2017年8月

JVM - jdb

jdb 是 Hotspot JDK 里面的一个命令行debug 实用工具。
实用 Java Debug Interface (JDI) 连接目标JVM。

JVM - VisualVM

Th Java VisualVM automatically detects and connects to the Java Management Extensions (JMX) agents for Java applications that are running on JDK or that have been started with the correct system properties. For the tool to detect and connect to the agents on a remote machine, the jstatd daemon must be running on the remote machine, see The jstatd Daemon. If Java VisualVM cannot automatically discover and connect to JMX agents that are running in a target application, then the tool provides a means for you to explicitly create these connections.
官方文档 在这里
you can:

  1. View a list of local and remote Java applications.
  2. View application configuration and runtime environment. For each
    application, the tool shows basic runtime information: PID, host,
    main class, arguments passed to the process, JVM version, JDK home,
    JVM flags, JVM arguments, and system properties.
  3. Enable and disable the creation of a heap dump when a specified
    application encounters an OutOfMemoryError exception.
  4. Monitor application memory consumption, running threads, and loaded
    classes.
  5. Trigger a garbage collection immediately.
  6. Create a heap dump immediately. You can then view the heap dump in
    several views: summary, by class, by instance. You can also save the
    heap dump to your local file system.
  7. Profile application performance or analyze memory allocation (for
    local applications only). You can also save the profiling data.
  8. Create a thread dump (stack trace of the application's active
    threads) immediately. You can then view the thread dump.
  9. Analyze core dumps (with Oracle Solaris and Linux operating
    systems).
  10. Analyze applications offline, by taking application snapshots.

JVM - JConsole

JConsole 也是 HotSpot JDK 里面一个非常有用的工具,完全使用JMX MBean 来搜集性能和CPU,内存,网络等使用状态。 除了动态搜集监控JVM, 它还可以动态改变JVM的某些参数。

若远程连接,远程机器的端口由JMX的 Agent启动设置的。

官方文档: https://docs.oracle.com/javase/8/docs/technotes/guides/troubleshoot/tooldescr009.html
how to use JConsole
Monitoring and Management for the Java Platform
JConsole
JConsole FAQ

HSTS (HTTP Strict-Transport-Security) 笔记

HSTS 是 HTTP Strict-Transport-Security 的缩写,是浏览器的一个功能. 它告诉浏览器对于某些站点只能用 HTTPS 访问, 不能用 http.

使用 301 的危险: 每次都使用 301 重定向,hacker 还是在跳转之时有机会去截获信息或伪造某些页面的。

它通过服务器返回的 response 的 header 中的 Strict-Transport-Security 这一项来设置.
语法: Strict-Transport-Security: max-age=; includeSubDomains; preload.

当用户当前访问的是 HTTPS 站点,并且证书是合法有效的, 如果 response header 中包含 Strict-Transport-Security 做个 header, 那么浏览器就会知道: 这个站点在某个时间点之前都要使用 https 访问,如果用户输入 http 的协议, 自动转换为 https. 如果没到期, 后续的浏览又带来这个 header 会自动更新终止时间. 如果到期, 这个规则自动失效.

如果用户当前访问的是 http 站点, 并且这个站点之前还没有使用 HSTS, 那么浏览器会忽略这个 header, 因为没有使用 https, 这个回话可能会被拦截篡改.

当站点使用了 HSTS, 客户agent 会在过期日之前一直使用 https

参见: Strict-Transport-Security wiki

JVM HPROF 笔记

HPROF 是一个 DDL 格式的工具, 用来做 JVM heap 和 CPU profiling 的,在每个 JDK 里面都有. 它把 profiling 信息要么写到文件, 要么以二进制或 ASCII 码格式写到 socket. 这些 profiling 工具可以被其它工具使用.

HPROF is a tool for heap and CPU profiling shipped with every JDK release. It is a dynamic-link library (DLL) that interfaces with the Java Virtual Machine (JVM) using the Java Virtual Machine Tool Interface (JVM TI). The tool writes profiling information either to a file or to a socket in ASCII or binary format. This information can be further processed by a profiler front end tool.

The HPROF tool is capable of presenting CPU usage, heap allocation statistics, and monitor contention profiles. In addition, it can report complete heap dumps and states of all the monitors and threads in the JVM. In terms of diagnosing problems, HPROF is useful when analyzing performance, lock contention, memory leaks, and other issues.

源代码在: $JAVA_HOME/demo/jvmti/hprof 目录
常用命令:

  1. java -agentlib:hprof=help
  2. java -agentlib:hprof ToBeProfiledClass
  3. java -agentlib:hprof=heap=sites ToBeProfiledClass
  4. java -agentlib:hprof=cpu=samples,interval=20,depth=3 classname
  5. java -agentlib:hprof=heap=sites classname

Option Name and Value Description Default


heap=dump|sites|all heap profiling all
cpu=samples|times|old CPU usage off
monitor=y|n monitor contention n
format=a|b text(txt) or binary output a
file= write data to file java.hprof[{.txt}]
net=: send data over a socket off
depth= stack trace depth 4
interval= sample interval in ms 10
cutoff= output cutoff point 0.0001
lineno=y|n line number in traces? y
thread=y|n thread in traces? n
doe=y|n dump on exit? y
msa=y|n Solaris micro state accounting n
force=y|n force output to y
verbose=y|n print messages about dumps y