Wednesday, 16 April 2014

FOP External Graphics Caching

A recent issue encountered with FOP 1.0 involved the FOP processor grinding to a halt when a document contained a batch of external images hosted on a separate domain. It appeared to be fine with just two or three images but froze if greater numbers were included. The issue appeared to be centred around a prefetch utility in the image loader. This was attempting to fetch all the images in the document prior to processing and it appeared to be overloading the Apache Server with the request.

This was further substantiated when removing the images and then processing with just a couple, then reprocessing with the next few inserted. This worked because the initial ones had already been cached. However, such a routine is certainly not an efficient work-around.

The resolution was to disable the FOP image caching using a system property, which was added to the JAVAOPTS environment variable. This is easily done by modifying the FOP batch script that is part of the FOP download, adding the property to the appropriate line:

set JAVAOPTS=-Denv.windir=%WINDIR% -Xmx2048m

The result of this fix is that the processor only fetches the images when needed as seperate requests rather than as a bulk load in one request. The result worked perfectly. No more hanging, and even documents with 100's of images were being processed within a minute.

More information can be found at

Wednesday, 9 April 2014

Determine openssl version in apache

With the Heartbleed bug vulnerability around there is a need to determine the version on openssl used on apache systems

The status of the versions of Openssl affected are:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

How to determine the version of openssl that is being run in the apache installation on windows.

Open the command line and navigate to the apache/bin directory and use the following line

openssl version -a

To check openssl vulnerabilities in apache based sites use the online tool at:

ipconfig switches

The following switches can be used with the ipconfig command line utility:

/allProduces a detailed configuration report for all interfaces.
/flushdnsRemoves all entries from the DNS name cache.
/registerdnsRefreshes all DHCP leases and reregisters DNS names
/displaydnsDisplays the contents of the DNS resolver cache.
/release < adapter >Releases the IP address for a specified interface.
/renew < adapter >Renews the IP address for a specified interface.
/showclassid < adapter >Displays all the DHCP class IDs allowed for the adapter specified.
/setclassid < adapter > < classID to set >Changes the DHCP class ID for the adapter specified.
/?Displays this list.

Thursday, 3 April 2014

XSLT: processing instructions

A recent requirement entailed the round-tripping of elements to processing instructions and then back again to their original elements using a second transformation. This presented a few challanges.

The elements concerned were off the form

bar="abcd/efgh/jklm">content that records "some message"</err:Warning>

The first part of the round trip, is to take the elements that were all in a single namespace, and recast them as PI's. The attributes are taken through as name-value pairs and the content is taken through as a name value pair of the form content={content}.

<xsl:template match="err:*">
       <xsl:processing-instruction name="err-{local-name()}">
       <xsl:for-each select="@*">
   <xsl:value-of select="name()"/>
   <xsl:value-of select="."/>
   <xsl:text>" </xsl:text>
    <xsl:value-of select='.'/>

Running this transformation in Saxon gives the end result of:

<?err-Warning foo="1234567" bar="abcd/efgh/jklm" content="content that records "some message""?>

It must be remembered that PIs do not have attributes, although the result looks to all intents and purposes as an attribute, they are not and you cannot target a PI attribute with an xpath as it does not exists! Therefore, it is a little more of a challange to get this back to their original attributes. In XSLT 2 we can use regular expresions to recreate the attributes.

Firstly, filter out the content={value} name value pair, then use the remaining string as the source for an analyze-string and a regualr expression of ([\c]+)="(.*?") where the second group targets the end quote of the name-value pair. This end quote then needs removing with the translate() or replace() function

<xsl:template match="processing-instruction()[starts-with(name(),'err-')]">
 <xsl:variable name="PI" select="substring-before(.,'content=')" />
 <xsl:variable name="PIname" select="substring-after(name(), 'err-')"/>
 <xsl:variable name="content" select="substring-after(., 'content="')"/>
 <xsl:element name="err:{$PIname}">
  <xsl:analyze-string select="$PI" regex='([\c]+)="(.*?")'>
    <xsl:attribute name="{regex-group(1)}">
     <xsl:value-of select='translate(regex-group(2),"""", "")'/>
  <!-- remove the last double quote from the content  -->
  <xsl:value-of select='replace($content,"""$", "")' />

Running this transformation in Saxon returns us back to the original element:

<?err-Warning foo="1234567" bar="abcd/efgh/jklm" content="content that records "some message""?>