vulnerability, not eval itself. If you use techniques to prevent such code from getting into your eval statement in the first place, you shouldn’t have to avoid eval for user supplied data. IMHO, this does not make eval evil, but is a good reason to avoid it when you can.

The most practical use of eval in the recent past has been for the parsing of JSON-formatted data when retrieving data via Ajax, but native JSON support is now available in all modern browsers as of the ECMAScript Language Specification, 5th Edition in Dec. 2009. If eval() is needed for JSON parsing, then in browsers that support it, JSON.parse() should be used. This means that eval for JSON parsing is only needed for older browsers.

Browsers that support the built in JSON Object and Grammar (reference):

  • Firefox 3.5+
  • Internet Explorer 8+
  • Opera 10.5+
  • Chrome
  • Safari

So my feeling on the subject: avoid eval when what you’re trying to achieve can be done without it. You can avoid performance degradation and reduce the risk of code injection security issues, and unless you need to support an old browser like IE7, you don’t need it for JSON.

Back to the quote… I agree that eval is often misused and often in the context of bad coding (I’ve seen a lot of it), but if you know what you’re doing, then your code should be in the “sometimes useful” bucket, and that certainly is not evil.

More References:

Posted in JavaScript, Web Development | Leave a comment

Book Review / Overview: “JavaScript Web Applications” by Alex MacCaw



Wow. This book covers so much content that it could easily have been split into 2, 3, or maybe even 4 books. It is a book on building applications, not web sites (though many of the techniques would also work for web sites). And as such, there is a lot of emphasis on the engineering that goes into building such applications, from the design patterns we use, to testing, debugging, and deployment. With the power and features that newer browsers and JavaScript libraries are providing, we’re able to build richer and more full-featured web apps every day. In a lot of cases this means more JavaScript code, and the more code we have, the more important it is that we follow software engineering best practices.

I was on the fence about whether to give this book 4.5 or 5 stars. There is too heavy an emphasis on jQuery for my liking, but on the other hand, there is so much detail that I am sure that I will go back and try many of the examples and libraries referenced in the book. And, I have yet to see another book cover JavaScript applications in this way. So, just as a reference to how we can and should be building JS applications, I had to give the full 5 stars. If you’re building rich internet applications, or are planning to, I think this is a very useful read.


  1. MVC & Classes – An overview of writing object-oriented JavaScript and of the Model-View-Controller (MVC) design pattern
  2. Events & Observing – Coverage of the DOM event model and descriptions of how JS libraries provide cross-browser support and add features for custom events
  3. Models & Data – Covers how to create data models that are completely client-side. It includes using HTML5 localStorage to persist values locally and how to use Ajax to communicate model changes back to the server.
  4. Controllers & State – Packs a lot of application patterns and information into 1 chapter, including client-side MVC, a JavaScript module pattern, libraries, state machines, routing, Ajax crawling and the Google Ajax Crawling Specification, and using the HTML5 History API.
  5. Views & Templating – This chapter focuses on the ‘View’ of ‘Model View Controller’. I found the in depth description of templating and data binding particularly interesting. I use a library that has these features, but it was good  to see how you would code this from scratch using jquery libraries that are available.
  6. Dependency Management – This chapter focuses on script dependencies. It introduces CommonJS, script loaders, and server side tools to combine and minify JS. It’s a very good reference chapter.
  7. Working with Files – Introduces the HTML5 File APIs, covering file inputs, drag/dropping of files, reading files, Ajax progress events and more. – (Note to self: MUST TRY SAMPLE CODE)
  8. The Real-Time Web – Covers WebSockets and the PubSub pattern with useful references to libraries such as node.js, Socket.IO, Juggernaut, and Pusher.
  9. Testing and Debugging – Introduces some JavaScript testing frameworks including QUnit and Jasmine, some drivers for continuous integration testing including Watir and Selenium, and libraries to help with headless browser testing including Envjs and Zombie.  It also briefly goes into Firebug and Web Inspector for debugging. This could easily be broken into 2 chapters or even a whole book.
  10. Deploying – A very nice introduction to things you should do, but don’t need to do, when deploying a JavaScript application. It includes information on caching, minifying, gzipping, and doing performance testing.
  11. The Spine Library – A lightweight Js library, written by the author, that includes MVC, events, and classes. It works with jquery or other libraries. Looks interesting.
  12. The Backbone Library – A lightweight MVC library with models, controllers, and views that depends only on underscore.js. It will work with jquery.
  13. The JavascriptMVC Library – An open-source jQuery-based framework that includes support for testing, dependency management, error reporting, package management, code cleaning, custom events, jQuery extensions, and documentation.

Chapters 15 – 17 are appendices: jQuery Primer, CSS Extensions, CSS3 Reference

Posted in Book Reviews, JavaScript, Web Development | Leave a comment

Vermont Code Camp III

I attended the Vermont Code Camp this past weekend. It was my 2nd time at the VTCodeCamp, but first time as a speaker. It was a very well-organized event with a ton of swag, lots of interesting presentations, and plenty of really great people. It’s a bit of a drive for me, but Vermont in September is beautiful, and the weather is just the perfect temperature. All around it was a fantastic day.

Well, Joan Wortman and I presented our updated talk on ExtJS 4. The audience size was around 30, and there seemed to be some real interest in the technology. We had some technical difficulties at the start, but I think we recovered ok, and I’m posting the slides here, like I promised I would.

PowerPoint Slide Deck

I’m updating my post, to add thanks to the organizers and sponsors, which I neglected to do first time around. My sincere thanks go to all the volunteers and sponsors. Without your involvement, this event just couldn’t have happened. Thanks, and I hope I am able to attend next year too.

If you’re reading this and have interest in other talks at the Code Camp, most of the slides can be found on slideshare:

Posted in Ext JS, JavaScript | Leave a comment

How to get my mouse unstuck from a virtual pc

For future reference on my Dell Latitude E6410, but probably works on many other pcs: Press the right Alt key, which is the “Host Key” on this laptop. This will release the mouse from the virtual pc. Reference: Switching between virtual machines and the host operating system

Posted in Miscellaneous | Leave a comment