XPages Debug Toolbar – now as a plugin

In preparation for the session with Phil Riand on Bootstrap4XPages last week at IBM Connect (slides) I’ve been doing quite some work on the Bootstrap4XPages plugin. That got me pretty good up to speed with the subject of OSGi plugin development, so I decided to take another shot at a thing that had been on my todo list for way too long: create a plugin version of my XPages Debug Toolbar.

So I watched the NotesIn9 episode by Tim Tripcony on creating a global custom control again, applied what he described to the toolbar custom control and, to my surprise, it worked! As of last week the XPages Debug Toolbar version 4 can be downloaded from OpenNTF and installed server wide. That means easy access to it from all your applications and no need anymore to more copying all those design elements manually.
This is the Debug Toolbar v4
It turned out that the plugin version also solves one of the biggest annoyances of the toolbar: because of the XPages classloader architecture, you needed to “Clean” your applications way too often to deal with ClassCastExceptions (DebugToolbar incompatible with DebugToolbar).

Included also in release 4:

  • The number of toolbar messages and errors are now also shown when the toolbar is collapsed.
  • Easy access to global objects from the Inspector tab (view, database, facesContext, …).
  • Couple of minor UI changes. Or, more popular phrased, “Optimised for Retina screens!”.
  • Scope variables that use a number as a key (yes, that is allowed) are now correctly shown.
  • Built-in XPages Request Processing Lifecycle explorer (written by Tony McGuckin)
  • You can now dump a list of all design note signers.
  • Because it’s now a plugin, you can also log messages from the beforePageLoad event.
  • And as always: “various performance and scalability enhancements”. No, really.

I need to shout a big “THANK YOU” here to Christian Guedemann from Webgate Consulting. He helped me to optimise the code and refactored a huge chunk of SSJS code to Java. Great job and thanks!

Unfortunately this release has an issue that will be apparent the minute you install it: it shows up twice in the Designer controls palette. At IBM Connect last week we tried to solve that with some IBM help (thanks Tony McGuckin!),Look, it's a bug! but it looks like this is an issue in the Designer code that will hopefully be solved in a future version (that’s a hint if anyone from the Designer developer team reads this :-). Apart from the double palette entry, I’ve seen no other drawbacks.

Distributing components like this through an OSGi plugin is definitely the way forward and comes with a lot of advantages, so I would highly encourage you to install this version! If you want to try it out first, check out the demo.

Improve your Domino SSL configuration, make your server more secure

Recently, Stephen Wissel tweeted a link to the Qualys SSL Labs SSL Server Test. That site allows you to enter the URL of an (internet facing) server that has SSL enabled and can then perform a deep analysis of the SSL configuration of that server. You may or may not know that Secure Sockets Layer comes in different flavours: v2, v3, TLS (Transport Layer Security; SSL’s successor), and more. Also, an SSL configuration can support various Cipher Suites (some of which are less secure than other) or can be vulnerable for things like the BEAST attack. So it’s not like SSL is on or off: there’s a bit more nuance to that.

Most people reading this will probably now run off to the SSL Server Test and enter the URL to their IBM Domino server. So did I the first time I read about it. Go ahead, I’ll wait…

I guess you were expecting a straight A-grade, but were suprised (or shocked) you didn’t. My first score (on a vanilla Domino server) was an F. That shocked me, so I did a bit of research. I found out that just like in school you don’t get an A for free.

So what can you do to get a better score on a Domino server? Here are two of my personal recommendations:

Disable insecure negotiation

Described here and here this allows for a man-in-the-middle attack and is enabled by default in Domino. Easy fix: add SSL_DISABLE_RENEGOTIATE=1 to your notes.ini.

Disable older, less secury ciphers

Recent browsers support more secure ciphers (AES), but Domino by default still allows older, weaker ciphers (DES, RC4). You can configure what ciphers Domino should support:

  • Open your names.nsf and open the server or internet site document for your server/ site.
  • Go to the Security tab and click Edit
  • In the SSL security section click the Modify button in the SSL ciphers field
  • Disable the SSL ciphers you don’t want to allow anymore. The only two I have enabled are: RC4 encryption with 128-bit key and SHA-1 MAC AES encryption with 256-bit key. There is some debate on if you should enable RC4. I have enabled it, but leave the choice up to you.

Restart your server and run the SSL test again. That looks a lot better, doesn’t it? Now you can go to bed feeling a bit safer.

Disclaimer: I’m no security expert, but after performing some research I think you’re safer with these easy changes (and so do the Qualys SSL Labs). Please correct me if I’m wrong. Of course I won’t take any responsibility for any of these recommendations.

Import Excel files and calculations with POI 4 XPages

Adding an export to Excel used to be a pain in the old days. But now, with XPages and the highly recommended POI4XPages library*, that has gotten really easy and is a feature I can just throw in to any project. And yes I know: spreadsheets… But fact is that a lot of the people I work with are still very much Excel oriented: so why not service them?

I had a requirement the past week to add some calculations on a generated Excel file: creating totals and hiding cells based on others. I thought that was dead easy: add some formulas to the template and done. Exported some data and… nothing. The formulas were there in the spreadsheet, but it didn’t recalculate them based on the data. Sure, I could recalculate it manually after the sheet is opened, but that’s just annoying. Changing the calucation settings in Excel also didn’t fix that.

So I decided to look at the POI API docs and found a method called setForceFormulaRecalculation. That looked like it would do what I needed. As of version 1.1. POI4Xpages comes with a binding called postGenerationProcess: a very powerful feature that gives you access to the generated workbook object, right before it is send to the browser. Only thing I needed to do was to add this snippet to that binding and the formulas were calculated:


Import Excel files

Besides creating them, Apache POI is able to read Excel files too. Since POI4XPages is build on top of Apache POI, I was wondering if I’m able to read Excel files in XPages too, with only having the POI4XPages library installed on my Domino server. I only have a requirement for the Office Open XML format (.xslx) that’s supported since Excel 2007.

And guess what: it worked right out of the box. Only thing you need is piece of Java code:

File excel = new File ("C:/spreadsheet.xlsx");
fis = new FileInputStream(excel);</code>

XSSFWorkbook wb = new XSSFWorkbook(fis);
XSSFSheet ws = wb.getSheetAt(0);

int rowNum = ws.getLastRowNum() + 1;
int colNum = ws.getRow(0).getLastCellNum();
String [][] data = new String [rowNum] [colNum];

for (int i = 0; i &lt;rowNum; i++) {
  XSSFRow row = ws.getRow(i);
  for (int j = 0; j &lt; colNum; j++) {
    XSSFCell cell = row.getCell(j);
    String value = cell.toString();
    data[i][j] = value;
    System.out.println("Value of cell in row " + 
      i + ", col " + j + ": " + value);


Here’s what this code is doing:

I’m creating a FileInputStream based on a file on my file system. Of course I can also use a document attachment for that using the getInputStream() method of the EmbeddedObject class. With that FileInputStream I create a new POI XSSFWorkbook and then retrieve the first worksheet. The XSSFWorkbook also has a method to retrieve a worksheet by name. I then get the number of rows and columns and loop through them.

* POI4XPages is part of the OpenNTF Essentials. Check it out if you haven’t!

New demo on Bootstrap4XPages: Reusable fields with validation

form_validationI just released a new demo on Bootstrap4XPages.com. This one is about reusable fields and form validation: I show you how you can create a custom control with a dynamic field binding that you can (re)use to create Bootstrap styled fields. Although I’ve written the article for use with Bootstrap, the same method can also be used with any other framework.

Next on my todo list: upgrade the site to use Bootstrap 3.

New demos on Bootstrap4XPages: Select2 and Alerts

In case you haven’t seen them yet: I’ve added two new articles/ demos on Bootstrap4XPages.

The Alerts article shows how you can use the XPages built-in FacesMessages functionality to show Bootstrap-styled alerts to users. It also allows you to add the message on one page, navigate the user to another and show the message on that page using the multi-page messages PhaseListener described here.

The Select2 article shows you how to integrate the excellent Select2 plugin into your XPages. Select2 can be described as a combobox-on-steroids/ value picker that allows you to search in all options, work with remote data (using Ajax requests), do multiple selects and format the results using HTML.

Happy Bootstrapping!

(oh and I’m working on a couple of more articles, so stay tuned…)