Skip to main content

Posts

How to secure REST services exposed with Jersey (JAX-RS) using Spring Security

This is the challenge I had to perform. I have to open services to business partners and I want to secure them. I use a Java based application with Jersey API (JAX-RS).

The first thing to consider is : what kind of solution offers the best compromise between security and the effort I'll have to provide to maintain this solution?
After some discussions with developers and experts, the conclusion is : expose your services over https and use Basic authentication (Digest authentication and certificate based authentication are too complex for partners)

So, how to implement that? I delegate "https" to my Apache http servers. But I still need to handle authentication (and authorization of course). After long hours on Google, I understood that it is possible to manage security with Jersey by many many ways. Here is a short list :

Delegate simple authentication and authorization to your container (Tomcat) or to your frontend (Apache)Delegate authentication to your container or fro…

Solution for unreadable Eclipse tooltips content under gnome with a dark theme

After some googlings, I finally found the easiest solution to fix a well known problem with Eclipse code assistant under my Linux with gnome (Mint Mate).

The problem symptom is black text written over dark gray background : simply unreadable.

To fix that, just install gnome-color-chooser, open it, go to "specifics" tab and change tooltips foreground and background colors. Restart Eclipse and enjoy!

PS : to install gnome-color-chooser

sudo apt-get install gnome-color-chooser

This tip also works on Linux Mate.


Remap 'Eject' key to 'Forward Delete' on Mac

I've been trying to program on me Macbook Air for a few weeks. The keyboard is really unacceptable on this laptop and I really prefer to use my HP with a real keyboard that my Mac. But, my HP is fat... too fat and I let it at home. So,  I need to find solution to work with this ugly keyboard.

Today,  I decided to remap the unused 'eject' key to 'forward delete'(why is there an 'eject' key on a Macbook Air???? There's no DVD player...).

To do that, you have to install and configure two free softwares :

KeyRemap4MacBook (http://pqrs.org/macosx/keyremap4macbook/index.html.en)NoEjectDelay (http://pqrs.org/macosx/keyremap4macbook/noejectdelay.html.en) Each software will need to restart the system.

How to make an antislash, a backward delete, a 'start of line' and an 'end of line' on a Mac keyboard

This a two minutes post with my precious Mac keyboard shortcuts :

antislash '\' = ALT + MAJ + /backward delete = FN + DEL or (alternate mode) CTRL + Dgo to start of line = CTRL + Ago to end of line = CTRL + E If you need other shortcuts, you have to know that Cocoa use Emacs shortcuts.
By the way, I definitely hate Mac keyboards.

My Linux Mate 14 config with compiz activated

Today, I share my Linux Mate 14.1 config.

I'm switching from Ubuntu to Mate and I'm a little bit disappointed. So, the first thing for me was to get a desktop theme similar to my Ubuntu. I found Crunchy-orange which is like Ubuntu Human dark theme. Very nice.

Then, I activated compiz. I installed Compiz and CompizConfig Settings Manager (ccsm) from the integrated software center. I opened ccsm and I needed to :

activate windows decoration and change the window decorator command to "/usr/bin/compiz-decorator" to avoid that windows borders disappeared.activate widnows move and resize because, if not, you cannot move anythingactivate compiz on startup with mateconf-editor and change /desktop/mate/session/required_components/windowmanager from 'marco' to 'compiz' Wooo... I backed to the future!!! This looks like Ubuntu 10.04 ... but with a kernel up to date  :) :) :)

An excellent solution for local dependencies with Maven projects

I found this tip on Heroku devcenter website.

https://devcenter.heroku.com/articles/local-maven-dependencies

In a few words, you add a "repo" directory to your project, deploy your artifact into this local repo and declare this repository in your pom.xml. Then, you can use your local jar as classic maven dependency.

Here is the example :

yourproject +- pom.xml +- src +- repomvn deploy:deploy-file -Durl=file:///path/to/yourproject/repo/ -Dfile=mylib-1.0.jar -DgroupId=com.example -DartifactId=mylib -Dpackaging=jar -Dversion=1.0 It's just perfect! Thanks to the Heroku member who had this excellent idea!














A solution to have environment specific Spring application context files

I found this post today : http://www.drillio.com/en/software-development/spring/context-bootstrapping-with-different-environment-configurations/

I have the following problem : I need to customize a web application. For example, on a production environment, I want my app to be automatically configured with production parameters. As this application uses Spring namespaces (grrrr), I can't use a DefaultPropertyPlaceHolderConfigurer to inject properties dynamically into config files. I really need to have Spring conf files per environment.

I made some changes to the code to make it compatible with Spring 2.5.6. Here are my classes :


https://sites.google.com/site/javacolorsfiles/SpringContextBootstrapper.java
https://sites.google.com/site/javacolorsfiles/ConfigLocationProviderImpl.java
https://sites.google.com/site/javacolorsfiles/ConfigLocationProvider.java

And an example of Spring conf behind :

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://w…

How to install Python 2.7.2 on RedHat Enterprise Linux 5.2

Want you install Python 2.7 to run a Google App Engine server on your old RHEL 5.2? I can just say that it was impossible for me from the sources. Hopefully, I find a excellent blog post which gives an alternative install script. Just download and run it. It will download and install Python 2.7.2 and its commons dependencies. The only limit I know is that you cannot Python based apps with GUIs because it's not compiled against TCL/TK.

http://rajaseelan.com/2012/01/28/installing-python-2-dot-7-2-on-centos-5-dot-2/

JRebel free alternatives

I'm a daily user of JRebel. JRebel allows you to program in Java like in PHP. It means that you don't need to restart your application to see your changes because JRebel perfoms hot code replace.

Even if it's a fantastic product, I wanted to see if I could integrate such a feature in an open source project I'm working on (tomcat-lsd). And I found these projects :

dcevm : http://ssw.jku.at/dcevmFakeReplace : https://github.com/fakereplaceApache common jci fam : http://commons.apache.org/jci/commons-jci-fam/index.htmlAgent Smith : http://java.net/projects/agentsmith Of course, JRebel is still more powerfull than these projects but I think they are two very good intiatives.

PS : after some other goolings, I found a blog dedicated to class reloading : http://classreloadingwebapp.blogspot.com/  . Many thanks to its author and his great post on jci.

How to register SSL certificates in your JVM?

You wrote a Java program which needs to access to a external ressource through SSL (such as LDAPS or HTTPS)?

Okay, this post is for you.

The first thing you have to know is that the first time you established a secured connection to something, you (normally) have to accept the certificate used to encrypt the dialog. In apps with interaction with end users (such as a web browser), the user often see a popup which asks him to trust the certificate. But, if the secured connection is establised behind the scene  (without any possibility to show a popup to somebody, such in batch process apps), the certificate must be trusted before establishing the connection.

In Java, there's a wallet which contains trusted certificate. It is located in [JAVA_HOME]/jre/lib/security/cacerts

I explain here how to extract the public key of a SSL certificate and how to register is in the cacerts file.

Step 1 : let's extract the public key from a secured connection
We will use OpenSSL for that. Just…

Inject constants in bean fields with Spring 3.0

Today, I imported some properties in my Spring config file. I wrote something like this :

<!-- define properties from a file -->
<util:properties id="securityProperties"  location="classpath:/securityProperties.properties" />

I could also wrote :

<!-- look for properties from a JNDI context -->
<jee:jndi-lookup id="securityProperties" jndi-name="props/security" />

... or even more simpler :

<!-- simply declare properties directly -->
<util:properties id="securityConstant">
    <prop key="cas.base.url">blablabla</prop>
</util:properties>

So, I needed to retrieve my cas.base.url. In my bean, I just had to do :

@Value("#{securityProperties['cas.base.url']}")
private String SSO_CAS_BASE_URL;

That's why I like Spring.

Google Groups Settings : an "how-to" solution without Google's Java API

I'm used to work with Google online services and my opinion is :
Google protocol is good (of course!) and I think that the direction which is taken to migrate to REST services is the good one.the documentation is never up-to-date and often contains wrong code samples (which sometimes doesn't compile because it contains deprecated instruction calls or string values).the Java API provides by Google is horrible. The support of Maven is still bad (it's better since of few months). It's confused between the provisioning API (GData library) and the Google Java Client API. Sometimes, you have to use the first one, sometimes the second.the authentication methods are also confused. You have to choice between ClientLogin, AuthSub, OAuth1 and OAuth2 (and OpenID?) : what's the fuck? On OAuth, you have other choice to take because the authentication workflow is different if you application is on the web or embedded. This situation could be clearer and Google should refine its au…

Yeaaah! What a cluster!

Remember to put a timeout on your heartbeat pings

I'm working a distributed piece of software which needs to be disabled when a tier is not reachable. To do that, I developed a Spring bean (a java service class) and I scheduled a method on it (with a @scheduled annotation). This method makes some heartbeat pings on each tier. The java service class contains a flag which indicates if all is OK. If an heartbeat fails, this boolean status is set to false. Of course, thanks to Spring, I easily injected this class into my web pages. If a user tries to access to the application and the health status is set to false, he is automatically redirected to a page which indicates that the service is closed. But, let's go back to pings.

I scheduled my pings to be executed each minute. That was for me a good value. But, a problem appeared during my first real tests. I realized that pings durations could be longer than one minute because the network connect() method blocked my thread. Of course, I forgot to manage short timeouts!

After a few go…

Use Spring 3 Expression Language (spEL) to get an Integer from an environment variable

Today, I played with Spring Batch. As you probably know, in a classic XML Spring config file, you can use ${my.property} to inject a system property in a bean attribute. That's quite simple.

But, in a JPA item reader (Spring Batch users should understand that), you cannot use this old syntax to inject values in your HQL query (using a parameterValues property). So, I decided to test the fabulously complicated spEL. A wonderful idea...

So, my problem is to get an Integer value from an argument passed to my JVM with something -Dmy.prop=value. Of course, if I don't have any JVM param, I want to have a default value.

Here is the solution :

#{(T(java.lang.Integer).parseInt(systemProperties['process.past.days']?:0))}

So, let's explain it :
#{(systemProperties['process.past.days'])} is required to retrieve a system property called process.past.days#{(systemProperties['process.past.days']?:0)} is required if you want to set 0 as default value... but... it's …

Colorify your Eclipse

Yesterday, while I was watching a video about the Play! framework, I realized that I was contemplating TextMate's colors. So, after some googlings, I discovered a "color plugin" which changes the text theme (it doesn't concern the overall look and feel but just the text apparence here). It is so nice so I put here the update-site url :
http://eclipse-color-theme.github.com/update

Spring saved my day on an UTF-8 encoding problem

I'm working on Jasig CAS (an SSO server) and I had an issue with special chars. For example, it was impossible to log in with a password like &é"'(-.
I checked my jsp file :it was encoded in UTF-8I checked the encoding directive (<%@ page contentType="text/html; charset=UTF-8" %>) : OKThe idea was to force the request encoding with something like :

request.setCharacterEncoding("UTF-8");

But I was in Spring MVC and I didn't want an ugly hack. Fortunately, Spring saved my day with a builtin servlet filter to declare in the web.xml.

<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<par…